Greetings: Personally, I don't think top-posting is the most annoying newsgroup habit. I think it's making a big fuss about minor inconveniences.
One of the nicest things about being human is the amazing flexibility of our brains. For example, if a block of text isn't arranged in the order we're used to, we can easily rearrange it mentally and read it anyway. Oriental and Arabic peoples, for example, do this each time they read something written in English. It's EASY, once you get used to it! It took me about 3 seconds to realize that Mr. D'Aprano' Q&A session was laid out bottom-to-top instead of top-to-bottom. After that, it made perfect sense. While it was a excellent way to demonstrate his argument, it failed to prove his point, because, while top-to-bottom may be the way he reads things, it isn't the way _everyone_ reads things. So, as far as I'm concerned, post your posts in whatever manner works for you. If it's in English, I'll figure it out. If not, well, there's always Babelfish. ;^) Regards, Barry [EMAIL PROTECTED] 541-302-1107 ________________________ We who cut mere stones must always be envisioning cathedrals. -Quarry worker's creed > -----Original Message----- > From: Steven D'Aprano [mailto:[EMAIL PROTECTED] > Sent: Friday, January 19, 2007 11:30 AM > To: python-list@python.org > Subject: Re: when format strings attack > > On Fri, 19 Jan 2007 10:43:53 -0800, John Zenger wrote: > > > Perhaps it is not as severe a security risk, but pure Python programs > > can run into similar problems if they don't check user input for % > > codes. > > Please don't top-post. > > A: Because it messes up the order that we read things. > Q: Why? > A: Top-posting. > Q: What is the most annoying newsgroup habit? > > > > Example: > > > >>>> k = raw_input("Try to trick me: ") > > Try to trick me: How about %s this? > >>>> j = "User %s just entered: " + k > >>>> print j % "John" > > Traceback (most recent call last): > > File "<pyshell#8>", line 1, in ? > > print j % "John" > > TypeError: not enough arguments for format string > > That's hardly the same sort of vulnerability the article was talking > about, but it is a potential bug waiting to bite. > > In a serious application, you should keep user-inputted strings separate > from application strings, and never use user strings unless they've been > made safe. See Joel Spolsky's excellent article about one way of doing > that: > > http://www.joelonsoftware.com/articles/Wrong.html > > > > -- > Steven. > -- http://mail.python.org/mailman/listinfo/python-list
