31Ara
How to store and manage user generated javascript code on website
I am currently working on a website where people can upload their pictures, put them in frames, add certian already coded effects. But, i know that there are some more invested users that would be interested in creating their own "templates" and share them with other users. I would like to give them an option to create their own method that outputs a ready "frame", which will just return <div> element.
Is there any way that i can do this efficiently and with some security?
- If i will execute just plain javascript code from a user, it may be a huge security risk.
- If i will setup a moderation step, i will be forever busy with checking thousands of mediocre, tiny edits with a lot of delay on user side.
- If i wont give this option, overall quality of service may suffer, because it wont harness creative potential of its community.
What should i do? Stick just to CSS and HTML so users can upload only those? Restrict certain words that appear in user defined functions? Moderate content? Or rather setup a testing environment and then be in contant with the community?
What do you propose?
