|
On 01/03/2011 02:05 PM, Alexander Gladysh wrote:
https://github.com/richardhundt/lua-engramYou should warn your library users that it is not safe to load such data if it comes from untrusted source. Also it is not compatible with LuaJIT.
Why, it's completely out of scope. Calling engram() returns a function. If the user chooses to dump that function via string.dump(), or load a dumped function from another source, surely the security issues are their concern and not this library's? It's orthogonal.
Again, you don't get a string, you get a function. What you do with that is your concern.
Cheers, Richard