-1

I'm developing Angular 4 application and it has elements of coding quiz, so there is an input field, where the user types in a little bit of code.

The task is to write express Get and Post requests

So, he should write something like this:

app.post('/test', function (req, res) {
  const body = req.body.Body
  res.set('Content-Type', 'text/plain')
  res.send(`You sent: ${body} to Express`)
})

As player typed in request and press the send button, I would like to pass it to my backend and run it there as part of code ( so, the real request would be done with help of code, which user wrote) and then send the answer back to user...I suggest, it could be send as file and then the function could be taken from there...is something like this possible?

Anna F
  • 1,413
  • 3
  • 16
  • 37
  • I don't think that there is any simple, safe way to do this. The quick and (very) dirty solution would be to `eval` the supplied string. Don't do this though. – Christian Scott Jun 19 '18 at 07:27
  • Here is a collection of suggestions about how to do this safely: https://stackoverflow.com/questions/10937870/how-to-run-untrusted-code-serverside – Christian Scott Jun 19 '18 at 07:28

1 Answers1

0

You can pass this piece of code as a string and then evaluate the code in the backend using eval.

let clientFeed = `let val = 'Some String';
let otherVal = ' Some other string';
let someFunction = (string1,string2)=>{console.log(string1.concat(string2))};
someFunction(val, otherVal);` 

eval(clientFeed)

I'dont recommend doing this, if you are not totally sure that you have restricted the submission, in such way that they are unable to access stuff on your server

Християн Христов
  • 2,919
  • 1
  • 12
  • 24