Difference between revisions of "Ns adp safeeval"
Jump to navigation
Jump to search
m (fixup wiki category links) |
|||
Line 11: | Line 11: | ||
: This function evaluates the ADP specified by ''page'' just as [[ns_adp_eval]] does, except that it ignores inline scripts "<% ... %>"; only adp registered tags are executed. This is useful for providing a limited execution environment for untrusted code (such as user-created templates) without allowing potentially damaging code to run on the server. | : This function evaluates the ADP specified by ''page'' just as [[ns_adp_eval]] does, except that it ignores inline scripts "<% ... %>"; only adp registered tags are executed. This is useful for providing a limited execution environment for untrusted code (such as user-created templates) without allowing potentially damaging code to run on the server. | ||
− | ''' | + | '''WARNING''' |
+ | : In AOLserver versions prior to 4.5, arbitrary script could still be executed using the syntax: <script runat=server>...</script> | ||
'''SEE ALSO''' | '''SEE ALSO''' |
Latest revision as of 00:55, 14 June 2010
NAME
- ns_adp_safeeval - Safely evaluate an ADP block
SYNOPSIS
- ns_adp_safeeval page ?args ...?
DESCRIPTION
- This function evaluates the ADP specified by page just as ns_adp_eval does, except that it ignores inline scripts "<% ... %>"; only adp registered tags are executed. This is useful for providing a limited execution environment for untrusted code (such as user-created templates) without allowing potentially damaging code to run on the server.
WARNING
- In AOLserver versions prior to 4.5, arbitrary script could still be executed using the syntax: <script runat=server>...</script>
SEE ALSO
- ns_adp_abort, ns_adp_append, ns_adp_argc, ns_adp_argv, ns_adp_bind_args, ns_adp_break, ns_adp_debug, ns_adp_debuginit, ns_adp_dir, ns_adp_dump, ns_adp_exception, ns_adp_include, ns_adp_mime, ns_adp_mimetype, ns_adp_parse, ns_adp_puts, ns_adp_registeradp, ns_adp_registerproc, ns_adp_registertag, ns_adp_return, ns_adp_safeeval, ns_adp_stats, ns_adp_stream, ns_adp_tell, ns_adp_trunc