
glue_safe()
and glue_data_safe()
differ from glue()
and glue_data()
in that the safe versions only look up symbols from an environment using
get()
. They do not execute any R code. This makes them suitable for use
with untrusted input, such as inputs in a Shiny application, where using the
normal functions would allow an attacker to execute arbitrary code.
glue_safe(..., .envir = parent.frame())glue_data_safe(.x, ..., .envir = parent.frame())
A glue object, as created by as_glue()
.
[expressions
]
Unnamed arguments are taken to be expression
string(s) to format. Multiple inputs are concatenated together before formatting.
Named arguments are taken to be temporary variables available for substitution.
For glue_data()
, elements in ...
override the values in .x
.
[environment
: parent.frame()
]
Environment to evaluate each expression in. Expressions are
evaluated from left to right. If .x
is an environment, the expressions are
evaluated in that environment and .envir
is ignored. If NULL
is passed, it is equivalent to emptyenv()
.
[listish
]
An environment, list, or data frame used to lookup values.
"1 + 1" <- 5
# glue actually executes the code
glue("{1 + 1}")
# glue_safe just looks up the value
glue_safe("{1 + 1}")
rm("1 + 1")
Run the code above in your browser using DataLab