Re: Printf and quoting in general, SQL injection in particular

[Yuri Khan]

On Sat, 26 Jun 2021 at 13:56, Emanuel Berg via Users list for the GNU
Emacs text editor <help-gnu-emacs@gnu.org> wrote:

> Relax, this notion that you shouldn't construct file paths by
> string functions, nor SQL queries for that matter, and what
> more? hyperlinks?

Hyperlinks, too.

One of the requirements of URLs is that all non-ascii and some ascii
characters be %-encoded when used in the path or query string, or
punycode-encoded when used in the host name:

    (let ((base "http://ru.wikipedia.org/wiki/";)
          (term "Гиперссылка")
          (joined (concat base term)))
      (assert (string= joined
"https://ru.wikipedia.org/wiki/%D0%93%D0%B8%D0%BF%D0%B5%D1%80%D1%81%D1%81%D1%8B%D0%BB%D0%BA%D0%B0";)))
 ;; alas, no

Another rule is that resolving a relative reference containing a path
against a base URL will drop the last segment of the base:

    (let ((base "http://example.org/foo";)
          (href "bar")
          (resolved (concat base href)))
      (assert (string= resolved "http://example.org/bar";)))  ;; also no

String concat does not know any of these rules.


It is okay to represent file names, SQL queries, and URLs as strings
*internally*. It is okay to use string functions to implement
high-level domain-specific functions. In many cases, interoperating
with external code will also require these things represented as
strings. But it is a good idea to use domain-specific functions to
manipulate file names, queries, and URLs, rather than string
functions, because this way you are less likely to violate those
types’ invariants.