[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: metatables for strings?
- From: Dirk Laurie <dirk.laurie@...>
- Date: Sun, 3 May 2015 22:48:04 +0200
2015-05-03 20:38 GMT+02:00 Andrew Starks <andrew.starks@trms.com>:
> On Sunday, May 3, 2015, Nagaev Boris <bnagaev@gmail.com> wrote:
>> On Sun, May 3, 2015 at 5:06 PM, Dirk Laurie <dirk.laurie@gmail.com> wrote:
>> > If the methods were all provided by the sandbox author, who presumably
>> > knows what he is doing, I don't see the problem.
>> >
>>
>> Can a sandbox isolate added string's methods? Can you provide
>> sandboxing function passing this test:
>>
>> string.hack = function() print("Hacked") end
>> code = [[ ("just string"):hack() ]]
>> sandbox(code)
>
> Also, you can use the debug library to discover the caller's environment and
> then call the methods found in the "strings" library of that _ENV or yours,
> if that table is absent.
Are you seriously proposing that a sandbox execute stuff from
the caller's environment? Seriously?
- References:
- metatables for strings?, Sam Putman
- Re: metatables for strings?, Nagaev Boris
- Re: metatables for strings?, Sam Putman
- Re: metatables for strings?, Sam Putman
- Re: metatables for strings?, Dirk Laurie
- Re: metatables for strings?, Nagaev Boris
- Re: metatables for strings?, Sam Putman
- Re: metatables for strings?, Dirk Laurie
- Re: metatables for strings?, Nagaev Boris
- Re: metatables for strings?, Dirk Laurie
- Re: metatables for strings?, Nagaev Boris
- Re: metatables for strings?, Andrew Starks