M
M
MAXH02012-04-25 09:53:32
JavaScript
MAXH0, 2012-04-25 09:53:32

Storing user-edited and browser-executable JavaScript in a database. What problems can there be?

So, I want to make an opportunity for on-line learning for my students. To do this, you need to save their code in the database and execute in their and my browser. What should be taken into account?

Answer the question

In order to leave comments, you need to log in

4 answer(s)
N
nill, 2012-04-25
@MAXH0

Store the code in any database, and execute it via eval() . When using eval(), you need to take into account that you are executing their js code, which may contain malware or try to steal cookies, so “sensitive” functions can be cut off with regular expressions.

A
Anton Bobylev, 2012-04-25
@dpigo

How critical is it to store the code in the database?
Why not use jsfiddle.net and store the link?

W
werdender, 2012-04-25
@werdender

If the question is in the context of security, then you can send the executable code to the browser from another domain, not from the one from which you will watch it. In iframe for example.
Or did I not understand the question?

T
TheHorse, 2012-04-25
@TheHorse

XSS, SQL-inject, maximum script size. Look like that's it.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question