[stringtemplate-interest] format="random string" harmful
Zenaan Harkness
zen at freedbms.net
Sun Oct 1 15:49:24 PDT 2006
On Sun, Oct 01, 2006 at 02:57:30PM -0700, Terence Parr wrote:
> Hi,
>
> I just realized that allowing the random format string to dictate
> which function to call on some formatter object is way too big of a
> whole. It is the same thing as velocity that allows you to pass in a
> model and call random methods on it. Imagine:
>
> $"select * from Users"; format="query"$
>
> weird, but would call renderer.query("select * from Users"). Pass in
> a DB object and we have a problem.
>
> I think that I need to stay probably with a predefined set of
> useful functions that you can apply to attributes. In fact, the
> function style syntax of $upperCase(name)$ might be the right
> answer. Regardless of the syntax, I think the only way to enforce
> the separation is to prevent users from providing random code that
> you can call from the template.
>
> I suppose with that limitation then
>
> $bday; format="verbose"$
>
> and
>
> $names; format="upperCase"$
>
> can be the syntax. It would be calling pre-existing functions with
> those names-- the user cannot provide those methods.
"Standard formatting" limited to which of the following:
* Capitalization, all/ partial/ first/ last.
* MAC & IP address formatting functions.
* Time & Date and TimeDate formatting.
* Brief/Full Hereford (cattle) Statistic formatting.
* CPU Model+Stepping+Manuf+...
* ...
There are two things needed here:
1) What criteria to decide which built-in formatting functions.
2) What to tell people to do when they want something extra.
Without considering these together, we will simply keep
implementing compulsively.
Thanks
Zen
--
Free Australia - www.UPMART.org
Please respect the confidentiality of this email as sensibly warranted.
More information about the stringtemplate-interest
mailing list