lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index] 

Also this should be aimed at people who don't need patterns in their
context. Forcing it onto them to learn them just to avoid them is just
a bad idea.

On Thu, Aug 21, 2014 at 8:40 PM, Jonas Thiem <jonasthiem@googlemail.com> wrote:
> Sorry, but this seems to me to be an awful approach to a secure replace().
>
> If I need to collect tons of test cases, make sure all escape
> sequences is valid, and no further characters being valid, I am doing
> work that is BOUND to have a bug or two which can have horrible
> consequences depending on the contest.
>
> Sure, it "educates" me, but it is WAY too complicated and dangerous to
> be recommended as standard practise for a safe replace() to everyone -
> someone WILL screw it up, and why risk that?
>
> It seems a MUCH better idea to me to simply provide one from the
> start, to avoid all those possible pitfalls. Education shouldn't be
> enforced onto people at the risk of safe code. This isn't C, folks.
>
>
> On Thu, Aug 21, 2014 at 8:16 PM, Petite Abeille
> <petite.abeille@gmail.com> wrote:
>>
>> On Aug 21, 2014, at 4:54 PM, Jonas Thiem <jonasthiem@googlemail.com> wrote:
>>
>>> About the %p pattern... I still cannot judge if it is safe for all circumstances.
>>
>> Then find out by, for example, educating yourself about what that pattern means.
>>
>> Reading the documentation might help to get you started:
>>
>> http://www.lua.org/manual/5.2/manual.html#6.4.1
>>
>> • %p: represents all punctuation characters.
>>
>> Then, find out what are all the 'magic characters’, in the same section of the documentation:
>>
>> ^$()%.[]*+-?
>>
>> Then combine your first discovery, the ‘%p’ pattern, with the second one, the '^$()%.[]*+-? ‘ magic characters, and see how they interact for the purpose of escaping them:
>>
>> print( ( '^$()%.[]*+-?' ):gsub( '%p', '%%%1' ) )
>>
>>> %^%$%(%)%%%.%[%]%*%+%-%?
>>
>> What is the above pattern doing? Are all the 'magic characters’ properly escaped? Are all the escape sequences valid? Is this all behaving properly as a ‘plain’  pattern, with no characters being considered magic? Any drawbacks? Any edge cases? Yes? No? Perhaps? Depend?
>>
>> You got plenty of test cases, right?
>>
>> Don’t idly ‘judge’. Learn instead.
>>
>>
>>
>>
>>
>>