[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: metatables for strings?
- From: Nagaev Boris <bnagaev@...>
- Date: Sun, 3 May 2015 17:40:46 +0000
On Sun, May 3, 2015 at 5:06 PM, Dirk Laurie <dirk.laurie@gmail.com> wrote:
> 2015-05-03 18:40 GMT+02:00 Nagaev Boris <bnagaev@gmail.com>:
>> On Sun, May 3, 2015 at 4:35 PM, Dirk Laurie <dirk.laurie@gmail.com> wrote:
>>>
>>> You can put a function in the "string" table and it will immediately
>>> be callable with object-oriented syntax on a string object just like
>>> str:format etc. Since the first argument is provided, that function
>>> can itself pick out a submethod from a table of functions.
>>>
>>
>> Changing global metatable of all strings does not sound good. If all
>> strings had same methods, then methods added to UrlString, would also
>> be available to normal strings. It is confusing and it breaks idea of
>> sandboxes, because sandboxed code can apply UrlString's methods to
>> malicious strings.
>
> If the methods were all provided by the sandbox author, who presumably
> knows what he is doing, I don't see the problem.
>
Can a sandbox isolate added string's methods? Can you provide
sandboxing function passing this test:
string.hack = function() print("Hacked") end
code = [[ ("just string"):hack() ]]
sandbox(code)
--
Best regards,
Boris Nagaev
- References:
- metatables for strings?, Sam Putman
- Re: metatables for strings?, Nagaev Boris
- Re: metatables for strings?, Sam Putman
- Re: metatables for strings?, Sam Putman
- Re: metatables for strings?, Dirk Laurie
- Re: metatables for strings?, Nagaev Boris
- Re: metatables for strings?, Sam Putman
- Re: metatables for strings?, Dirk Laurie
- Re: metatables for strings?, Nagaev Boris
- Re: metatables for strings?, Dirk Laurie