glue_safe {glue}R Documentation

Safely interpolate strings

Description

glue_safe() and glue_data_safe() differ from glue() and glue_data() in that the safe versions only look up symbols from an environment using get(). They do not execute any R code. This makes them suitable for use with untrusted input, such as inputs in a Shiny application, where using the normal functions would allow an attacker to execute arbitrary code.

Usage

glue_safe(..., .envir = parent.frame())

glue_data_safe(.x, ..., .envir = parent.frame())

Arguments

...

[expressions]
Unnamed arguments are taken to be expression string(s) to format. Multiple inputs are concatenated together before formatting. Named arguments are taken to be temporary variables available for substitution.

For `glue_data()`, elements in `...` override the values in `.x`.
.envir

[environment: parent.frame()]
Environment to evaluate each expression in. Expressions are evaluated from left to right. If .x is an environment, the expressions are evaluated in that environment and .envir is ignored. If NULL is passed, it is equivalent to emptyenv().

.x

[listish]
An environment, list, or data frame used to lookup values.

Value

A glue object, as created by as_glue().

Examples

"1 + 1" <- 5
# glue actually executes the code
glue("{1 + 1}")

# glue_safe just looks up the value
glue_safe("{1 + 1}")

rm("1 + 1")

[Package glue version 1.7.0 Index]