Hacker News new | past | comments | ask | show | jobs | submit login

Can someone clarify if this template expansion happens only in format string or in the substituted string as well. I.e. is it affecting just code like this:

  log.info("foo: " + untrusted)
Or also:

  log.info("foo: {}", untrusted)

?



Both




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: