
On Aug 8, 2016 2:56 PM, "nobody" <nobody+lualist@afraberlin.de> wrote:
>
> (I strongly suspect this is known and I think I've seen this before
> somewhere but couldn't find it in the archive... so here goes (again?):)
>
> Lua 5.3 and 5.2 accept this (Lua 5.1/LuaJIT don't):
>
> _=0_=1._=2local y x=3goto foo x=4while y do end x=5repeat x=6return
> 7until x::foo::if 8then x=9print'"valid" syntax!'end
>
> Specifically, any char that cannot be part of the number implicitly ends
> the token. (That is, the expected ones (space/symbols) *plus* [gzGZ_]
> with the exception of (1) [xX] in initial '0x' or '0X' (but after two
> digits like 00x or 00X it's a "valid" boundary again), and (2) [pP] for
> hex literals where an exponent might follow.) Compare
> llex.c/read_numeral [1] for the details.
>
> While it exists, it's a nice code golfing tool:
>
> u,v,w,x,y,z=1,2,3,4,5,6
> u=1v=2w=3x=4y=5z=6
>
> m=1n=1repeat print(m/n)m,n=m+n,m until m<0
>
> Whether it's worth break^Wfixing is debatable... the simplest fix is
> clearly "just don't write it like that!"
>
>  Marco
>
> [1]: https://www.lua.org/source/5.3/llex.c.html#read_numeral
>
I wonder how many lexers/linters/highlighters wouldn't parse that correctly. Wouldn't be surprised if there's a security flaw in some piece of software that tries to filter code... (not that that's the right way to secure anything, anyway)