|
|
|
|
|
|
by tikhonj
4822 days ago
|
|
|
You can certainly prevent shell/SQL injection very easily with a good type system. Yesod, one of the Haskell web frameworks, certainly does this. Basically, you just give strings gotten from the user a different type than normal strings so that you can't use them without sanitizing or explicitly circumventing the sanitizer. I don't know enough about web development to tell you if you can prevent XSS or CSRF, but I wouldn't be surprised if you could. The important insight is that a good type system can fairly easily do much more than most people realize. Certainly far more than you can do with languages like Java! |
|
|