Hi all,<div><br></div><div>As discussed a while ago on https://github.com/pandoc/lua-filters/issues/207#issuecomment-1067959808 and said in Pandoc's manual, running Lua filters downloaded from internet is a security risk as Pandoc is run with full privileges.&nbsp;</div><div><br></div><div>But doesn't all the risk only comes for Lua's `os` module (and perhaps io?), which few filters actually use? If so, would it be possible for Pandoc to run Lua filters without this module, providing an alternative flag (something like --lua-filter-safe) to run a filter safely?</div><div><br></div><div>J</div>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &quot;pandoc-discuss&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="mailto:pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org">pandoc-discuss+unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org</a>.<br />
To view this discussion on the web visit <a href="https://groups.google.com/d/msgid/pandoc-discuss/13cd1f3a-bc26-49cf-a7df-ec8d56fcf05an%40googlegroups.com?utm_medium=email&utm_source=footer">https://groups.google.com/d/msgid/pandoc-discuss/13cd1f3a-bc26-49cf-a7df-ec8d56fcf05an%40googlegroups.com</a>.<br />