[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: config-file for a config-language: where the cat meet its tail ?!?
- From: steve donovan <steve.j.donovan@...>
- Date: Sat, 14 Jul 2012 11:54:39 +0200
On Sat, Jul 14, 2012 at 11:36 AM, Dirk Laurie <dirk.laurie@gmail.com> wrote:
> If you trust the code,
>
> dofile "config.lua"
>
> If you don't trust it: <http://lua-users.org/wiki/SandBoxes>
That puts it in a nutshell - but there are advantages to loading using
a custom environment, as Rena says. The resulting file may have no
curly brackets at all, since all assignments are _within_ the
environment.
Bullet-proofing is hard. Have a look at Penlight's 'pretty' module;
read() and load()
https://github.com/stevedonovan/Penlight/blob/master/lua/pl/pretty.lua
These functions have a paranoid mode in which they try to trap any
attempt to set up loops. They also suppress the default string
metatable temporarily so that people can't call potentially dangerous
string methods. This code works for both Lua 5.1 and 5.2, which have
somewhat different load methods.
(If anybody knows of a way to break the sandbox here, I'd be happy to hear)
steve d.
