I want to build a website that would also include an online IDE where users can run some JavaScript code and run it. It would only run on the client side.
My concerns are:
-
I would have some of my functions defined on the client-side that I want the users to run. Would it be harmful then if they called eval()? Is there any other solution if I want those functions to be accessible for them?
-
Is it safe to store their custom code in the database (mongodb)? When they access a page where they wrote some code in the IDE, I want that code to load.
I know there are pages like this, where users write code, the code is saved for them, they can run it and also call custom functions defined on the client-side, but I am not sure what is the best approach to create something similar as I am concerned with the security.