Mirror of forum.nim-lang.org

2324 :: TaintedString Question

[2016-06-17T17:31:22+02:00]

jyapayne (orginal) [2016-06-17T17:31:22+02:00] view original

I've seen TaintedString sprinkled throughout the stdlib and I was just wondering exactly what it does. I read the docs and the definition in system.nim, but I'm still a bit confused. When would I want to enable taintMode and why? What is the use case for it?

LeuGim (orginal) [2016-06-17T18:03:13+02:00] view original

That's in the manual: http://nim-lang.org/docs/manual.html#taint-mode. And knowing the notion of distinct types (as opposed to aliases) is required.

The taint-mode lets you distinguish between strings from a user input and such, unless they are validated and explicitly casted as strings, and all the other strings. Ruby has this same feature, with examples in its docs, maybe it's worth for you to look at.

endragor (orginal) [2016-06-17T18:06:48+02:00] view original

Tainted strings help to ensure in compile-time that you have validated user input in some way. In taintMode, TaintedString is a distinct type, meaning you cannot pass such string to any procedure that accepts string, but you can explicitly convert it to string. By explicitly converting it, you claim that you have validated it in some way. So basically TaintedString helps the programmer not to forget to validate user input before doing something with it.

jyapayne (orginal) [2016-06-17T19:07:01+02:00] view original

@endragor and @LeuGim, I understand now :) That wasn't clear from the docs since I wasn't familiar with the concept of a TaintedString. Thank you both!