lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index] 


> On Dec 13, 2018, at 2:09 PM, David Favro <lua@meta-dynamic.com> wrote:
> 
> 
> Yes, I kind of assumed that, perhaps I was being a little rhetorical, but I don't think that "non-quotable" is remotely an accurate description of such a string, not what people would normally assume that the phrase means, even in the context of a mailing-list thread on long-strings.  And, while I've no idea what Egor meant about vulnerabilities surrounding them, I am imagining some kind of issue with a serialization library that tries to represent strings in the VM as Lua string literals for external storage being fed unquotable strings.  In my experience, such libraries don't use long-strings and I don't think that string.format()'s %q does either.  My point being that *any* string can be represented as a "quoted" Lua string literal, so I still ask for clarification what does "non-quotable" mean in this context, and why would such a string pose a vulnerability?
> 

The official Lua term for these is “long format literal strings” (Lua Ref Manual 5.3). And +1 that with appropriate escaping both long and non-long (short?) literals can represent any sequence of bytes.

—Tim