Embed a string directly into error details without wrapping punctuation.
To avoid injection attacks that exploit quoting confusion, this must NEVER
be used with data that is possibly attacker-controlled.
As a further safeguard, we fall back to quoting any input that is not a
string of sufficiently word-like parts separated by isolated spaces (rather
than throwing an exception, which could hide the original problem for which
explanatory details are being constructed---i.e., assert.details`...`
should never be the source of a new exception, nor should an attempt to
render its output, although we could instead decide to handle the latter
by inline replacement similar to that of bestEffortStringify for producing
rendered messages like (an object) was tagged "[Unsafe bare string]").
Embed a string directly into error details without wrapping punctuation. To avoid injection attacks that exploit quoting confusion, this must NEVER be used with data that is possibly attacker-controlled. As a further safeguard, we fall back to quoting any input that is not a string of sufficiently word-like parts separated by isolated spaces (rather than throwing an exception, which could hide the original problem for which explanatory details are being constructed---i.e.,
assert.details`...`should never be the source of a new exception, nor should an attempt to render its output, although we could instead decide to handle the latter by inline replacement similar to that ofbestEffortStringifyfor producing rendered messages like(an object) was tagged "[Unsafe bare string]").