Re: LunarCGI (was Re: CGI.lua - A native CGI Interface)

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: LunarCGI (was Re: CGI.lua - A native CGI Interface)
From: David Manura <dm.lua@...>
Date: Mon, 4 Jul 2011 15:53:30 -0400

On Mon, Jul 4, 2011 at 8:08 AM, Sebastien Lai <237482@googlemail.com> wrote:
> PS: Since i'm writing LunarCGI all on my own, feedback is highly
> appreciated - tell me what you like and what you don't! It will help.

I rarely use Lua for web programming needs, but a few comments anyway
since you asked...  One concern is that I understand you abandoned
cgilua because you were looking for a more bare bones CGI
implementation in Lua [1].  However, on scanning the code, I see maybe
1/3 devoted to a particular template/caching implementation, which is
not strictly related to CGI.  You might consider placing that in a
separate module for users who want to handle these concerns in another
way.  In fact, the particular template logic may introduce security
holes--e.g. things that make me nervous, without seeing an extensive
test suite, are the loadstring, especially as the sandbox exposes
io/os, and I don't see a function to HTML escape interpolated HTML
output to guard against things like XSS.  Cookie support on your TODO
list is an important addition.  So, like you, I'd rather see a bare
bones CGI implementation that is no more/no less than simple, robust,
and complete.

[1] http://lua-users.org/lists/lua-l/2011-02/msg01309.html

Follow-Ups:
- Re: LunarCGI (was Re: CGI.lua - A native CGI Interface), Sebastien Lai

References:
- Re: LunarCGI (was Re: CGI.lua - A native CGI Interface), Sebastien Lai

Prev by Date: [ANN] Lua 5.2.0 (beta-rc5) now available
Next by Date: Re: [ANN] Lua 5.2.0 (beta-rc5) now available
Previous by thread: Re: LunarCGI (was Re: CGI.lua - A native CGI Interface)
Next by thread: Re: LunarCGI (was Re: CGI.lua - A native CGI Interface)
Index(es):
- Date
- Thread