|
|
|
|
|
|
by lhorie
2830 days ago
|
|
|
You're framing this as a question of syntax preference, but actually the whole point of template tags is to cater to a very specific need: the ability to sanitize an interpolated value. In this specific example, let's say you have: sql.from`book`.return`distinct ${field}`
You don't want a sql injection to occur if somehow `field = 'author'; drop table book; --` or similar.With a plain function call, the library would have no way of knowing what to sanitize. sql.from('book').return(`distinct ${field}`) // hello security hole
And without template tags, the API would arguably look more complex, and require the user to discover/learn an ad-hoc interpolation DSL: sql.from('book').return('distinct ${field}', {field})
You can still target the template tag's raw API requirements without the syntax (though you'd lose readability with multiple interpolations): sql.from('book').return(['distinct'], field)
|
|
|