[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Static validation of Lua String Patterns?
- From: steve donovan <steve.j.donovan@...>
- Date: Sat, 22 Apr 2017 13:18:16 +0200
On Sat, Apr 22, 2017 at 11:46 AM, Dirk Laurie <firstname.lastname@example.org> wrote:
> I.e. you should do "pcall(string.match,str,pat)" instead of str:match(pat)
> whenever either "str" or "pat" is not under your control.
Well, there is just the original C string matching code (lifted
carefully using a MIT license) and so the Rust equivalent would be
'all matches may fail with an error'. Currently it's just panicking
which is bad, man. Not too bad really, but if I had static validation
then I _know_ the matcher will not fail - and so you would fail up
front when making the matcher struct, rather than any match on that
Excellent, sir! Required reading for anybody passing around unescaped SQL.