Security precautions and techniques for a User-submitted Code Demo Area

Posted by Jack W-H on Stack Overflow See other posts from Stack Overflow or by Jack W-H
Published on 2010-03-26T18:10:21Z Indexed on 2010/03/26 18:13 UTC
Read the original article Hit count: 335

Filed under:
|
|
|

Hey folks

Maybe this isn't really feasible. But basically, I've been developing a snippet-sharing website and I would like it to have a 'live demo area'.

For example, you're browsing some snippets and click the Demo button. A new window pops up which executes the web code.

I understand there are a gazillion security risks involved in doing this - XSS, tags, nasty malware/drive by downloads, pr0n, etc. etc. etc.

The community would be able to flag submissions that are blatantly naughty but obviously some would go undetected (and, in many cases, someone would have to fall victim to discover whatever nasty thing was submitted).

So I need to know: What should I do - security wise - to make sure that users can submit code, but that nothing malicious can be run - or executed offsite, etc?

For your information my site is powered by PHP using CodeIgniter.

Jack

© Stack Overflow or respective owner

Related posts about security

Related posts about codeigniter