[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Access variables in antother Lua state
- From: Jerome Vuarand <jerome.vuarand@...>
- Date: Tue, 19 Apr 2011 12:31:38 +0200
2011/4/19 Marc Balmer <marc@msys.ch>:
> Our webapplications at the moment use Lua to prepare data to be sent to
> the browser and ClearSilver to render webpages, i.e. to mix the data and
> the template.
>
> Now we wrote a new templating system (we call it Lua Templates) which
> could one day replace ClearSilver in our products. For security reasons
> we do not want to run the template renderer in the same Lua state we do
> the data preparation in. Is there a way to access objects from one
> state in another state? Something like proxy tables, that behave like
> normal tables, but actually are store in different state?
>
> The idea is to have the template engine to run in a sandbox of its own,
> preventing access to data and methods the data processing state uses
> (like e.g. DB connections etc.)
>
> Any ideas?
Would the data processing state access data from the templating state,
or the other way around?
If the data processing state is the master one, you can wrap the
templating state (the slave state) in an object (table or userdata)
inside the master state. You can write your own wrapping to have
something tailored to your needs, or you can find a binding of the Lua
C API to Lua (it's been done already, I don't remember the name of the
project).
You can do the same if the master state is the templating one, but in
that direction you have to make sure you only expose whatever data the
templating state has the right to access, which may be tough. A
simpler solution would be to serialize the output of the data
processing state into an intermediate buffer, and let the templating
state parse that buffer. You can use Lua itself as the data format for
the buffer, since it already can represent most Lua values in textual
form.
