I have an idea for a web application where a user can submit Javascript code that can then be served up to other users. I'm wondering what's the best way of going about this. Is it possible to store the Javascript in a database and then serve it up to users as they request it? I would also like to be able to attach metadata to each piece of code: name, user ratings, etc., so a database seems like the natural solution to my somewhat underinformed mind. I'm looking at using Rails on the backend with MongoDB.
我对Web应用程序有一个想法,用户可以在其中提交Javascript代码,然后可以将其提供给其他用户。我想知道最好的方法是什么。是否可以将Javascript存储在数据库中,然后在用户请求时将其提供给用户?我还希望能够为每段代码附加元数据:名称,用户评级等,因此数据库似乎是我有点不知情的头脑的自然解决方案。我正在寻找在MongoDB的后端使用Rails。
3 个解决方案
#1
6
Javascript is a string of text. Databases can store strings of text. Hence, databases can store Javascript.
Javascript是一串文本。数据库可以存储文本字符串。因此,数据库可以存储Javascript。
Unless you have some specific idea I'm missing though, I wholly agree with @Aircule's sentiment.
除非你有一些我想念的具体想法,否则我完全赞同@Aircule的观点。
Wow, I don't think I've seen a worse idea in ages.
哇,我觉得我多年来看不出更糟糕的主意。
#2
4
Yes, it seems like you've got a grasp of what is required. Just be careful not to execute the arbitrary code - you could be entering a world of XSS hurt.
是的,看起来你已经掌握了所需要的东西。小心不要执行任意代码 - 你可能会进入一个受到XSS伤害的世界。
Unless you're going to be getting millions of hits a minute, any database or framework will be fine.
除非您每分钟获得数百万次点击,否则任何数据库或框架都可以。
#3
2
I highly recommend reading up on XSS and CSRF. (shameless plug, i blogged a high level overview here) It is hard enough to prevent these sort of things when you are actively trying to look out for them, sanitizing js would be an absolute nightmare.
我强烈建议您阅读XSS和CSRF。 (无耻的插件,我在这里写了一个高级概述)当你积极地寻找它们时,很难防止这些事情,消毒js将是一个绝对的噩梦。
#1
6
Javascript is a string of text. Databases can store strings of text. Hence, databases can store Javascript.
Javascript是一串文本。数据库可以存储文本字符串。因此,数据库可以存储Javascript。
Unless you have some specific idea I'm missing though, I wholly agree with @Aircule's sentiment.
除非你有一些我想念的具体想法,否则我完全赞同@Aircule的观点。
Wow, I don't think I've seen a worse idea in ages.
哇,我觉得我多年来看不出更糟糕的主意。
#2
4
Yes, it seems like you've got a grasp of what is required. Just be careful not to execute the arbitrary code - you could be entering a world of XSS hurt.
是的,看起来你已经掌握了所需要的东西。小心不要执行任意代码 - 你可能会进入一个受到XSS伤害的世界。
Unless you're going to be getting millions of hits a minute, any database or framework will be fine.
除非您每分钟获得数百万次点击,否则任何数据库或框架都可以。
#3
2
I highly recommend reading up on XSS and CSRF. (shameless plug, i blogged a high level overview here) It is hard enough to prevent these sort of things when you are actively trying to look out for them, sanitizing js would be an absolute nightmare.
我强烈建议您阅读XSS和CSRF。 (无耻的插件,我在这里写了一个高级概述)当你积极地寻找它们时,很难防止这些事情,消毒js将是一个绝对的噩梦。