-
Notifications
You must be signed in to change notification settings - Fork 111
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
decor_mut allows injection of arbitrary data #267
Comments
Addding a comment to a decor is valid for some cases, but not for keys. I don't think there is a way to solve this problem in general, other than make it clear to the user that this mutation is "unsafe". |
Comments are just the beginning. You could have a decor that is |
I would be willing to implement a draft PR for this as outlined in #728. |
I have some concerns about that proposal. Knowing what type of decor is applicable is dependent on what parent container you are in. This means we don't know when it should be an error and you can move things between locations and the Decor can switch from valid to invalid. It also adds a lot of ceremony to the API. |
Ah, I didn't think of that. This can be implemented with a private trait, though: pub struct Spacing(RawString);
pub struct Newline(RawString);
pub struct Comment(RawString);
trait IntoInlineDecor: Into<RawString> {} // Private trait
trait IntoMultilineDecor: Into<RawString> {} // Private trait
impl IntoInlineDecor for Spacing {}
impl IntoMultilineDecor for Spacing {}
impl IntoMultilineDecor for Newline {}
impl IntoMultilineDecor for Comment {}
impl Value {
fn append_prefix(impl IntoInlineDecor);
// etc.
}
There would have to be a separate Alternatively, there could be separate
That is the price of safety. |
iirc keys can sometimes have multi-line prefixes, sometimes they can't. Same for values but for suffixes.
Which "safety" definition :) For ensuring users generate valid TOML files, there are other alternatives like stripping invalid decor or offering validating vs panicking functions. In a lot of cases, I expect the invalid decor is created as programming mistake rather than trying to handle arbitrary input. |
They don't have to. Multi-line prefixes/suffixes for keys/values could (and should) be disallowed.
There are indeed, and this is exactly what I (and I assume others) have been doing already, but it is clearly error-prone and could be better handled by
Same, but unsound API design is also a programming mistake. |
To truly disallow this, we'd need to attach whitespace+comment lines to something else. This doesn't work well with our existing
I've considered using
There are also many cases between these or else we wouldn't have |
No description provided.
The text was updated successfully, but these errors were encountered: