lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


HyperHacker wrote:
On Sat, Jun 5, 2010 at 01:06, Jonathan Castello<twisolar@gmail.com>  wrote:
function reverse_q(str)
  str = str:gsub([[\?"]], [[\"]])
  return (assert(loadstring("return \"" .. str .. "\""))())
end

Anything using loadstring is going to introduce security issues if
someone manages to break out of your string.

The above function is not fully correct but it is 100% secure. No input can cause the execution of 'str' itself.

--
Shmuel