Can javascript browser harm my server?

Question

Can javascript browser harm my server?

I am encoding an application in which I want the user to recognize javascript this way:

The user writes javascript code in the browser, as in the IDE.
The user saves it and the code will be saved as a string in my No-SQL database (MongoDB / CouchDB).
The user opens the application a few days later, and I pass this line to a web browser, where the code will be executed using eval ().

Only JSON data will be transmitted between the backend server and the web browser. The server will not do anything in the code line, it will save it directly to the database.

Can this code damage the server?

+3

javascript security xss

never_had_a_name Sep 29 '10 at 21:43

source share

5

, .

. .

+2

Jonathan S. 29 . '10 21:48

, , , , , SQL- js-.

, (SQL- / db) (js- )

+2

hvgotcodes 29 . '10 21:50

javascript, - , . (, , SQL-.)

, ( ) javascript ajax , .

+2

John Fisher 29 . '10 21:53

nosql "SQL-", QL-. , API ( SQL).

NOSQL- http://www.kalzumeus.com/2010/09/22/security-lessons-learned-from-the-diaspora-launch/ ( "NoSQL Doesnt Mean No SQL Injection" ).

: , , java script , , . CSRF . .

+2

Hendrik Brummermann 29 . '10 22:05

source share

BrunoLM · Accepted Answer · 2010-09-29T21:53:18+0000

server-side, no. IE . ...

, ( ), IE SQL-.

, , :

ajax.post("page_save_js.ext", "code=flood");

, , , . StackOverflow , .

Can javascript browser harm my server?

More articles: