intoverflow / interpoliqueqq Goto Github PK

This is an implementation of Dan Kaminsky's "Interpolique" as a Haskell
quasi-quoter.  See Test.hs for examples.

More information:
http://recursion.com/interpolique.html
http://intoverflow.wordpress.com/2010/06/23/syntactic-support-for-kaminskys-interpolique-in-haskell

Also shown here: the Taint monad, which shows how we can use rank-2 types and
monads to track the progression of tainted data, and even use this to prevent
tainted data from escaping a given context before it has been scrubbed.
Kernel.hs is a ``security kernel'' for the tainting system and is intended to be
used by library authors and *not* application develoeprs.  (GHC provides enough
static analysis that this design requirement can be enforced using existing
tools.)

FakeDatabase.hs and FakeXML.hs demonstrate stubbed-out libraries for both a
database server and XML generation library.  They provide examples of how
Interpolique can be destiation-context-sensitive, in that the same syntax can be
used to safely escape a string, and the particular style of escaping can be
automatically determined based on who the escaping is being performed for.
(That is, escaping for a database is different than escaping for XML, and this
implementation is able to use type inference to automatically determine which
it is that the programmer needs.)

TestWebFramework.hs shows an example of destination-context-sensitive escaping
with Interpolique.