Token Request Parameterization

load is still available. — Likewise, the debug library is still available as an attack vector too. Tension: many assumptions about Lua don't hold anymore; it can be abused to gain access to otherwise inaccessible variables. Outcome: or to trigger undefined behavior in the interpreter. | load is still available. — if I set os and io to nil before running the script. Tension: This will allow loading malicious bytecode. Outcome: Likewise, the debug library is still available as an attack vector too. | load is still available. — if I set os and io to nil before running the script. Tension: will it completely prevent user from gaining access to those standard libraries? Outcome: This will allow loading malicious bytecode.