Feature request: formatter that uses glue_safe() instead of glue()

[terashim]

Though glue() is a powerful tool to format text messages, it can cause vulnerabilities when you use it with untrusted data. For example, if a Shiny app uses formatter_glue() to log its user input parameter, an attacker can execute arbitrary R code on the server by submitting malicious data.

glue_safe() is designed to handle untrusted data safely in such a case. It does not execute R code but substitutes variable names by their values.

It would be great if we could choose a formatter that uses glue_safe() instead of glue() to avoid security problems.

[daroczig]

Thanks, this is a great idea! Would you be open to creating a PR for introducing formatter_glue_safe? I will also try to look into this.

[terashim]

Thank you. I created the PR #113.

[daroczig]

merged via #126 -- thanks!!!