clarified mypy vs. literalstring

thomasWeise · thomasWeise · commit 9d794c1841c2 · 2025-03-05T09:28:30.000+08:00
diff --git a/bookbase b/bookbase
@@ -1 +1 @@
-Subproject commit 65e80ebde3bf093bc7c07b5bd567ede85bca8a23
+Subproject commit c33e580ae30c704cf5db5d724af17f9b7bad6224
diff --git a/text/main/basics/variables/typesAndTypeHints/typesAndTypeHints.tex b/text/main/basics/variables/typesAndTypeHints/typesAndTypeHints.tex
@@ -268,7 +268,8 @@
 Such attacks can be prevented if the queries to \dbs\ are never dynamically constructed by the likes of \pglspl{fstring} but instead are always defined as string constants.
 \python\ supports the type~\pythonilIdx{LiteralString} for string constants~\cite{PEP675}.
 Implementations of the \python\ \db\ \pgls{API}, such as \psycopg~\cite{VDGE2022PPDAFP:ST}, can be annotated to only accept such strings.
-Hence, a type checker like \mypy\ would detect and complain if you would try to dynamically construct queries, thus preventing \pglspl{SQLi} -- but only if you use it\dots%
+Hence, a type checker could detect and complain if you would try to dynamically construct queries, thus preventing \pglspl{SQLi} -- but only if you use it\dots
+At the time of this writing, \mypy\ does not yet support this functionality, though~\cite{ZDWVSLS2022I1SP6L,VDGE2022PPDAFP:ST}.
 %
 \FloatBarrier%
 \endhsection%
