←back to thread

Python’s new t-strings

(davepeck.org)
620 points tambourine_man | 3 comments | 21 Apr 25 04:31 UTC | HN request time: 0s | source
Show context
runekaagaard ◴[21 Apr 25 08:32 UTC] No.43749575[source]
It feels a bit like "cheating" that new x-string features are built-in only. It would be cool to be able to do:

    from foo import bar
    bar"zoop"
replies(7): >>43749594 #>>43749601 #>>43749709 #>>43750748 #>>43751130 #>>43752217 #>>43757083 #
Timwi ◴[21 Apr 25 08:36 UTC] No.43749601[source]
True. Then you could use

  sql"..."
  html"..."
for each of the given examples and achieve some runtime type safety.
replies(1): >>43749909 #
1. jbverschoor ◴[21 Apr 25 09:26 UTC] No.43749909[source]
And you'd end up with almost no improvement.

If you pass a "t-string" to a framework, it can force escaping.

What you suggest is to rely on escaping by the user (dev), who, if he was aware, would already escape.

Unless you'd suggest that it would still return a template, but tagged with a language.

replies(2): >>43755179 #>>43810470 #
2. mcintyre1994 ◴[21 Apr 25 18:51 UTC] No.43755179[source]
FWIW the JS equivalent is a template but tagged with a language. It has all the benefits of this template, but IDEs can easily syntax highlight the string. That seems like it would be a bit trickier to do with the Python one which is a shame.
3. Timwi ◴[27 Apr 25 08:58 UTC] No.43810470[source]
No, you misunderstood that completely. They would still be like t-strings, but sql-strings are now a different type from html-strings. The escaping would be done by the library that offers the sql"..." functionality.