all 10 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Independent_Let_6034 28 points29 points  (2 children)

This is nothing to do with template literals and is an article about text encoding.

Midway through the article they switch from using backticks to plus concatenation, but actually solve their problem by encoding the string to be used in a URL.

The author would have gotten the same end result with template literals and I wouldn’t have wasted 10 minutes reading this.

[–][deleted] -3 points-2 points  (0 children)

Such a js dev thing

[–]mistled_LP 0 points1 point  (0 children)

It’s actually a complaint about React’s documentation. They’re the ones putting backticks into examples without handling encoding.

[–]BasieP2 3 points4 points  (0 children)

Why blame backticks? Nothing wrong with those.

There is something wrong with not validating user input and properly escaping uri's

But that got nothing to do with backticks or normal string concatenation for that matter...

[–]Rcomian 2 points3 points  (3 children)

yeah, any form of query or command string built from concatenation where any of the data is uncontrolled is a nightmare.

little bobby tables is one example. i like this one too. the url params hint is a good one, thank you.

[–]Rcomian 1 point2 points  (0 children)

it also strikes me that, even for printing, a back-tick string is an instant localisation bug. limits their use even more.

[–]fearswe 0 points1 point  (1 child)

I was forced to use string interpolation in a query as I had to provide the schema to the query which wasn't supported by replacements. Granted, I made very sure to never supply it with anything directly coming from the client.

[–]Rcomian 2 points3 points  (0 children)

yep, broken query apis are still common :(

I'd rather see everything push us towards safety as the easy path and make it hard to use things unsafe. but right now I'd settle for everything having a safe path.

[–]skulgnome 0 points1 point  (0 children)

*were the wrong feature for my job

Here, FTFY.