[q] web-safe loadstring

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: [q] web-safe loadstring
From: "V S P" <toreason@...>
Date: Fri, 17 Oct 2008 11:08:18 -0400

Hi, 
in my domain-specific language that I have developed in Lua/LPeg
I allow users to execute code (typically for the things I do not support
yet
in my language)
using Lua's loadstring.

I would like to set up the environment such that the users cannot
'execute' something that would be able to read/write to the host's
operating system.

I am thinking that I somehow have to override all the io and print
functions.

would like to ask, if there is a standard mechanism for doing something
like that, or may be there is a way to provide a 'context' for the
loadstring
such that the context can contain only Table objects that I woudl allow
users to access

I am still in early stages of this design, so I appologize in advance if
my question is too vague.


-- 
  V S P
  toreason@fastmail.fm

-- 
http://www.fastmail.fm - Or how I learned to stop worrying and
                          love email again

Follow-Ups:
- Re: [q] web-safe loadstring, Thomas Harning
- Re: [q] web-safe loadstring, Luiz Henrique de Figueiredo
- Re: [q] web-safe loadstring, Roberto Ierusalimschy
- Re: [q] web-safe loadstring, Philippe Lhoste

Prev by Date: Re: string.sub and __call metamethod
Next by Date: Re: [q] web-safe loadstring
Previous by thread: [ANN] luabind 0.7.1 released
Next by thread: Re: [q] web-safe loadstring
Index(es):
- Date
- Thread