> You therefore get code that locally looks good, even if it has security mistakes. Instead of one source of error - the developer interpolated - you now have three.

Could you give examples of this?

> The developer forgot to interpolate

What would this look like? The only way to get dynamic/user input into a template is either through interpolation or concatenation.

Before:

f"..html_str..." + user_provided_str # oops! should have: html_str + sanitize(user_provided_str)

After:

t"...html_template..." + user_provided_str # oops! should have: t"...html_template...{user_provided_str}"

Does this really leave us worse off?

Unless you're referring to something like this:

Before:

html = "love > war" # oops! should have been: html = "love > war"

After:

html = "love > war" # oops! should have been: html = t"love > war"

But then the two scenarios are nearly identical.

> the developer chose the wrong interpolation

What kind of interpolation would be the "wrong interpolation"?

> or the interpolation itself got it wrong.

Isn't that analogous to sanitize(user_provided_str) having a bug?