-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Giovanni Piero Deretta wrote:
I had some toughts about this problem too, but my ideal solution would be the other way around. Everything is trusted by default. External objects are wrapped in an untrusted<> wrapper. An object specific function would check the imput and remove the wrapper.
It would be used like this:
class my_input_checker {...}; typedef untrusted<std::string, my_input_checker> untrusted_string;
untrusted_string external_input(); ... untrusted_string input = external_input(); try { std::string checked_input = input, } catch(const trust_exception&) { ... }
On conversion, untrusted call the input checker. On error the conversion fails and trows a trust_exception. This way, an untrasted object has a diferent type than a trusted one (no run time flags). Most of the code deals only with ordinary (trusted) objects (and need no change), while input functions returns untrusted objects.
Just my 0.02 euros. _______________________________________________ Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
I really like the point about not using run-time flags. Seems that your way would be much simpler to implement. Would anyone else want to see this idea become reality? - -- Christopher Granade -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFEd3Io0dXuuZr00J4RAiyuAKD4pFpANROfLHCRGHkj+zK03SFptQCgjAzf 4hmQZ5tsLo+78L+hZQcALtA= =pU4H -----END PGP SIGNATURE-----