1
0
mirror of https://github.com/20kdc/OC-KittenOS.git synced 2024-12-27 03:18:06 +11:00
OC-KittenOS/repository/docs/ul-seria
2018-04-12 00:38:49 +01:00

71 lines
1.9 KiB
Plaintext

The "serial" library is a library to
serialize and deserialize Lua values
in a relatively safe* manner.
* Serialization cannot handle a
recursive loop correctly,
and may error() if certain values
are passed to it.
The deserialization has unbounded
time and memory only limited by
the host. It is possible to kill
a process indirectly via a
poisonous file, but it is not
possible to directly break the
sandbox without Lua interpreter
bugs.
It is not recommended to use serial
for data that is not from a known
source, but it is not dangerous to
system security (but certainly to
stability) to use it for other
data so long as no function that
originated from the data is ever
executed with objects that can be
used to elevate privilege.
(In other words, don't call any
function if you can't tell where it
came from. This should be obvious.)
The serial library has merely two
functions available to it.
serialize(val):
Returns the serialized data as a
string. The serialized data will
be in the form of "return ",
followed by a Lua 5.2-parsable
value of some sort.
If dealing with the 3DM format or
other formats that don't just
accept we're clearly loading Lua
code here, the recommendation is
to perform :sub(8).
deserialize(str):
Deserializes "str" by executing it
in a limited environment and
grabbing the return value.
If dealing with the 3DM format or
other formats that don't just
accept we're clearly loading Lua
code here, please prefix str with
"return ".
Returns the deserialized data as a
Lua value.
A value of nil is an ambiguity:
it could be the actual data, or it
could be a deserialization error.
Check for this situation by reading
the second returned value.
If it is not nil, deserialization
failed with the given error.
-- This is released into
the public domain.
-- No warranty is provided,
implied or otherwise.