Re: unescape lua string (opposite of %q)

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

• Subject: Re: unescape lua string (opposite of %q)
• From: Shmuel Zeigerman <shmuz@...>
• Date: 2010年6月06日 13:16:09 +0300

---

HyperHacker wrote:

On Sat, Jun 5, 2010 at 01:06, Jonathan Castello<twisolar@gmail.com> wrote:

function reverse_q(str)
 str = str:gsub([[\?"]], [[\"]])
 return (assert(loadstring("return \"" .. str .. "\""))())
end

Anything using loadstring is going to introduce security issues if
someone manages to break out of your string.

The above function is not fully correct but it is 100% secure. No input can cause the execution of 'str' itself.

--
Shmuel

---

• Follow-Ups:
  • Re: unescape lua string (opposite of %q), Erik Lindroos

• References:
  • unescape lua string (opposite of %q), Graham Wakefield
  • Re: unescape lua string (opposite of %q), Luiz Henrique de Figueiredo
  • Re: unescape lua string (opposite of %q), Jonathan Castello
  • Re: unescape lua string (opposite of %q), Luiz Henrique de Figueiredo
  • Re: unescape lua string (opposite of %q), Jonathan Castello
  • Re: unescape lua string (opposite of %q), Ricardo Ramos Massaro
  • Re: unescape lua string (opposite of %q), Jonathan Castello
  • Re: unescape lua string (opposite of %q), HyperHacker

• Prev by Date: luasocket sending mail
• Next by Date: Re: unescape lua string (opposite of %q)
• Previous by thread: Re: unescape lua string (opposite of %q)
• Next by thread: Re: unescape lua string (opposite of %q)
• Index(es):
  • Date
  • Thread