I still don't understand what intent typing is, but this particular
problem is discussed (with a type-based, statically checked solution)
at http://blog.moertel.com/articles/2006/10/18/a-type-based-solution-to-the-str...
--Max
On Mon, Nov 15, 2010 at 17:17, Marcus Sundman
Hi, how would one go about implementing (or using if it's supported out-of-the-box) intent-typing* for haskell?
*) Intent-typing is compiler/verifier/parser enforced typing similar to "apps hungarian" notation. E.g., say I have a webapp with fields for a user's first name and last name, which I at some point show on another webpage that the user loads, which is a typical XSS vulnerability situation. So I have 2 functions, getParam(...) and setParam(...), which return the value of a user-provided parameter and gives a parameter to the template displayed to the user, respectively. I want to somehow flag the getParam(...)-function as returning a user-provided string (say, "unsafe-string"), and the setParam(...)-function as requiring a safely encoded string (say, "safe-string"), so that if I sometimes forget to run the user-provided string through some anti-xss-encoding thingy (which would take an "unsafe-string" and return a "safe-string"), and don't (unit-)test this particular aspect of said code, then some verifier thingy (preferably a static verifier) would notice this and show me a warning.
Cheers, Marcus _______________________________________________ Haskell mailing list Haskell@haskell.org http://www.haskell.org/mailman/listinfo/haskell