RestlessThoughts Posted February 17, 2011 Share Posted February 17, 2011 Hi! I'd like to allow some user-submitted plugins or custom code bits on pages. I'm basically making an online game generator for dummies and would like to allow some extra customization. Obviously I don't want to offer the full capability of php. I found safer eval and I believe with php's tokenizer I could make a parser to check user-submitted scripts for malicious coding against a white list. (For html cleaning I'd use htmlpurifier, though I haven't found a good solution for any CSS or Javascript yet. The php cleaning seems a larger road block anyway.) I was wondering if anyone here had a better solution? I don't want to make up my own coding language and I would prefer not to have to look over each script before use. I know this is a bad idea in general, sorry if I give anyone a heart attack by my even considering doing this and thank you in advance for any help! Quote Link to comment Share on other sites More sharing options...
trq Posted February 18, 2011 Share Posted February 18, 2011 If you have the ability to install extensions ive had some success with a similar concept within one of my CMS's. http://aurore.net/projects/php-js/ php-js is a php extension embedding the Spidermonkey Javascript engine into php, thus allowing your users to provide plugin code written in Javascript using an API that you can define yourself. Quote Link to comment Share on other sites More sharing options...
RestlessThoughts Posted February 18, 2011 Author Share Posted February 18, 2011 Thank you, that looks very interesting! I'm pretty rusty with Js, but that looks very much like what I'm wanting. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.