From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.text.pandoc/30691 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Albert Krewinkel Newsgroups: gmane.text.pandoc Subject: Re: Custom readers and writer paths Date: Mon, 06 Jun 2022 19:41:06 +0200 Message-ID: <874k0xpszm.fsf@zeitkraut.de> References: Reply-To: pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="21927"; mail-complaints-to="usenet@ciao.gmane.io" To: pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org Original-X-From: pandoc-discuss+bncBCZJF7XJTILRBAME7GKAMGQE3DDSACY-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org Mon Jun 06 20:05:58 2022 Return-path: Envelope-to: gtp-pandoc-discuss@m.gmane-mx.org Original-Received: from mail-wr1-f59.google.com ([209.85.221.59]) by ciao.gmane.io with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1nyH6z-0005TZ-Sx for gtp-pandoc-discuss@m.gmane-mx.org; Mon, 06 Jun 2022 20:05:57 +0200 Original-Received: by mail-wr1-f59.google.com with SMTP id m18-20020adff392000000b0021848a78a53sf538476wro.19 for ; Mon, 06 Jun 2022 11:05:57 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1654538757; cv=pass; d=google.com; s=arc-20160816; b=q2kft1WY4Nuf4kgZ3DE7xXAy+6ChJE2aP1xP9Ta8IThdn2s2WFIeW8HC0tnnqXVfJs o7ijY2QNpniRWVDT1Nrrdlb/Nja5YSPzDFHskYM+dgOg5C1LMjYYFwXnsizqRAJEUcLx dn+1CwhhccshQg+PBdIGqzeI/bVuyDEea8NxlRMSRhyyBNRjmG1aqrro24gVCT8Oj4Rd 9NNU3d57nfTFwTNELqI13lxioFQzQEUk//wuaPndW7CnxN6LAHKDrAs/mhVcoGcxbq9A Ffqi7xqn3tFEovDbhlerSIOUvX5MjgAqm/DDfnvL8UnSAhz6gvRvi4siwLHXx3xktNIE CEOQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:message-id :in-reply-to:date:subject:to:from:references:sender:dkim-signature; bh=u7+nYbJw+WoRPF0bZZaUrPmVdiNI5cRaseoFI7qdFRs=; b=Z0Z+ToqrV9+b65gseuMLcp668jiGKrgdF1lUP+5qZ4+V3ZUqtxNwtYMFlQv9KAKrzZ jWzWXAvQZE+ebDkeVMQRRhDJhoHc8VwKa1l/4TmezpJqSv9S5UFVIoT/ODewD7jpJdTw GZ4vKL9JGyPMuEeR9waCaHvsbfx5bSbIfyukfjL34nBSaJod7s92uW2gTdaEGBdU9ujr tRi2Nl0tb0uq8WwDdZRtUCu3IUVHba5U9KcJChneK+VESXEyY96vGZwIyLsFxZGl5wwd U2J5FdfiwQy1BXaKgdts72bQKPo3gpQWu9KDV8sU4/86tWNhKKBhI9/MPozVfVUJDTcD 2CFg== ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of albert+pandoc-9EawChwDxG8hFhg+JK9F0w@public.gmane.org designates 2001:67c:2050:0:465::202 as permitted sender) smtp.mailfrom=albert+pandoc-9EawChwDxG8hFhg+JK9F0w@public.gmane.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20210112; h=sender:references:from:to:subject:date:in-reply-to:message-id :mime-version:x-original-sender:x-original-authentication-results :reply-to:precedence:mailing-list:list-id:list-post:list-help :list-archive:list-subscribe:list-unsubscribe; bh=u7+nYbJw+WoRPF0bZZaUrPmVdiNI5cRaseoFI7qdFRs=; b=KV5yHo43K4ZxLT+57XD54G+6WyACzEbcLAS9Yvyg8ibDXdCVthI7cpN9kQWSvVSKZr WGO9v1kMwY86ZklGfzl/J2QG4I+Imch+eftJWfwvAai1ovZATmiV9yvh29LqcrOber7Q 32P2vUqBLl4/6l0OGCvoYybEec4mn9v8CKJXqz9tnYlPzknELX1T4twL8RQGYFRevO/s NdlBziJ//j4lm/6Q28M4YSMmq5gvDCgcUYCHKu48Ae9RLvL0674C3tFiU6OBk4NWWqaX /FqkSP9LEyuyhR6CaQHzVLPuZCMFCymPaRjM6YfIAq6WcyBtaRDrZBezP+46OX9+jyIw Gj4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=sender:x-gm-message-state:references:from:to:subject:date :in-reply-to:message-id:mime-version:x-original-sender :x-original-authentication-results:reply-to:precedence:mailing-list :list-id:x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=u7+nYbJw+WoRPF0bZZaUrPmVdiNI5cRaseoFI7qdFRs=; b=rZpNydmh89fJKQuIt82PD/keuggOpKOyteqpuzikITm13hPgGUofKhpWRvcTmoAdgH jDquajVthJbXl4fHiTSr0p2LQ1j2VBWjWvy1SszdS4zgIhd4DSmm4lnfGLBjMyIJt9rZ mY/I/A7affAFsNukNM1H/yV3S6jek+Chqx+1caH2KgiQlb1o2g+E/vGJC6oRC+f1qMq4 wMkWCKjgefQm9u7L7jmokDQuslpvas0ds9/7vg+8bNQ/ujKfJDZsQn5crrrch4ZeniNo 07g29E5J8zU9YQchFn1gG1S5Ce5PIjSU+QR7Bk3OX8inVgw9C7z6R3RTZbRehxMTyxYs DIYw== Original-Sender: pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org X-Gm-Message-State: AOAM533Q9QLEt2Xv6i/kIxVbsUQYjpr10R23H67F3ZQrkca+2YN05G7K zTAgziFAYaMmpLw1jv9WJYc= X-Google-Smtp-Source: ABdhPJzih9BNk7FH/5JEIIQMKbcEw2rXmpR1p5PbytBXKbaumu2Gf3d/b75bijmZ1PtUGjvHGdfVeQ== X-Received: by 2002:a5d:6dae:0:b0:218:4a3a:3623 with SMTP id u14-20020a5d6dae000000b002184a3a3623mr1883309wrs.524.1654538757255; Mon, 06 Jun 2022 11:05:57 -0700 (PDT) X-BeenThere: pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org Original-Received: by 2002:a05:600c:1c8f:b0:397:380f:f614 with SMTP id k15-20020a05600c1c8f00b00397380ff614ls4264402wms.3.gmail; Mon, 06 Jun 2022 11:05:52 -0700 (PDT) X-Received: by 2002:a7b:cb4b:0:b0:39c:49dd:b2cc with SMTP id v11-20020a7bcb4b000000b0039c49ddb2ccmr11057901wmj.123.1654538752801; Mon, 06 Jun 2022 11:05:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1654538752; cv=none; d=google.com; s=arc-20160816; b=cKHzOxuHRn3TAAri6dFbjrU3QqUNUtmdkJi6gkESrO1kdBobM9Qmq3bRAJOW27Ye7/ yfYXa02H5Q/LnWJHzkeIEsnAMemWC2hFVuv95IRhjL+lTf4CbWFIq9j+9QFZ4wRKWJry Gczbzh3E5Nf91+GthQrCPibR9dX0usfS0guQeuiDasbUXn17uXjahH8idqnA9Ftmhybj a3L9VJy0xdoftsZN2IvCiWLdXSQDVio0JSgurSeIDyICg/qHFSENZ8EMyoZodaStI4n4 o6ECRHBZhb0qSSo1UZ0FlAp+K82zMrOr0mSBzHhwRdW7cmBZRkL0YFX0Do8TE+1wh2vY aoLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:message-id:in-reply-to:date:subject:to:from:references; bh=n19zwQJs3yPGqFtFMcNIJJoyqyUie7J6NTawyDB4KBQ=; b=yjGqb8HUUwZqR+sCLLTGQ1vaRkmxImKsr93y5IvT2GKrj2G/LkIb+eO99iGB6Emedb HeICpZJkk6BdB3ZVAZ1G/nxfTuSiUMSuV1DIH0amR7cAEuVjE1H1sJMdOgMD19tvsNIB vufJVCYKHwZ+F9ftZDLfjXftyzYbMsCIH5dluzTF0N1iNpflr+p+Rtt4/6KFYWBXyARp Pv//S38WuCuTjx7ufV06iZRLPasMzmdf0MBjMrhZq43HrZRL5ZHRL37B6lGYSH67+HKz RlA/jKITs0GeQqgGHZSgMk4bX6MN1RzjYpcAoCOhQiNk3nXX09RHHOdDEXGT36YQYAz5 NCAA== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of albert+pandoc-9EawChwDxG8hFhg+JK9F0w@public.gmane.org designates 2001:67c:2050:0:465::202 as permitted sender) smtp.mailfrom=albert+pandoc-9EawChwDxG8hFhg+JK9F0w@public.gmane.org Original-Received: from mout-p-202.mailbox.org (mout-p-202.mailbox.org. [2001:67c:2050:0:465::202]) by gmr-mx.google.com with ESMTPS id i10-20020adff30a000000b002132c766fd7si514765wro.4.2022.06.06.11.05.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Jun 2022 11:05:52 -0700 (PDT) Received-SPF: pass (google.com: domain of albert+pandoc-9EawChwDxG8hFhg+JK9F0w@public.gmane.org designates 2001:67c:2050:0:465::202 as permitted sender) client-ip=2001:67c:2050:0:465::202; Original-Received: from smtp202.mailbox.org (smtp202.mailbox.org [10.196.197.