Editing String literal (section)

== Embedding source code in string literals ==

Languages that lack flexibility in specifying string literals make it particularly cumbersome to write programming code that generates other programming code. This is particularly true when the generation language is the same or similar to the output language.

For example:
* writing code to produce [[Quine (computing)|quine]]s
* generating an output language from within a [[web template]];
* using [[XSLT]] to generate XSLT, or [[SQL]] to generate more SQL
* generating a [[PostScript]] representation of a document for printing purposes, from within a document-processing application written in [[C (programming language)|C]] or some other language.

Nevertheless, some languages are particularly well-adapted to produce this sort of self-similar output, especially those that support multiple options for avoiding delimiter collision.

Using string literals as code that generates other code may have adverse security implications, especially if the output is based at least partially on untrusted user input. This is particularly acute in the case of Web-based applications, where malicious users can take advantage of such weaknesses to subvert the operation of the application, for example by mounting an [[SQL injection]] attack.