From 05456059f17573261aced9730e03f2a5afa8e5f5 Mon Sep 17 00:00:00 2001
From: Desour <ds.desour@proton.me>
Date: Mon, 24 Mar 2025 13:21:13 +0100
Subject: [PATCH] os.date and string.dump potentially unsafe

---
 src/script/cpp_api/s_security.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/script/cpp_api/s_security.cpp b/src/script/cpp_api/s_security.cpp
index f78c93de79..277330ae27 100644
--- a/src/script/cpp_api/s_security.cpp
+++ b/src/script/cpp_api/s_security.cpp
@@ -408,13 +408,13 @@ void ScriptApiSecurity::initializeSecuritySSCSM()
 		"xpcall",
 		// Completely safe libraries
 		"coroutine",
-		"string",
+		"string", //TODO: string.dump?
 		"table",
 		"math",
 		"bit",
 	};
 	static const char *os_whitelist[] = {
-		"date",
+		"date", // TODO: can crash? (<http://lua-users.org/wiki/SandBoxes>)
 		"difftime",
 		"time"
 	};