Python's new t-strings
a year ago
- #Python
- #Security
- #String Processing
- Template strings (t-strings) are officially accepted in Python 3.14, shipping late 2025.
- T-strings provide safer and more flexible string processing compared to f-strings.
- F-strings, while popular, can be misused for unsafe operations like SQL or HTML formatting with user input.
- T-strings evaluate to a Template type, not a string, requiring processing before use.
- Templates allow safe escaping of dynamic content, preventing vulnerabilities like SQL injection or XSS.
- T-strings are similar to JavaScript's tagged templates, offering pythonic string processing.
- Template instances provide .strings and .values properties for accessing components before final string assembly.
- Developers can write custom processing functions for templates, like converting text to pig latin.
- T-strings support direct instantiation and detailed access to interpolation components.
- Future tooling support (e.g., Black, Ruff, VSCode) is anticipated for t-strings to enhance usability.