[Haskell] intent-typing

Marcus Sundman sundman at iki.fi
Mon Nov 15 10:17:46 EST 2010

Hi, how would one go about implementing (or using if it's supported 
out-of-the-box) intent-typing* for haskell?

*) Intent-typing is compiler/verifier/parser enforced typing similar to 
"apps hungarian" notation. E.g., say I have a webapp with fields for a 
user's first name and last name, which I at some point show on another 
webpage that the user loads, which is a typical XSS vulnerability 
situation. So I have 2 functions, getParam(...) and setParam(...), which 
return the value of a user-provided parameter and gives a parameter to 
the template displayed to the user, respectively. I want to somehow flag 
the getParam(...)-function as returning a user-provided string (say, 
"unsafe-string"), and the setParam(...)-function as requiring a safely 
encoded string (say, "safe-string"), so that if I sometimes forget to 
run the user-provided string through some anti-xss-encoding thingy 
(which would take an "unsafe-string" and return a "safe-string"), and 
don't (unit-)test this particular aspect of said code, then some 
verifier thingy (preferably a static verifier) would notice this and 
show me a warning.


More information about the Haskell mailing list