[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: small incompatibility
- From: Mike Pall <mikelu-0510@...>
- Date: Sat, 22 Oct 2005 19:15:24 +0200
Hi,
Rici Lake wrote:
> > And a returned string needs to be
> >processed literally and not with %n escapes. Oh well ...]
>
> Well, that's also an option, isn't it?
I think the implementation would get too complicated. Anything
more than simple lookup tables is 'nice to have', but probably
not within the scope of the standard string library.
And in fact sometimes the %n escapes for the replacement string
are inconvenient and the string itself needs to be escaped before
use (or wrapped into a dummy function). I think the inconvenience
for substitution tables outweighs the benefits. I.e. I'd rather
not have this for tables.
[This may also be security relevant. Imagine a string received
from an untrusted source is carelessly put into a substitution
table. It could cause an exception (i.e. denial of service),
if it contains an invalid capture index.]
Of course the scientific approach is to implement all variants
and then compare the generated code size plus the size of the
manual section. Weigh this against the expected usage and the
amount of time it takes to explain all features to a newbie. :-)
Err, no, I won't do that. Sorry. I'm on vacation until Nov 8th.
I'm confident this issue is sorted out until then. ;-)
Bye,
Mike
