Hacker News Re-Imagined

Format Strings in Rust 1.58

  • 260 points
  • 7 days ago

  • @jackosdev
  • Created a post

Format Strings in Rust 1.58


@renox 6 days

Replying to @jackosdev 🎙

Nice, I hope it will be improved to print the variable names as in Python f-string, something like "{x=}" generating "x=<value of x>", much better than having to write "x={x}" everywhere..

Reply


@Seattle3503 7 days

Replying to @jackosdev 🎙

Blog posts don't normally get "Show HN" titles.

Reply


@thurn 6 days

Replying to @jackosdev 🎙

How did they stabilize this so fast? I feel like we first heard about this feature only a few months ago. Meanwhile I've been waiting for `let_chains` since what feels like the mid 90s...

Reply


@pron 7 days

Replying to @jackosdev 🎙

Code injection is currently the #1 language-related security vulnerability [1][2] in memory-safe languages, which is why languages should be very careful when adding string interpolation as it may well be their most security-sensitive feature: "Templated string injection attack prevention will be of primary concern. The result of template processing can to be used in sensitive applications, such as database queries. Validation of templates and expression values prior to use can prevent catastrophic outcomes." [3].

[1]: https://owasp.org/www-project-top-ten/

[2]: https://www.softwaretestinghelp.com/sans-top-20-security-vul...

[3]: https://openjdk.java.net/jeps/8273943

Reply


@pabs3 7 days

Replying to @jackosdev 🎙

How would one print a literal "Hello {x}!" without the formatting?

Reply


@optician_owl 6 days

Replying to @jackosdev 🎙

Does not allow to use a struct field. That's strange.

Reply


@spoiler 7 days

Replying to @jackosdev 🎙

Really amazing summary! I wasn't aware of some of these specifiers. I was alway a pretty basic fmt user due to my ignorance. I should go revisit some manual formatting code. :)

Reply


@joss82 7 days

Replying to @jackosdev 🎙

So, does that mean every string's { need to be doubled to {{?

Doesn't that open a big security hole where someone could inject a special string to probe for variables' content?

Reply


@stephc_int13 7 days

Replying to @jackosdev 🎙

This "modern" style of string formatting might seem pretty convenient and concise, but in my opinion, it has quite a few drawbacks.

I'd prefer something that would maybe be less concise but easier to read and maintain, using the host language instead of a mini script using in-band signaling and its weird syntax.

Reply


@nindalf 7 days

Replying to @jackosdev 🎙

Nice post. For some reason I can never remember the syntax for formatting and I have to look it up each time. I’ll bookmark your post for the next time I need this.

Reply


@japanuspus 7 days

Replying to @jackosdev 🎙

I appreciate the effort that went into the blog post, but for this forum a link to the release notes [0] and/or the updated docs [1] would have been more relevant.

[0]: https://blog.rust-lang.org/2022/01/13/Rust-1.58.0.html#captu...

[1] https://doc.rust-lang.org/std/fmt/

Reply


@megumax 7 days

Replying to @jackosdev 🎙

It's a nice Quality of Life addition, that I would like to see with C++ as well.

I wish they don't implement f-strings and s-strings, at least for now. Even if they are more ergonomic than the `format!` and `String::from`, they hide a memory allocation which is not really indicated in a language like Rust and would be really weird in a context without an allocator. The only solution to this would be `const` evaluation of this, but that would restrict their use to `const` environments, so mostly unusable.

Reply


@didip 6 days

Replying to @jackosdev 🎙

Will there be a support for `{jndi:ldap://xyz}`? I jest :)

Reply


About Us

site design / logo © 2022 Box Piper