Feedback: String Templates (JEP 430)
John Rose
john.r.rose at oracle.com
Fri Mar 31 20:28:00 UTC 2023
P.S. As a for-instance, a good way to separate the internal concerns of
envelope logic from the concerns of a payload-providing client is to
make the low-level, expert-only string interpolation function be
`protected` in the abstract DSL-implementor class. Then the clients
only use DSL-specific API points, but internally the string assembly
happens smoothly. I guess that’s not an option with interfaces, but
it is one of the classic ways to avoid the confusion between envelope
logic and payload logic.
On 31 Mar 2023, at 13:23, John Rose wrote:
> What I hope is clear is my point about separating concerns, between
> knowing how and when to escape a value *in a particular place*, and
> coming up with a set of interpolation values for those places. It’s
> rooted in the distinction between an envelope and its contents.
> Quoting (and validation) is something envelope-specific. Contents are
> usually specific to some completely unrelated domain of business
> logic. Unless API users are helped to separate those concerns, there
> will be confusion, exploitable in attacks.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/amber-dev/attachments/20230331/d7e317f9/attachment.htm>
More information about the amber-dev
mailing list