glue_safe: Safely interpolate strings

Description Usage Arguments

View source: R/safe.R

Description

glue_safe() and glue_data_safe() differ from glue() and glue_data() in that the safe versions only look up symbols from an environment use get() they do not execute any R code. This makes them suitable when used with untrusted input, such as inputs in a shiny application, where using the normal functions would allow an attacker to execute arbitrary code.

Usage

1
2
3
glue_safe(..., .envir = parent.frame())

glue_data_safe(.x, ..., .envir = parent.frame())

Arguments

...

[expressions]
Unnamed arguments are taken to be expressions string(s) to format. Multiple inputs are concatenated together before formatting. Named arguments are taken to be temporary variables available for substitution.

.envir

[environment: parent.frame()]
Environment to evaluate each expression in. Expressions are evaluated from left to right. If .x is an environment, the expressions are evaluated in that environment and .envir is ignored. If NULL is passed it is equivalent to emptyenv().

.x

[listish]
An environment, list or data frame used to lookup values.


glue documentation built on July 8, 2020, 5:17 p.m.