Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
shikon7 9 days ago

If its only use is to make injecton safety a bit easier to achieve, it's worth it to me.

ratorx 9 days ago | parent [-]

Does it make it easier? The “escape” for both is to just use unsafe version of the Template -> string function or explicitly mark an unsafe string as sanitised. Both seem similar in (un)safety

davepeck 9 days ago | parent [-]

> the Template -> string function

There is no such function; Template.__str__() returns Template.__repr__() which is very unlikely to be useful. You pretty much have to process your Template instance in some way before converting to a string.

ratorx 9 days ago | parent [-]

Right, but it is possible to write a template -> string function that doesn’t sanitise and use it (or more realistically use the wrong one). Just as it’s possible to unsafely cast an unsafe string to a sanitised one and use it (rather than use a sanitise function that returns the wrapper type).

They are both similar in their unsafety.