Security precautions and techniques for a User-submitted Code Demo Area
Posted
by Jack W-H
on Stack Overflow
See other posts from Stack Overflow
or by Jack W-H
Published on 2010-03-26T18:10:21Z
Indexed on
2010/03/26
18:13 UTC
Read the original article
Hit count: 335
Hey folks
Maybe this isn't really feasible. But basically, I've been developing a snippet-sharing website and I would like it to have a 'live demo area'.
For example, you're browsing some snippets and click the Demo button. A new window pops up which executes the web code.
I understand there are a gazillion security risks involved in doing this - XSS, tags, nasty malware/drive by downloads, pr0n, etc. etc. etc.
The community would be able to flag submissions that are blatantly naughty but obviously some would go undetected (and, in many cases, someone would have to fall victim to discover whatever nasty thing was submitted).
So I need to know: What should I do - security wise - to make sure that users can submit code, but that nothing malicious can be run - or executed offsite, etc?
For your information my site is powered by PHP using CodeIgniter.
Jack
© Stack Overflow or respective owner