On Nov 20, 2005, at 6:11 PM, Simon Willison wrote:
The idea is to make developers have to go out of their way to avoid input filtering. This is certainly something that would greatly benefit the world of PHP. Developers who use Django may like to think themselves above such mistakes, but mistakes are easy to make. Functionality like this, even if limited to the as_email etc. input filters rather than filtering everything by default, would make it a lot harder to mistakenly create insecure apps.
I think this is a brilliant idea. As far as I know no other frameworks take input security quite as seriously as they should, and I'd love nothing more than to become the OpenBSD of web frameworks.
That said, I'm less that thrilled about the request.GET['foo'].as_int () syntax. Having a bunch of as_* methods seems slightly crufty to me. I *really* like having the default request.GET['foo'] return a "safe" object... but the as_* methods kinda weird me out. I'd have to play with it, but perhaps GET.__getitem__ could return a string subclass that acted "safe" unless cast to an "unsafe" object explicitly?
This is a cool idea; I'd love to see even a half-assed patch to fool around with.
Jacob
