diff --git a/doc/ext_ffi_semantics.html b/doc/ext_ffi_semantics.html
index 3444b8fb..5415787d 100644
--- a/doc/ext_ffi_semantics.html
+++ b/doc/ext_ffi_semantics.html
@@ -1219,7 +1219,7 @@ suboptimal performance, especially when used in inner loops:
Table initializers.
Initialization of nested struct/union types.
Non-default initialization of VLA/VLS or large C types
-(> 128 bytes or > 16 array elements.
+(> 128 bytes or > 16 array elements).
Bitfield initializations.
Pointer differences for element sizes that are not a power of
two.
diff --git a/doc/extensions.html b/doc/extensions.html
index cf57e0e8..68193187 100644
--- a/doc/extensions.html
+++ b/doc/extensions.html
@@ -408,7 +408,7 @@ the toolchain used to compile LuaJIT:
| Windows/x64 |
-MSVC or WinSDK |
+MSVC |
Full |
diff --git a/doc/faq.html b/doc/faq.html
index 31d91e2b..5c4ce533 100644
--- a/doc/faq.html
+++ b/doc/faq.html
@@ -57,7 +57,7 @@ dd { margin-left: 1.5em; }
-
+
- Q: Where can I learn more about LuaJIT and Lua?
-
@@ -77,7 +77,7 @@ has information about diverse topics.
-
+
- Q: Where can I learn more about the compiler technology used by LuaJIT?
-
I'm planning to write more documentation about the internals of LuaJIT.
@@ -93,7 +93,7 @@ And, you know, reading the source is of course the only way to enlightenment. :-
-
+
- Q: Why do I get this error: "attempt to index global 'arg' (a nil value)"?
Q: My vararg functions fail after switching to LuaJIT!
- LuaJIT is compatible to the Lua 5.1 language standard. It doesn't
@@ -103,7 +103,7 @@ functions from Lua 5.0.
Please convert your code to the
vararg syntax.
-
+
- Q: Why do I get this error: "bad FPU precision"?
- Q: I get weird behavior after initializing Direct3D.
- Q: Some FPU operations crash after I load a Delphi DLL.
@@ -125,7 +125,7 @@ Please check the Delphi docs for the Set8087CW method.
-
+
- Q: Sometimes Ctrl-C fails to stop my Lua program. Why?
- The interrupt signal handler sets a Lua debug hook. But this is
currently ignored by compiled code (this will eventually be fixed). If
@@ -136,7 +136,31 @@ twice to get stop your program. That's similar to when it's stuck
running inside a C function under the Lua interpreter.
-
+
+- Q: Can Lua code be safely sandboxed?
+-
+Maybe for an extremly restricted subset of Lua and if you relentlessly
+scrutinize every single interface function you offer to the untrusted code.
+
+Although Lua provides some sandboxing functionality (setfenv(), hooks),
+it's very hard to get this right even for the Lua core libraries. Of course,
+you'll need to inspect any extension library, too. And there are libraries
+that are inherently unsafe, e.g. the FFI library.
+
+Relatedly, loading untrusted bytecode is not safe! It's trivial
+to crash the Lua or LuaJIT VM with maliciously crafted bytecode. This is
+well known and there's no bytecode verification on purpose, so please
+don't report a bug about it. Check the mode parameter for the
+load*() functions to disable loading of bytecode.
+
+In general, the only promising approach is to sandbox Lua code at the
+process level and not the VM level.
+
+More reading material at the » Lua Wiki and Wikipedia.
+
+
+
+
- Q: Why doesn't my favorite power-patch for Lua apply against LuaJIT?
- Because it's a completely redesigned VM and has very little code
in common with Lua anymore. Also, if the patch introduces changes to
@@ -147,7 +171,7 @@ can use source transformations or use wrapper or proxy functions.
The compiler will happily optimize away such indirections.
-
+
- Q: Lua runs everywhere. Why doesn't LuaJIT support my CPU?
- Because it's a compiler — it needs to generate native
machine code. This means the code generator must be ported to each
@@ -158,7 +182,7 @@ architectures. Other architectures will follow based on sufficient user
demand and/or sponsoring.
-
+
- Q: When will feature X be added? When will the next version be released?
- When it's ready.
C'mon, it's open source — I'm doing it on my own time and you're