Re: unescape lua string (opposite of %q)

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: unescape lua string (opposite of %q)
From: Ricardo Ramos Massaro <ricardo.massaro@...>
Date: Sat, 5 Jun 2010 08:56:05 -0300

On Sat, Jun 5, 2010 at 8:43 AM, HyperHacker <hyperhacker@gmail.com> wrote:
> Anything using loadstring is going to introduce security issues if
> someone manages to break out of your string.

True. This reverse_q() works well if you *know* its input was
generated by string.format("%q"), but probably doesn't do what the
user wants in other cases, for example:

reverse_q([[\\" .. os.exit() --]])

(Of course, such a string can never be generated by string.format("%q", ...).)

-Ricardo

References:
- unescape lua string (opposite of %q), Graham Wakefield
- Re: unescape lua string (opposite of %q), Luiz Henrique de Figueiredo
- Re: unescape lua string (opposite of %q), Jonathan Castello
- Re: unescape lua string (opposite of %q), Luiz Henrique de Figueiredo
- Re: unescape lua string (opposite of %q), Jonathan Castello
- Re: unescape lua string (opposite of %q), Ricardo Ramos Massaro
- Re: unescape lua string (opposite of %q), Jonathan Castello
- Re: unescape lua string (opposite of %q), HyperHacker

Prev by Date: Re: unescape lua string (opposite of %q)
Next by Date: Re: unescape lua string (opposite of %q)
Previous by thread: Re: unescape lua string (opposite of %q)
Next by thread: Re: unescape lua string (opposite of %q)
Index(es):
- Date
- Thread