lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

On Mon, Jul 4, 2011 at 8:08 AM, Sebastien Lai <> wrote:
> PS: Since i'm writing LunarCGI all on my own, feedback is highly
> appreciated - tell me what you like and what you don't! It will help.

I rarely use Lua for web programming needs, but a few comments anyway
since you asked...  One concern is that I understand you abandoned
cgilua because you were looking for a more bare bones CGI
implementation in Lua [1].  However, on scanning the code, I see maybe
1/3 devoted to a particular template/caching implementation, which is
not strictly related to CGI.  You might consider placing that in a
separate module for users who want to handle these concerns in another
way.  In fact, the particular template logic may introduce security
holes--e.g. things that make me nervous, without seeing an extensive
test suite, are the loadstring, especially as the sandbox exposes
io/os, and I don't see a function to HTML escape interpolated HTML
output to guard against things like XSS.  Cookie support on your TODO
list is an important addition.  So, like you, I'd rather see a bare
bones CGI implementation that is no more/no less than simple, robust,
and complete.