lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On 1/9/13, Robert Virding <robert.virding@erlang-solutions.com> wrote:
> Yes, there are really two issues (at least) which have been conflated here:
> the SYNTAX of the data representation and how it is to be "parsed". These
> are two separate issues. It seems like there is a feeling that if it looks
> like Lua then we can just execute it and get out the data structure. IMAO
> that is where the problem lies and I wouldn't trust it even with expert
> sandboxing.
>
> I have nothing against using a Lua based syntax for data transfer but I
> wonder if it isn't already too late to do anything about JSON.
>

Just a thought and I don't actually know the answer (haven't done this
myself). Doesn't LPeg + Leg have the capability to read Lua tables
from Lua source code avoiding the untrusted execution problem
(parsing) while getting to keep proper/formal Lua syntax? Then I
suppose as an optimization, anything that can be considered trusted
could optionally be allowed to use the execution path.


Thanks,
Eric
-- 
Beginning iPhone Games Development
http://playcontrol.net/iphonegamebook/