Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: Improve String concatenation best practice #3553

Open
wants to merge 1 commit into
base: 2.x
Choose a base branch
from
Open

docs: Improve String concatenation best practice #3553

wants to merge 1 commit into from

Conversation

ppkarwasz
Copy link
Contributor

This change splits the "don't use String concatenation" best practice into two parts:

  • A recommendation concerning performance: string concatenation is not efficient if the logger is off.
  • A security recommendation: format string must be constants to prevent {} placeholder injection.

The ${dangerousLookup} part of the example is removed, since lookups are not executed since version 2.15.0

@ppkarwasz
Improve String concatenation best practice
1b68b3d 
This change splits the "don't use String concatenation" best practice into two parts:

- A recommendation concerning performance: string concatenation is not efficient if the logger is off.
- A security recommendation: format string must be constants to prevent `{}` placeholder injection.

The `${dangerousLookup}` part of the example is removed, since lookups are not executed since version `2.15.0`
@ppkarwasz ppkarwasz changed the title docsImprove String concatenation best practice docs: Improve String concatenation best practice Mar 19, 2025
vy
vy reviewed Mar 21, 2025
View reviewed changes
src/site/antora/modules/ROOT/partials/manual/api-best-practice-dont-use-string-concat.adoc
+
[source,java]
----
/* GOOD */ LOGGER.info(() -> "failed for user ID: " + userId);
Copy link
Member

@vy vy Mar 21, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ppkarwasz, I think this is a foot gun. It'd be very hard to distinguish for inexperienced users, which is the chief audience of this guide, why it is fine to do string concatenation here, whereas before it was not. IMHO, this should not be supported by the API in the first place, but anyway. In short, unless you strongly object, can we remove this part, please?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vy vy vy left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ppkarwasz @vy