Embrace Chaos

Many programmers tend to avoid meta-characters in contexts where they are not necessary. This strategy sometimes saves them from needing to implement escaping logic to circumvent the special meaning of those characters. On the downside, the result are often programs that carry security leaks when encountering input containing those characters.

To reduce this risk to a minimum, an alternative strategy is to actually embrace the chaos created by using those "dangerous" characters in many places, so the application breaks early in the development process when it is lacking escaping logic, and not late when it possibly is already deployed in a critical environment.

Wouldn't "embracing" entail making the app accept them somehow rather than "break early"? It's not clear to me what "embrace" is here.

Thinking of the application as a fixed product, the term "embrace" doesn't fit. When observing the continuous development process, however, it becomes clear that the raised chance of weird meta-character effects is embraced as a part of the process.

[The title of this page implies a general principle, yet the content is very specific. Perhaps either (a) title change is warranted, or (b) the above should be introduced as a specific example of an as-yet-undescribed general principle?]

Maybe general principle can actually be derived from the example. It is about how programmers cope with collisions (be it meta-characters, be it reserved words, be it identifiers, be it addresses). Not avoiding the collisions with meta-characters leads to designs with more robust escaping, not avoiding collisions with identifiers leads to proper namespace mechanisms. Maybe even more examples could be found.

EmbraceChaos, in a programming environment means to me: "do not avoid disorder and disorganization, simply deal with".

TryLikePages