You just put XSS into the language.
Once you start to be serious about text templating, you will need special characters escaping, probably automatic and context-dependent. In my opinion, this is better handled by a standalone templating language.
LT
--
Special character escaping? But we introduce no new special characters here (backquote is not in wide use anyway).
Standalone templating has the opposite problem - as you can see from examples in other posts, there's WAY too much of {{ going on, and there's a whole new programming language invented to substitute data.
--
`foo`; `bar`; // generates: backquote("foo"); backquote("bar")void someMethod() {void backquote(str) { /* do womething with string */}class Foo {(or raises methodNotFound, as usual)when backquotes string `foo` is used in a class, it is treated as call to method, say, backquote(str) in that classLet's assume the following:@Ladislav: I got your point.But I have one more trick up my sleeve to counter your counterexample :-)
}}Then we get flexibility as to what to do with "foo"/"bar", including possible escaping (via standard methods like htmlEscape(str), xmlEscape(str), jsonEscape(str) etc.
Does it fully address the problem? No?
var source2 = ("""
PREFIX qb: <http://purl.org/linked-data/cube#>
PREFIX iodp: <http://data.oceandrilling.org/core/1/>
PREFIX janus: <http://data.oceandrilling.org/janus/>
PREFIX sdmx-dimension: <http://purl.org/linked-data/sdmx/2009/dimension#>
SELECT DISTINCT ?slice
FROM <http://data.oceandrilling.org/janus/>
WHERE {
{{#legs}} { ?sliceKey iodp:leg "{{legnumber}}" . } {{^is_last}} UNION {{/is_last}} {{/legs}}
?sliceKey iodp:site "1226" .
?slice qb:sliceStructure <http://data.oceandrilling.org/janus/sliceByvcd_image> .
?slice qb:sliceStructure ?sliceKey .
}
""");
Having used both types of templating, as in Alex's example above (ASP/JSP/PHP), and logic-less templates such as mustache/django templates, I see an advantage of keeping code out of the templates. Especially if you're working in a large team with a differing level of skills (templates can get ugly real fast at the hands of uber-eager-noobs).
--