> I realized that when I was writing my __concat function.
> It also means string tainting will need to be built into the core and
> can not be bolted on using the public API. Since I'm not familiar with
> the inner workings of the core I wanted to know if anybody had done
> something similar before.

You could get away with something like:

-- taint.lua
local newproxy, getmetatable, tostring = newproxy, getmetatable, tostring


local strings = {} -- tainted strings
local tainted = newproxy(true) -- tainted object
local mt = getmetatable(tainted)
mt.__index = function(o, k)
  local s = strings[o]
  if k == "string" then
    return s
    return s.k
mt.__concat = function(o1, o2)
  local s1 = getmetatable(o1) == mt and strings[o1] or o1
  local s2 = getmetatable(o2) == mt and strings[o2] or o2
  return s1 .. s2
mt.__tostring = function(o) return strings[o] end
mt.__len = function(o) return #strings[o] end

function string (s) -- taint s
  local u = newproxy(tainted)
  strings[u] = tostring(s)
  return u

function check (s) -- tainted?
  return getmetatable(s) == mt


