Re: metatables for strings?

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: metatables for strings?
From: Dirk Laurie <dirk.laurie@...>
Date: Sun, 3 May 2015 22:48:04 +0200

2015-05-03 20:38 GMT+02:00 Andrew Starks <andrew.starks@trms.com>:
> On Sunday, May 3, 2015, Nagaev Boris <bnagaev@gmail.com> wrote:
>> On Sun, May 3, 2015 at 5:06 PM, Dirk Laurie <dirk.laurie@gmail.com> wrote:
>> > If the methods were all provided by the sandbox author, who presumably
>> > knows what he is doing, I don't see the problem.
>> >
>>
>> Can a sandbox isolate added string's methods? Can you provide
>> sandboxing function passing this test:
>>
>> string.hack = function() print("Hacked") end
>> code = [[ ("just string"):hack() ]]
>> sandbox(code)
>
> Also, you can use the debug library to discover the caller's environment and
> then call the methods found in the "strings" library of that _ENV or yours,
> if that table is absent.

Are you seriously proposing that a sandbox execute stuff from
the caller's environment? Seriously?

References:
- metatables for strings?, Sam Putman
- Re: metatables for strings?, Nagaev Boris
- Re: metatables for strings?, Sam Putman
- Re: metatables for strings?, Sam Putman
- Re: metatables for strings?, Dirk Laurie
- Re: metatables for strings?, Nagaev Boris
- Re: metatables for strings?, Sam Putman
- Re: metatables for strings?, Dirk Laurie
- Re: metatables for strings?, Nagaev Boris
- Re: metatables for strings?, Dirk Laurie
- Re: metatables for strings?, Nagaev Boris
- Re: metatables for strings?, Andrew Starks

Prev by Date: Re: getmetatable-esque metamethod [Forked from:] metatables for strings?
Next by Date: Re: metatables for strings?
Previous by thread: Re: metatables for strings?
Next by thread: Re: metatables for strings?
Index(es):
- Date
- Thread