From: Yuri Khan <yuri.v.khan@gmail.com>
To: Emanuel Berg <moasenwood@zoho.eu>,
help-gnu-emacs <help-gnu-emacs@gnu.org>
Subject: Re: Printf and quoting in general, SQL injection in particular
Date: Sat, 26 Jun 2021 14:30:59 +0700 [thread overview]
Message-ID: <CAP_d_8WW67L0NKR=hbp+KPyt54nkgUHi3YPm7LFve8sJiL5q6Q@mail.gmail.com> (raw)
In-Reply-To: <87eecp2k6l.fsf@zoho.eu>
On Sat, 26 Jun 2021 at 13:56, Emanuel Berg via Users list for the GNU
Emacs text editor <help-gnu-emacs@gnu.org> wrote:
> Relax, this notion that you shouldn't construct file paths by
> string functions, nor SQL queries for that matter, and what
> more? hyperlinks?
Hyperlinks, too.
One of the requirements of URLs is that all non-ascii and some ascii
characters be %-encoded when used in the path or query string, or
punycode-encoded when used in the host name:
(let ((base "http://ru.wikipedia.org/wiki/")
(term "Гиперссылка")
(joined (concat base term)))
(assert (string= joined
"https://ru.wikipedia.org/wiki/%D0%93%D0%B8%D0%BF%D0%B5%D1%80%D1%81%D1%81%D1%8B%D0%BB%D0%BA%D0%B0")))
;; alas, no
Another rule is that resolving a relative reference containing a path
against a base URL will drop the last segment of the base:
(let ((base "http://example.org/foo")
(href "bar")
(resolved (concat base href)))
(assert (string= resolved "http://example.org/bar"))) ;; also no
String concat does not know any of these rules.
It is okay to represent file names, SQL queries, and URLs as strings
*internally*. It is okay to use string functions to implement
high-level domain-specific functions. In many cases, interoperating
with external code will also require these things represented as
strings. But it is a good idea to use domain-specific functions to
manipulate file names, queries, and URLs, rather than string
functions, because this way you are less likely to violate those
types’ invariants.
next prev parent reply other threads:[~2021-06-26 7:30 UTC|newest]
Thread overview: 86+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-21 1:40 Emacs Modular Configuration: the preferable way Hongyi Zhao
2021-06-21 2:56 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 6:40 ` Jean Louis
2021-06-21 16:31 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 19:55 ` Jean Louis
2021-06-22 0:06 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 10:14 ` Arthur Miller
2021-06-21 16:40 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 18:25 ` [External] : " Drew Adams
2021-06-26 0:17 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-26 0:31 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 18:38 ` Arthur Miller
2021-06-22 0:03 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-22 0:17 ` Jean Louis
2021-06-22 7:52 ` Arthur Miller
2021-06-26 6:58 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 11:29 ` Eli Zaretskii
2021-06-21 12:45 ` Philip Kaludercic
2021-06-21 12:55 ` Eli Zaretskii
2021-06-21 13:59 ` [External] : " Drew Adams
2021-06-21 16:51 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 18:08 ` Eli Zaretskii
2021-06-21 18:26 ` FW: " Drew Adams
2021-06-26 0:06 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 14:11 ` tomas
2021-06-21 16:47 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 18:06 ` Eli Zaretskii
2021-06-21 21:09 ` Jean Louis
2021-06-22 11:45 ` Eli Zaretskii
2021-06-22 12:29 ` Jean Louis
2021-06-22 13:07 ` Eli Zaretskii
2021-06-21 20:05 ` Stefan Monnier via Users list for the GNU Emacs text editor
2021-06-22 0:16 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 21:07 ` Jean Louis
2021-06-22 0:33 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-22 0:52 ` Printf and quoting in general, SQL injection in particular Jean Louis
2021-06-26 6:50 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-26 7:30 ` Yuri Khan [this message]
2021-06-26 7:57 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-26 9:37 ` tomas
2021-06-28 7:02 ` Jean Louis
2021-07-06 2:12 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-07-06 2:46 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 20:36 ` Emacs Modular Configuration: the preferable way Jean Louis
2021-06-21 21:15 ` Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way] tomas
2021-06-21 21:29 ` Jean Louis
2021-06-22 0:31 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-22 0:47 ` Jean Louis
2021-06-26 6:31 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-28 6:56 ` Jean Louis
2021-07-06 1:57 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-07-06 20:04 ` Jean Louis
2021-07-06 20:19 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-22 0:23 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-22 12:12 ` Eli Zaretskii
2021-06-22 12:37 ` Jean Louis
2021-06-22 13:10 ` Eli Zaretskii
2021-06-22 15:45 ` Jean Louis
2021-06-22 16:04 ` Eli Zaretskii
2021-06-22 18:01 ` Jean Louis
2021-06-22 18:25 ` Eli Zaretskii
2021-06-26 6:46 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-26 7:15 ` Eli Zaretskii
2021-06-28 7:04 ` Jean Louis
2021-07-06 2:05 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-07-06 20:09 ` Jean Louis
2021-07-06 20:23 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-07-07 0:00 ` Jean Louis
2021-06-28 6:59 ` Jean Louis
2021-07-06 2:02 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-07-06 20:06 ` Jean Louis
2021-07-06 20:20 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-26 6:41 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-26 6:39 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 16:42 ` Emacs Modular Configuration: the preferable way Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-22 12:50 ` Lars Ingebrigtsen
2021-06-26 8:05 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-21 20:02 ` Jean Louis
2021-06-22 0:11 ` Emanuel Berg via Users list for the GNU Emacs text editor
2021-06-22 0:19 ` Jean Louis
2021-06-21 6:37 ` Jean Louis
2021-06-21 7:00 ` Hongyi Zhao
2021-06-21 10:06 ` Arthur Miller
2021-06-21 10:26 ` Hongyi Zhao
2021-06-21 11:10 ` Arthur Miller
2021-06-23 2:17 ` Hongyi Zhao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAP_d_8WW67L0NKR=hbp+KPyt54nkgUHi3YPm7LFve8sJiL5q6Q@mail.gmail.com' \
--to=yuri.v.khan@gmail.com \
--cc=help-gnu-emacs@gnu.org \
--cc=moasenwood@zoho.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).