RiscLua and ZeroPain

RiscLua lets you write applications whose users can input strings and run them as code. However, you can put the user’s input in a sandbox, so that it does not do naughty things like poking the zeropage. This is because of RiscLua’s reflexive facilities; the interpreter itself can be modified by the program it runs. But the modifications can be locked, so that the user’s input cannot itself carry out further modifications. For example, the code

riscos.![0xfc] = 0

!&FC = 0

, which would certainly be undesirable in the user’s code. But this

local ! in riscos
local zeroclean = \ (op)
    local meta = getmetatable (op)
    local old = meta.__newindex
    meta.__newindex = \ (t, adr, val)
      assert (adr > 255, "zeropage!")
      old (t, adr, val)
      end
   meta.__metatable = "forbidden!"
   end
zeroclean (!)
![0xfc] = 0

will lock the ! operator so that trying to use ! to poke in the zeropage will raise an error:

lua571: SDFS::RISCOSpi.$.Programming.Build.RiscLua.Test.Z:6: zeropage!
stack traceback:
 [C]: in function 'assert'
 SDFS::RISCOSpi.$.Programming.Build.RiscLua.Test.Z:6: in function '__newindex'
 SDFS::RISCOSpi.$.Programming.Build.RiscLua.Test.Z:12: in main chunk
 [C]: in ? 

Seeing the discussions about BASIC and ZeroPain, and how BASIC might be modified I thought this might give some pause for reflexion (pun intended!).