Secure way to run runtime code (XML file editing) C#
Question
I have a CLI application which is able to edit XML files with some parameters.
However I'm needing now a more powerful way to do it.
I want to give users the option to edit XML files using custom code from a .txt for total control over the XML editing.
For example:
@CODE File<file name for XML editing>
<code>
# Custom XML parser/editing code
for elem in tree.iter(tag='location'):
if elem.text == 'J':
elem.text = 'January'
</code>
Which would be the safest way to do this in .net C#? I mean the user only be able to edit the XML file and not doing anything more that compromises the security of the system (like deleting files)?
I'm thinking of using a Javascript engine ( like this one ) and running javascript code from the file. I believe javascript would limit what the user would be able to do. I also thought in C# code and Python but this ones may introduce the security issues.
Edit: One requirement is that it must work on mono.
1 answers
solution1
0 ACCPTED 2013-05-19 21:12:41
I have choose the IronJS .NET runtime with a javascript XML library discussed here (XML for < script> W3C DOM Parser).
I have also looked for other javascript .NET runtimes like: Javascript .NET, Jurassic and Jint (opted for IronJS because the better performance). Plus tested some .NET Lua libraries, namely Kopilua , but opted for the javascript solution because it seemed more complete, more documented and easier to use.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.