|
|
|
|
|
|
by somat
231 days ago
|
|
|
As far as I can tell JS has no way to symbolicly handle unformatted templates and then format them later. For example, you can't do this. const t1 = new Template('Hello ${name}');
const str_1 = t1.format({'name':user_name});
You could argue, perhaps correctly, that this is by design and doing something like this is a mistake. But when my whole clever idea depended on doing exactly this, I was a bit surprised when it does not work with native templates. |
|
|
I'm not saying its right or wrong just that php is following the trend with this feature when it comes to language design.
I know i said earlier its not for security, but it could very well be for security (not xss though) as format string injection is a common vulnerability in c and python which allow this sort of thing.