Difference between revisions of "Ns adp safeeval"
Jump to navigation
Jump to search
| (One intermediate revision by one other user not shown) | |||
| Line 11: | Line 11: | ||
: This function evaluates the ADP specified by ''page'' just as [[ns_adp_eval]] does, except that it ignores inline scripts "<% ... %>"; only adp registered tags are executed. This is useful for providing a limited execution environment for untrusted code (such as user-created templates) without allowing potentially damaging code to run on the server. | : This function evaluates the ADP specified by ''page'' just as [[ns_adp_eval]] does, except that it ignores inline scripts "<% ... %>"; only adp registered tags are executed. This is useful for providing a limited execution environment for untrusted code (such as user-created templates) without allowing potentially damaging code to run on the server. | ||
| − | ''' | + | '''WARNING''' |
| + | : In AOLserver versions prior to 4.5, arbitrary script could still be executed using the syntax: <script runat=server>...</script> | ||
'''SEE ALSO''' | '''SEE ALSO''' | ||
| Line 17: | Line 18: | ||
: [[ns_adp_abort]], [[ns_adp_append]], [[ns_adp_argc]], [[ns_adp_argv]], [[ns_adp_bind_args]], [[ns_adp_break]], [[ns_adp_debug]], [[ns_adp_debuginit]], [[ns_adp_dir]], [[ns_adp_dump]], [[ns_adp_exception]], [[ns_adp_include]], [[ns_adp_mime]], [[ns_adp_mimetype]], [[ns_adp_parse]], [[ns_adp_puts]], [[ns_adp_registeradp]], [[ns_adp_registerproc]], [[ns_adp_registertag]], [[ns_adp_return]], [[ns_adp_safeeval]], [[ns_adp_stats]], [[ns_adp_stream]], [[ns_adp_tell]], [[ns_adp_trunc]] | : [[ns_adp_abort]], [[ns_adp_append]], [[ns_adp_argc]], [[ns_adp_argv]], [[ns_adp_bind_args]], [[ns_adp_break]], [[ns_adp_debug]], [[ns_adp_debuginit]], [[ns_adp_dir]], [[ns_adp_dump]], [[ns_adp_exception]], [[ns_adp_include]], [[ns_adp_mime]], [[ns_adp_mimetype]], [[ns_adp_parse]], [[ns_adp_puts]], [[ns_adp_registeradp]], [[ns_adp_registerproc]], [[ns_adp_registertag]], [[ns_adp_return]], [[ns_adp_safeeval]], [[ns_adp_stats]], [[ns_adp_stream]], [[ns_adp_tell]], [[ns_adp_trunc]] | ||
| − | + | [[Category:Documentation]] | |
| − | + | [[Category:Core Tcl API]] | |
| − | [[Category Documentation]] | ||
Latest revision as of 00:55, 14 June 2010
NAME
- ns_adp_safeeval - Safely evaluate an ADP block
SYNOPSIS
- ns_adp_safeeval page ?args ...?
DESCRIPTION
- This function evaluates the ADP specified by page just as ns_adp_eval does, except that it ignores inline scripts "<% ... %>"; only adp registered tags are executed. This is useful for providing a limited execution environment for untrusted code (such as user-created templates) without allowing potentially damaging code to run on the server.
WARNING
- In AOLserver versions prior to 4.5, arbitrary script could still be executed using the syntax: <script runat=server>...</script>
SEE ALSO
- ns_adp_abort, ns_adp_append, ns_adp_argc, ns_adp_argv, ns_adp_bind_args, ns_adp_break, ns_adp_debug, ns_adp_debuginit, ns_adp_dir, ns_adp_dump, ns_adp_exception, ns_adp_include, ns_adp_mime, ns_adp_mimetype, ns_adp_parse, ns_adp_puts, ns_adp_registeradp, ns_adp_registerproc, ns_adp_registertag, ns_adp_return, ns_adp_safeeval, ns_adp_stats, ns_adp_stream, ns_adp_tell, ns_adp_trunc
