Using locals() and format() method for strings: are there any caveats?

There is now an official way to do this, as of Python 3.6.0: formatted string literals.

It works like this:

f'normal string text {local_variable_name}'

E.g. instead of these:

"hello %(name) you are %(age) years old" % locals()"hello {name} you are {age} years old".format(**locals())"hello {name} you are {age} years old".format(name=name, age=age)

just do this:

f"hello {name} you are {age} years old"

Here's the official example:

>>> name = "Fred">>> f"He said his name is {name}."'He said his name is Fred.'>>> width = 10>>> precision = 4>>> value = decimal.Decimal("12.34567")>>> f"result: {value:{width}.{precision}}"  # nested fields'result:      12.35'

Reference:

• Python 3.6 What's New
• PEP 498
• Lexical analysis description

If the format string is not user-supplied, this usage is okay.

format is preferred over using the old % for string substitution.
locals is built-in to Python and its behavior will be reliable.

I think locals does exactly what you need.
Just don't modify the dictionary from locals and I would say you have a pretty good solution.

If the format string is user-supplied, you are susceptible to injection attacks of all sorts of badness.

Pre Python 3.6 answer

This is very old, but if you find yourself using .format the one caveat I have encountered with passing in **locals is that if you don't have that variable defined anywhere, it will break. Explicitly stating what variables are passed in will avoid this in most modern IDEs.

foo = "bar""{foo} and {baz} are pair programming".format(**locals())<exception occurs>