Re: Reviving E4X (H4E)? from Mark S. Miller on 2011-10-19 (public-script-coord@w3.org from October to December 2011)

From: Mark S. Miller <erights@google.com>
Date: Wed, 19 Oct 2011 09:11:51 -0700
To: Alex Russell <slightlyoff@google.com>
Cc: Anne van Kesteren <annevk@opera.com>, "public-script-coord@w3.org" <public-script-coord@w3.org>, Rafael Weinstein <rafaelw@google.com>, Adam Klein <adamk@google.com>, Erik Aarvidson <arv@google.com>, ☻Mike Samuel <msamuel@google.com>
Message-ID: <CABHxS9jH7cYGj+4aCuWJQPBehtxE6jwtYZHzH48yzH+LSnirPQ@mail.gmail.com>

[+msamuel]

On Wed, Oct 19, 2011 at 1:31 AM, Alex Russell <slightlyoff@google.com>wrote:

>
> I have a larger concern here, which is that we're implicitly forcing
> literals to be XML, while the rest of the document is HTML. The closer
> we can get to HTML for something like this, the better (IMO).



To emphasize Alex's point here, quasi-literals provides a mechanism for
avoiding injection attacks in any language for which you have a quasi-parser
-- whether XML, HTML, SQL, RegExp, or whatever -- all for the price of one
bit of additional syntactic sugar and no new semantics. Both vastly lighter
than E4X and vastly more useful.

E4X is dead. Long live quasi-literals!


-- 
    Cheers,
    --MarkM

Received on Wednesday, 19 October 2011 16:12:18 UTC