undefined | Better HN

0 pointsJulianMorrison13y ago0 comments

Because it hides a problem of repeating work. Even re-re-rescanning it with fast C is slower than scanning it once.

0 comments

3 comments · 1 top-level

Tuna-Fish13y ago· 2 in thread

That's not the problem. The amount of work done scanning short strings is completely irrelevant. Using escape_once is a problem because it shows that you have no clue what strings in your codebase are escaped and what are not. If you knew, it would be completely pointless. Instead, people resort to cargo-cult like solutions "hey let's escape everything again here just to be sure, that's gotta catch them all".

I've now worked a while in Yesod (Haskell), and I now feel very strongly that this is something they got right. Unescaped strings and html strings should be two completely separate types that can't be cast to each other, except by using transforming functions that clearly define intent.

saraid21613y ago

I could actually see an argument to subclass String for this kind of clarity. I don't know if it'd solve it (and I'm likely not to try it out since I don't have an active Ruby project at all right now, let alone an active Rails project), but someone might try that?

stouset13y ago

That's essentially how Rails 3+ does this.

j / k navigate · click thread line to collapse