Message 363379 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	serhiy.storchaka
Recipients	Marco Sulla, eric.smith, serhiy.storchaka
Date	2020-03-04.19:10:16
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1583349016.87.0.500957340787.issue39842@roundup.psfhosted.org>
In-reply-to

Content
What would "{} {}".partial_format({}) return? It is not possible to implement a "safe" variant of str.format(), because in difference to Template it can call arbitrary code and allows easily to produce arbitrary large strings. Template is more appropriate if the template came from untrusted source or if it is composed by inexperienced user.

What would "{} {}".partial_format({}) return?

It is not possible to implement a "safe" variant of str.format(), because in difference to Template it can call arbitrary code and allows easily to produce arbitrary large strings. Template is more appropriate if the template came from untrusted source or if it is composed by inexperienced user.

History
Date	User	Action	Args
2020-03-04 19:10:16	serhiy.storchaka	set	recipients: + serhiy.storchaka, eric.smith, Marco Sulla
2020-03-04 19:10:16	serhiy.storchaka	set	messageid: <1583349016.87.0.500957340787.issue39842@roundup.psfhosted.org>
2020-03-04 19:10:16	serhiy.storchaka	link	issue39842 messages
2020-03-04 19:10:16	serhiy.storchaka	create