glue (version 1.4.2)

glue_safe: Safely interpolate strings

Description

glue_safe() and glue_data_safe() differ from glue() and glue_data() in that the safe versions only look up symbols from an environment use get() they do not execute any R code. This makes them suitable when used with untrusted input, such as inputs in a shiny application, where using the normal functions would allow an attacker to execute arbitrary code.

Usage

glue_safe(..., .envir = parent.frame())

glue_data_safe(.x, ..., .envir = parent.frame())

Arguments

...

[expressions] Unnamed arguments are taken to be expressions string(s) to format. Multiple inputs are concatenated together before formatting. Named arguments are taken to be temporary variables available for substitution.

.envir

[environment: parent.frame()] Environment to evaluate each expression in. Expressions are evaluated from left to right. If .x is an environment, the expressions are evaluated in that environment and .envir is ignored. If NULL is passed it is equivalent to emptyenv().

.x

[listish] An environment, list or data frame used to lookup values.

Examples

Run this code
# NOT RUN {
"1 + 1" <- 5
# glue actually executes the code
glue("{1 + 1}")

# glue_safe just looks up the value
glue_safe("{1 + 1}")

rm("1 + 1")
# }

Run the code above in your browser using DataCamp Workspace