A proposal to add String.prototype.format

Mark S. Miller erights at google.com
Tue Mar 8 22:47:21 PST 2011


[+msamuel]

I don't understand. I see that this proposal references quasis, but I don't
see how it subsumes the safety quasis provide against quoting confusions,
e.g., that lead to XSS and other injection vulnerabilities. What am I
missing?

On Wed, Mar 9, 2011 at 12:21 AM, Shanjian Li <shanjian at google.com> wrote:

> EcmaScript lacks a method to format strings in a flexible and controllable
> manner. Most EcmaScript strings are constructed by concatenating a series of
> substrings. Such practice really hurts code readability. Especially for
> localization, it is almost impossible to translate the string when it is
> split into multiple pieces. This problem has been identified long before.
> Brendan Eich proposed something in 2006 for ECMA 3 (discussion<http://wiki.ecmascript.org/doku.php?id=discussion:string_formatting>).
> Mike Samuel’s quasis<http://wiki.ecmascript.org/doku.php?id=strawman:quasis>and Douglas Crockford’s
> string_format<http://wiki.ecmascript.org/doku.php?id=strawman:string_format>each proposed a solution as well. This proposal references those proposals,
> and borrows many ideas introduced by Python (
> http://www.python.org/dev/peps/pep-3101/). This proposal also applies
> lessons learned in Localization (l10n) and Internationalization (i18n)
> practice, both in Javascript and other languages.
> http://wiki.ecmascript.org/doku.php?id=strawman:string_format_take_two
>
> Please kindly review the proposal and let me know your feedback.
>
> shanjian
>
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
>
>


-- 
    Cheers,
    --MarkM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20110309/e095afb2/attachment.html>


More information about the es-discuss mailing list