Hacker News new | past | comments | ask | show | jobs | submit login

It's explained if you look at the proposals: They wanted to avoid any and all risks of backwards compatibility with any existing templating tool in the Java ecosystem. Every sensible syntax was covered by one of those, so the core language is stuck with the least bad one available.



It's prefixed by "STR." so the syntax is different from any existing tools ?

It remember me the first proposed syntax for lambdas. Let's hope the next preview will fix that.


...at what cost tho


The JEP makes it kind of clear:

> trading off a small amount of convenience to gain a large amount of safety


*large

*small


You can create json and sql string template processors that suffer from no injection problems. I'd call that a large improvement over, for example, Javascript. But I'm not familiar enough with the string template feature in the other languages to comment on their relative security.


> You can create json and sql string template processors that suffer from no injection problems. I'd call that a large improvement over, for example, Javascript.

Bad example. JavaScript literally has that (ever since ES6). [1]

  function sql(strings, ...args) {
    // ...
  }

  sql`SELECT * FROM user WHERE email = $1`
[1] https://developer.mozilla.org/en-US/docs/Web/JavaScript/Refe...


This is a solved problem in .NET, and C# only has one kind of string templating:

  FormattableString foo = $"select * from {table} where {column} = 42";
https://learn.microsoft.com/en-us/ef/core/querying/sql-queri...


Not sure if C# can do that, but java’s implementation can return an arbitrary object based on the templates/parameters.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: