R: Safely interpolate strings

glue_safe {glue}

R Documentation

Safely interpolate strings

Description

glue_safe() and glue_data_safe() differ from glue() and glue_data() in that the safe versions only look up symbols from an environment using get(). They do not execute any R code. This makes them suitable for use with untrusted input, such as inputs in a Shiny application, where using the normal functions would allow an attacker to execute arbitrary code.

Usage

glue_safe(..., .envir = parent.frame())

glue_data_safe(.x, ..., .envir = parent.frame())

Arguments

`...`	[`expressions`] Unnamed arguments are taken to be expression string(s) to format. Multiple inputs are concatenated together before formatting. Named arguments are taken to be temporary variables available for substitution. For `glue_data()`, elements in `...` override the values in `.x`.
`.envir`	[`environment`: `parent.frame()`] Environment to evaluate each expression in. Expressions are evaluated from left to right. If `.x` is an environment, the expressions are evaluated in that environment and `.envir` is ignored. If `NULL` is passed, it is equivalent to `emptyenv()`.
`.x`	[`listish`] An environment, list, or data frame used to lookup values.

Value

A glue object, as created by as_glue().

Examples

"1 + 1" <- 5
# glue actually executes the code
glue("{1 + 1}")

# glue_safe just looks up the value
glue_safe("{1 + 1}")

rm("1 + 1")

[Package glue version 1.7.0 Index]