Ns adp safeeval

From AOLserver Wiki
Jump to: navigation, search

NAME

ns_adp_safeeval - Safely evaluate an ADP block

SYNOPSIS

ns_adp_safeeval page ?args ...?

DESCRIPTION

This function evaluates the ADP specified by page just as ns_adp_eval does, except that it ignores inline scripts "<% ... %>"; only adp registered tags are executed. This is useful for providing a limited execution environment for untrusted code (such as user-created templates) without allowing potentially damaging code to run on the server.

WARNING

In AOLserver versions prior to 4.5, arbitrary script could still be executed using the syntax: <script runat=server>...</script>

SEE ALSO

ns_adp_abort, ns_adp_append, ns_adp_argc, ns_adp_argv, ns_adp_bind_args, ns_adp_break, ns_adp_debug, ns_adp_debuginit, ns_adp_dir, ns_adp_dump, ns_adp_exception, ns_adp_include, ns_adp_mime, ns_adp_mimetype, ns_adp_parse, ns_adp_puts, ns_adp_registeradp, ns_adp_registerproc, ns_adp_registertag, ns_adp_return, ns_adp_safeeval, ns_adp_stats, ns_adp_stream, ns_adp_tell, ns_adp_trunc