[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Best way to set a lua table from a parser written in C
- From: Silas Silva <silasdb@...>
- Date: Thu, 28 Oct 2010 18:29:01 -0200
On Thu, Oct 28, 2010 at 01:53:53PM -0600, HyperHacker wrote:
> On Thu, Oct 28, 2010 at 13:35, Luiz Henrique de Figueiredo
> This looks like something you could parse fairly trivially into Lua
> code like [[ square "square_name" {x=20, y=30...} ]], and then pass to
> luaL_dostring(). (This is valid syntax as long as square() returns
> another function for the table to be passed to). Just watch for the
> possibility of an injection attack if anyone is still creating files
> in this format.
That is exactly what I was thinking about. I'm not familiar with the
API, but I knew luaL_dostring().
Also, without loading some libraries (without using luaopen_io() and
cousins) it wouldn't be more secure to run non-trusted code? Of course
I want to make the parser not to generate dangerous code, but not using
some libraries would be a plus. :-)
(I just saw that there is luaopen_table(), so it might be table
functions that make table manipulation easy).
Thank you!
--
Silas Silva
