[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: unescape lua string (opposite of %q)
- From: Shmuel Zeigerman <shmuz@...>
- Date: Sun, 06 Jun 2010 13:16:09 +0300
On Sat, Jun 5, 2010 at 01:06, Jonathan Castello<email@example.com> wrote:
str = str:gsub([[\?"]], [[\"]])
return (assert(loadstring("return \"" .. str .. "\""))())
Anything using loadstring is going to introduce security issues if
someone manages to break out of your string.
The above function is not fully correct but it is 100% secure. No input
can cause the execution of 'str' itself.