I plan to have an aspect of my site where users can submit HTML, CSS, and JS, which are then generated live to full HTML work pages. Other users will be able to see this. These pages must have working Javascript.
I understand that a rather serious security error is in itself, but this function is very important on the site. I had these ideas:
- No external javascript files can be associated with
- jQuery etc. can be included, but only from a trusted CDN (e.g. Google)
- Some Javascript features will be disabled and removed (for example,
eval()) - Users cannot send a demo code in real time until they receive a certain amount of "reputation"
- The real-time user demo code must be authorized by the administrator before it appears live.
- Abbreviated code cannot be used
And passive safety measures:
- Disclaimer, so we are not responsible !;)
- The "Report" buttons in case the user finds something tricky.
So, the question is: What do you think of this as a security plan? Are these measures compatible to stop the attackers? Users will present their code in three separate inputs - CSS, HTML, and JS - so I can filter and sanitize accordingly, and then restructure it live for others to view.
Thank!
Jack
source
share