lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On 01/03/2011 02:05 PM, Alexander Gladysh wrote:

https://github.com/richardhundt/lua-engram

You should warn your library users that it is not safe to load such
data if it comes from untrusted source. Also it is not compatible with
LuaJIT.

Why, it's completely out of scope. Calling engram() returns a function. If the user chooses to dump that function via string.dump(), or load a dumped function from another source, surely the security issues are their concern and not this library's? It's orthogonal.

Again, you don't get a string, you get a function. What you do with that is your concern.

Cheers,
Richard