Re: [[ inside of a [[ .. ]]

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: [[ inside of a [[ .. ]]
From: Matthew Wild <mwild1@...>
Date: Sat, 4 Apr 2009 23:27:03 +0100

On Sat, Apr 4, 2009 at 11:12 PM, Francio <francio@francio.pl> wrote:
> Hello!
>
<snip>
> And by the way, is this way of concatenating 100% safe of any code
> injections? Can only "]]" end string beginning with "[["?
>

There is no 100% safe way the way you are doing it - whatever you use
for the start have an end marker, and there is always a chance that
this end marker will appear in the user's code.

The correct way is using string.format()'s %q specifier:

Your example would be:
"user_code= " .. string.format("%q", user_code_here) .. "]]"

or better:
string.format("user_code = %q", user_code_here)

Hope this helps.

Follow-Ups:
- Re: [[ inside of a [[ .. ]], Francio
- Re: [[ inside of a [[ .. ]], Luiz Henrique de Figueiredo

References:
- [[ inside of a [[ .. ]], Francio

Prev by Date: [[ inside of a [[ .. ]]
Next by Date: Re: [[ inside of a [[ .. ]]
Previous by thread: [[ inside of a [[ .. ]]
Next by thread: Re: [[ inside of a [[ .. ]]
Index(es):
- Date
- Thread