Converting strings to template strings

Andrea Giammarchi andrea.giammarchi at gmail.com
Sun Mar 22 14:27:48 UTC 2015


the snippet is extremely simplified and just works for 99.9% of cases it's
meant to be used, a way to provide properties via objects within a string
used as template. The string should not be parsed in the wild, same you
won't evaluate ever string templates without knowing the source. Of course
if you use strings to implement eval like logic you are doing it wrong and
makes no sense to use the template but again, that snippets provides what's
not possible with string templates.

To Mark S. Miller, the strict is a must have for the `with` statement, that
snippets works down to IE5 so I don't actually see or understand your
surprise.

Of course I can implement a full syntax parser instead but then I'd loose
on size, simplicity, and portability (performance)

String templates are not good for templates, these work only for statically
defined code and in place meaning you cannot grab content from a DB and
inject values like names or numbers as you would do with any templating
system.

So what is your suggested solution?



On Sun, Mar 22, 2015 at 11:50 AM, Mark Miller <erights at gmail.com> wrote:

> The pattern  [\S\s]*? admits a lot. Why are you confident that it can't
> contain a string that, for example, closes the function with an unbalanced
> "}", then  has an evil expression which evaluates, followed by an
> unbalanced "{" so the whole thing still parses?
>
> On Sun, Mar 22, 2015 at 7:38 AM, Andrea Giammarchi <
> andrea.giammarchi at gmail.com> wrote:
>
>> Hi Mark, thanks for pointing that out but if I understand the problem
>> correctly then the snippet I've suggested concatenates strings and will
>> never produce those problematic syntax errors. Can I say it's still safe?
>> Or do you think it might have some problem in Safari?
>>
>> Cheers
>>
>> On Sun, Mar 22, 2015 at 11:28 AM, Mark S. Miller <erights at google.com>
>> wrote:
>>
>>>
>>>
>>> On Sun, Mar 22, 2015 at 6:46 AM, Andrea Giammarchi <
>>> andrea.giammarchi at gmail.com> wrote:
>>>
>>>> There's no such functionality indeed but you might want to have a look
>>>> at this gist:
>>>> https://gist.github.com/WebReflection/8f227532143e63649804
>>>>
>>>> It gives you the ability to write `'test1 ${1 + 2} test2 ${3 + 4}'
>>>> .template();` and read `test1 3 test2 7` or to pass an object similar
>>>> to .Net String.format so that your Stack overflow code would be like the
>>>> following:
>>>>
>>>> ```js
>>>>
>>>> let a = "b:${b}";
>>>> let b = 10;
>>>>
>>>> console.log(a.template({b:b}));
>>>>
>>>> // or
>>>>
>>>> console.log(a.template({b:27}));
>>>>
>>>> ```
>>>>
>>>> You pass named properties and it works with nested properties too (i.e.
>>>> ${down.the.road})
>>>>
>>>> It does use Function which is safe,
>>>>
>>>
>>>
>>> Function is safe almost everywhere, but it is worth pointing out
>>>
>>> https://bugs.webkit.org/show_bug.cgi?id=106160
>>> https://bugs.webkit.org/show_bug.cgi?id=131137
>>> test_CANT_SAFELY_VERIFY_SYNTAX at
>>> https://code.google.com/p/google-caja/source/browse/trunk/src/com/google/caja/ses/repairES5.js#3198
>>> repair_CANT_SAFELY_VERIFY_SYNTAX at
>>> https://code.google.com/p/google-caja/source/browse/trunk/src/com/google/caja/ses/repairES5.js#4170
>>>
>>> After the repair, the Function constructor is safe again on Safari, but
>>> at considerable expense.
>>>
>>>
>>>
>>>
>>>> compared to eval, and needed to eventually de-opt from 'use strict' but
>>>> of course you could write your own parser avoiding Function completely.
>>>>
>>>> Finally, I agree it would be nice to be able to have a standard way to
>>>> template strings in JS, the templating as it is plays very poorly with
>>>> runtime generated strings, using eval for that looks the dirtiest thing on
>>>> earth.
>>>>
>>>> Regards
>>>>
>>>>
>>>>
>>>> On Sun, Mar 22, 2015 at 10:05 AM, KOLANICH <kolan_n at mail.ru> wrote:
>>>>
>>>>> I needed a functionality but haven't found it.
>>>>> See
>>>>> https://stackoverflow.com/questions/29182244/convert-a-string-to-a-template-string
>>>>> for more details.
>>>>> I think that this should be included into standard;
>>>>>
>>>>>
>>>>> Also we need a standard format string functionality like
>>>>> https://msdn.microsoft.com/en-us/library/system.string.format.aspx
>>>>> and <https://docs.python.org/2/library/string.html#string-formatting>
>>>>> https://docs.python.org/2/library/string.html#string-formatting
>>>>>
>>>>> _______________________________________________
>>>>> es-discuss mailing list
>>>>> es-discuss at mozilla.org
>>>>> https://mail.mozilla.org/listinfo/es-discuss
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> es-discuss mailing list
>>>> es-discuss at mozilla.org
>>>> https://mail.mozilla.org/listinfo/es-discuss
>>>>
>>>>
>>>
>>>
>>> --
>>>     Cheers,
>>>     --MarkM
>>>
>>
>>
>> _______________________________________________
>> es-discuss mailing list
>> es-discuss at mozilla.org
>> https://mail.mozilla.org/listinfo/es-discuss
>>
>>
>
>
> --
> Text by me above is hereby placed in the public domain
>
>   Cheers,
>   --MarkM
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20150322/0cc18d77/attachment.html>


More information about the es-discuss mailing list