> Is the .format sublanguage notably stronger than the %-one?
Yes, it allows arbitrary attribute traversal as well as broad indexing.
The % sublangage is a lot more restrictive and doesn’t suffer from the arbitrary reading of the C version (if you format an object that wasn’t passed in you get an error not a read off of the stack or a register).
Yes, it allows arbitrary attribute traversal as well as broad indexing.
The % sublangage is a lot more restrictive and doesn’t suffer from the arbitrary reading of the C version (if you format an object that wasn’t passed in you get an error not a read off of the stack or a register).
I don’t think format is anywhere near turing complete, but it allows significant information querying and retrieval (https://lucumr.pocoo.org/2016/12/29/careful-with-str-format/).
Both still allow for resource exhaustion but that’s what it is.