tags:

views:

117

answers:

4
+2  Q: 

Is it possible to store javascript in a database?

Hi, I have an idea for a web application where a user can submit Javascript code that can then be served up to other users. I'm wondering what's the best way of going about this. Is it possible to store the Javascript in a database and then serve it up to users as they request it? I would also like to be able to attach metadata to each piece of code: name, user ratings, etc., so a database seems like the natural solution to my somewhat underinformed mind. I'm looking at using Rails on the backend with MongoDB.

+4  A: 

Yes, it seems like you've got a grasp of what is required. Just be careful not to execute the arbitrary code - you could be entering a world of XSS hurt.

Unless you're going to be getting millions of hits a minute, any database or framework will be fine.

nickf  2010-06-30 02:27:01
+6  A: 

Javascript is a string of text. Databases can store strings of text. Hence, databases can store Javascript.

Unless you have some specific idea I'm missing though, I wholly agree with @Aircule's sentiment.

Wow, I don't think I've seen a worse idea in ages.

deceze  2010-06-30 02:27:45
I think the OP means for other users to view, not execute. Like codepaste.net
Rex M  2010-06-30 02:29:46
@Rex If that is so, it's indeed not such a bad idea. Then it's only been done before. :)
deceze  2010-06-30 02:30:59
+1  A: 

alt text

CodeToGlory  2010-06-30 02:58:14
-1: not helpful, and the OP isn't even that scary if you ask me. Plenty of people here use pastebin or jsbin which essentially is the same.
nickf  2010-06-30 03:57:42
+1 to offset the -1, if you read the comments, he is talking about actually executing arbitrary code provided by users. pastebin or jsbin don't do that.
Matt Briggs  2010-06-30 04:03:50
-1 to offset the +1. That is exactly what [jsbin](http://jsbin.com/efisa3) does, and this post isn't helpful.
Anurag  2010-06-30 04:34:44
fer god's sake people. 4 upvotes to an "answer" of a picture? Fair enough if you think it's a terrible idea, but at least try to be **helpful**. Offer some advice or something.
nickf  2010-06-30 13:55:54
No vote from me, but it made me laugh. Maybe if it was Friday afternoon it'd get a +1
alex  2010-06-30 14:49:43
+2  A: 

I highly recommend reading up on XSS and CSRF. (shameless plug, i blogged a high level overview here) It is hard enough to prevent these sort of things when you are actively trying to look out for them, sanitizing js would be an absolute nightmare.

Matt Briggs  2010-06-30 03:25:12

related questions

What language do you use for Postgresql triggers and stored procedures?
Are Multiple DataContext classes ever appropriate?
Which tools do people use to create Data Dictionaries?
Any experiences with Protocol Buffers?
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
How do I index a database field
How does database indexing work?
How do I connect to a database and loop over a recordset in C#?
Editing database records by multiple users
Object Oriented vs Relational Databases
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
Embedded Database for .net that can run off a network
Connect PHP to an AS/400
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
.NET Migrations Engine
Is there a version control system for database structure changes?
SQLite and XSD
How do I version my MS SQL database in SVN?
XSD DataSets and ignoring foreign keys
Flat File Databases in PHP
Throw Error In MySQL Trigger
Binary Data in MySQL