Re: unescape lua string (opposite of %q)

Subject: Re: unescape lua string (opposite of %q)
From: Shmuel Zeigerman &lt;shmuz@ ... &gt;
Date: Sun, 06 Jun 2010 13:16:09 +0300

lua-l archive

HyperHacker wrote:

On Sat, Jun 5, 2010 at 01:06, Jonathan Castello<twisolar@gmail.com>  wrote:

function reverse_q(str)
  str = str:gsub([[\?"]], [[\"]])
  return (assert(loadstring("return \"" .. str .. "\""))())
end


Anything using loadstring is going to introduce security issues if
someone manages to break out of your string.

The above function is not fully correct but it is 100% secure. No inputcan cause the execution of 'str' itself.


--
Shmuel

References:
- unescape lua string (opposite of %q), Graham Wakefield
- Re: unescape lua string (opposite of %q), Luiz Henrique de Figueiredo
- Re: unescape lua string (opposite of %q), Jonathan Castello
- Re: unescape lua string (opposite of %q), Luiz Henrique de Figueiredo
- Re: unescape lua string (opposite of %q), Jonathan Castello
- Re: unescape lua string (opposite of %q), Ricardo Ramos Massaro
- Re: unescape lua string (opposite of %q), Jonathan Castello
- Re: unescape lua string (opposite of %q), HyperHacker