I like the ideas expressed but I'd rather see them enforced by the language than by coding convention. For example to simulate type checking you could prefix _typename onto each of your variable names. Then<p>i_int += j_filehandle<p>would stick out as wrong. But luckily many languages support type checking so we don't have to do it in those languages!<p>I wonder is it possible to avoid mixing safe and unsafe strings (for example) using some new language feature (or a new use of an old one)?
Well, my first thought would be using macros to ensure you never have 'unsafe' strings anywhere.<p>But, for some inexplicable reason, Joel says "Don’t use macros to create your own personal programming language."<p>How is using macros to encapsulate common functionality any different than using functions to encapsulate common functionality? Both lead to less mental overhead, more code reuse, and code that's easier to parse.
I don't quite buy his argument about why we need to keep things in unsafe format for a while. If that credit card app can't handle HTML-encoded stuff, how would it handle evil javascript?