Hi, I have an idea for a web application where a user can submit Javascript code that can then be served up to other users. I'm wondering what's the best way of going about this. Is it possible to store the Javascript in a database and then serve it up to users as they request it? I would also like to be able to attach metadata to each piece of code: name, user ratings, etc., so a database seems like the natural solution to my somewhat underinformed mind. I'm looking at using Rails on the backend with MongoDB.
+6
A:
Javascript is a string of text. Databases can store strings of text. Hence, databases can store Javascript.
Unless you have some specific idea I'm missing though, I wholly agree with @Aircule's sentiment.
Wow, I don't think I've seen a worse idea in ages.
deceze
2010-06-30 02:27:45
I think the OP means for other users to view, not execute. Like codepaste.net
Rex M
2010-06-30 02:29:46
@Rex If that is so, it's indeed not such a bad idea. Then it's only been done before. :)
deceze
2010-06-30 02:30:59
-1: not helpful, and the OP isn't even that scary if you ask me. Plenty of people here use pastebin or jsbin which essentially is the same.
nickf
2010-06-30 03:57:42
+1 to offset the -1, if you read the comments, he is talking about actually executing arbitrary code provided by users. pastebin or jsbin don't do that.
Matt Briggs
2010-06-30 04:03:50
-1 to offset the +1. That is exactly what [jsbin](http://jsbin.com/efisa3) does, and this post isn't helpful.
Anurag
2010-06-30 04:34:44
fer god's sake people. 4 upvotes to an "answer" of a picture? Fair enough if you think it's a terrible idea, but at least try to be **helpful**. Offer some advice or something.
nickf
2010-06-30 13:55:54
No vote from me, but it made me laugh. Maybe if it was Friday afternoon it'd get a +1
alex
2010-06-30 14:49:43
+2
A:
I highly recommend reading up on XSS and CSRF. (shameless plug, i blogged a high level overview here) It is hard enough to prevent these sort of things when you are actively trying to look out for them, sanitizing js would be an absolute nightmare.
Matt Briggs
2010-06-30 03:25:12