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4LH1ct1fQDz9ss3 for ; Mon, 6 Jun 2022 20:05:50 +0200 (CEST) In-reply-to: X-Original-Sender: albert+pandoc-9EawChwDxG8hFhg+JK9F0w@public.gmane.org X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of albert+pandoc-9EawChwDxG8hFhg+JK9F0w@public.gmane.org designates 2001:67c:2050:0:465::202 as permitted sender) smtp.mailfrom=albert+pandoc-9EawChwDxG8hFhg+JK9F0w@public.gmane.org Precedence: list Mailing-list: list pandoc-discuss-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org; contact pandoc-discuss+owners-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org List-ID: X-Google-Group-Id: 1007024079513 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , Xref: news.gmane.io gmane.text.pandoc:30691 Archived-At: John MacFarlane writes: > I believe that currently one must specify the path to a custom > Lua reader or writer: you can't put it in your data directory, > as you can with a Lua filter, and it won't be found in your > executable PATH. > > (Is that correct, Albert?) I'm afraid it is. > My question is whether we should change that. I think it could > be quite convenient to allow custom readers and writers to be > distributed as Lua rocks. You could then do `luarocks install > cool-pandoc-writer` and it would put `cool-writer.lua` in the > `bin` directory of your luarocks installation. Pandoc could then > be trained to look in the executable path for a custom writer > if it is not found locally. > > Alternatively, we could search a custom-writers and custom-readers > subdirectory of the user data directory (as we do with filters). I like both options, with a slight preference for the latter. > It is a little cumbersome to have to copy the default > writer/reader somewhere and pass its path to pandoc. This may > be good from a security point of view, however, as it makes it > less likely that people will blindly use custom readers/writers > from third parties, not realizing that a custom reader/writer > could in principle do just about anything on your file system. AFAIK, luarocks is rather relaxed when it comes to security. Just installing a rock can lead to the execution of arbitrary code. I don't feel like we should be too worried about the security implications of running an already installed Lua library. I'm not sure if it's better or worse, but we could also look for the reader in LUA_PATH (via `require`). Using a bit of pseudo-code: if file_exists(reader_path) then dofile(reader_path) reader = Reader else reader = require (reader_path:gsub('.lua$', '')) end The reader library would have to `return` the Reader function instead of just defining it as a global. > A related question: would it be possible for pandoc to set up > the Lua environment in which custom readers/writers are run so > that it is "sandboxed," limiting I/O operations to (e.g.) a > local directory, or perhaps logging I/O operations as pandoc > warnings? It would be a lot of work. Julien Dutant asked a similar question recently, and I listed my concerns there: https://groups.google.com/g/pandoc-discuss/c/2dMimbemNpM/m/pLXPk4p0AQAJ -- Albert Krewinkel GPG: 8eed e3e2 e8c5 6f18 81fe e836 388d c0b2 1f63 1124