[Haskell-cafe] Re: [Haskell] intent-typing

Max Rabkin max.rabkin at gmail.com
Mon Nov 15 11:41:07 EST 2010


I still don't understand what intent typing is, but this particular
problem is discussed (with a type-based, statically checked solution)
at http://blog.moertel.com/articles/2006/10/18/a-type-based-solution-to-the-strings-problem

--Max

On Mon, Nov 15, 2010 at 17:17, Marcus Sundman <sundman at iki.fi> wrote:
> Hi, how would one go about implementing (or using if it's supported
> out-of-the-box) intent-typing* for haskell?
>
> *) Intent-typing is compiler/verifier/parser enforced typing similar to
> "apps hungarian" notation. E.g., say I have a webapp with fields for a
> user's first name and last name, which I at some point show on another
> webpage that the user loads, which is a typical XSS vulnerability situation.
> So I have 2 functions, getParam(...) and setParam(...), which return the
> value of a user-provided parameter and gives a parameter to the template
> displayed to the user, respectively. I want to somehow flag the
> getParam(...)-function as returning a user-provided string (say,
> "unsafe-string"), and the setParam(...)-function as requiring a safely
> encoded string (say, "safe-string"), so that if I sometimes forget to run
> the user-provided string through some anti-xss-encoding thingy (which would
> take an "unsafe-string" and return a "safe-string"), and don't (unit-)test
> this particular aspect of said code, then some verifier thingy (preferably a
> static verifier) would notice this and show me a warning.
>
> Cheers,
> Marcus
> _______________________________________________
> Haskell mailing list
> Haskell at haskell.org
> http://www.haskell.org/mailman/listinfo/haskell
>


More information about the Haskell-Cafe mailing list