Hacker News new | past | comments | ask | show | jobs | submit login

You can do it in any OO language easily as well. For instance, in Python:

  class UnsafeString:
    def __init__(self, str):
      self._str = str
      self._sanitized = None
    def __str__(self):
      return self.sanitize()
    def unsafe(self):
      return self._str
    def sanitize(self):
      if self._sanitized != None:
        return self._sanitized
      else:
        self._sanitized = sanitize(self._sanitized)
        return self._sanitized
That way, as long as you wrap all input in the UnsafeString class, you'll have to be explicit if you want the unsafe version and you'll get the safe version by default.



Precisely. Isn't user input handled like this on most web code? It seems the most sensible way to do it.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: