LÖVE

Hi guys,

I'm planning on developing a little 2d sidescroller, where a robot has to make his way through obstacles, enemies, pitfalls, etc.
However, instead of the user directly controlling the robot, he must write a lua script file, which invokes some void functions such as: goLeft(), goRight(), jump(), etc.

I thought about doing this using lua's 5.1 "loadstring" or "loadfile" and then evaluating the string/file, but how should I stop the user from calling something "os.remove("c:/windows/system32")" or accidentally incrementing the delta-time variable dt or in any way write a harmful script?

What I'm really asking is how can I create a sandbox in which interaction is possible only with my robot module and not the os module or the love module etc.

This might seem as a noob question, but seeing how i am no love/lua guru I'll ask it anyway.

Thanks.

first of all: thats not a noob question
second of all: id recommend something like making your own API and making sure the user cant use anything else. (Eg. robot.wait(time) or robot.left() work, but love.timer.sleep(time) and love.graphics.print() wouldnt work)
Personally i would do something like check the code with love.filesystem before running it to check for potentially harmful code.

Do you perhaps have any links on how to create such an api in lua?
I'm not lazy and already googled similar articles, but if you know of any websites on this topic I would be grateful.

AFAIK its as simple as creating a table and putting functions in them.

For example: All 4 methods do the same thing, but I'm just showing different ways to express it.

I can still look for a tutorial if you like

I see where you are going, but how will this help me if the user decides to write something like this in his script:
What i want is to let the user have the most out of lua, but restrict the use certain modules, especially os, io and love (somehow declare them as unsafe).

I'm currently looking into sandboxes, but they seem a tad overkill for what i'm trying to achieve

That's what setfenv is for.

You can also try SELÖVE, which is probably the most secure way to run LÖVE games (this will put your whole game in a sandbox, not just the user-controlled part).

Robin wrote:You can also try SELÖVE, which is probably the most secure way to run LÖVE games (this will put your whole game in a sandbox, not just the user-controlled part).

Hmm, i was unaware that this existed. It defiantly sounds like a good idea to place the entire application into a sandbox, I'll look into it right now.