Geek Answers Handbook

Interpreting and / or receiving dotNet code at runtime

Html may contain small fragments of the built-in Javascript (for example, defined in onclick event handlers).

  • If I were writing an HTML browser using dotNet, such as C #, which technologies or APIs could use to run such Javascript fragments, given that I do not receive it until runtime (and I get it as string data, not how is the executable code)?

  • Easier or harder if the code to be run is C # snippets, not Javascript?

  • Is there any method that does not require my code to have unusual privileges? For example, a method of type CodeCompiler.FromSource requires SecurityPermissionFlag.UnmanagedCode (which seems excessive to me: I don’t understand why it is so risky to compile code).

  • If I controlled the server side, as well as the client-side code, I could also consider compiling such script fragments on the server, and not on the client, and then send it as pre-compiled code to the client side should be executed. Is there a way to send such a code (dotNet assembly, presumably) over the network to the client, get the code on the client side from the network to RAM on the client side and call it on the client side, without saving it as a file on the client disk?

Edit

I have an answer to the first three questions: I put up with the fact that compilation accepts high privileges. I do not understand why; it is possible (although I do not consider this a very convincing reason), because the compiler is implemented using unmanaged code. Perhaps this will change when they redefine the compiler using managed code, perhaps in the "C # version 5" timeframe. In any case, whatever the reason, it looks like there is, and there are no workarounds (other similar APIs, but which require fewer privileges).

My remaining question is how to get an assembly instance from one machine to another. When I have time, I will find out if the untrusted code can run the Assembly.Load(byte[] rawAssembly) method Assembly.Load(byte[] rawAssembly) .

+6
javascript c # interpreter codedom
source share
2 answers

  • The server side of Javascript is one of the languages ​​supported by the .NET platform. I have used it many times in scripts when you need to insert small pieces of code into existing code. Runtime can be downloaded from the database and compiled, so there is no penalty for formatting.

  • From the point of view of performing plumbing work (obtaining a source, compiling it, etc.) there is no difference. With strongly typed languages, although it is much more difficult to assemble code fragments into a compiled compilation unit.

  • Permissions are a challenge. I'm not sure about the specific permission you mentioned, but the security issue is that all the source code that you compile can be any, and if you are not careful about the source of your code, it can become a backdoor in your system.

  • The answer to this question is yes, of course. You can load the assembly from anywhere, not necessarily from a file, you can also compile in memory - this is what I do. In this case, there is no dll file.

+2
source share

You ask a few questions, it seems, I will give you an idea about one of them. There's a very good article and some code examples from: http://www.west-wind.com/presentations/dynamicCode/DynamicCode.htm which talks about compiling and executing C # code at runtime. I found it very useful, and I use it in a standard C # application. It seems like this will be helpful for your problem.

+1
source share

More articles:


All Articles