-3

I have a <textarea> which I want to use as a Ruby code editor on my HTML web page. I want to run the Ruby code using Javascript and use a <div> with an ID of output as a command line in an <iframe> to output the results of the Ruby code, just like Codecademy.

Codecademy Console Example

Also, I would like to find a way to do this securely so it doesn't compromise the security of my server. I can only use PHP and Node.JS.

Maytha8
  • 846
  • 1
  • 8
  • 26
  • 2
    I think you have to create `nodejs` server/microservice/api for executing code on server side and the pass it to client side of JS, and of coursse you must have installed ruby on your pc or you can use Ajax (or whatever nowadays js is using) to pass all data from `textarea` to server side script which execute Ruby code and return value for you. – noname Oct 04 '19 at 13:49
  • 1
    How do I do that using PHP and JavaScript? – Maytha8 Oct 04 '19 at 13:57
  • 1
    read about REST api in php and how to execute bash commands in php – noname Oct 04 '19 at 14:02
  • 2
    I would highly advise using [opal-parser](http://opalrb.com/docs/guides/master/opal_parser.html) to compile/run ruby in the browser. If you want to run Ruby on the server, you have to set up a virtual environment so users' scripts can't touch your application or system, which would be quite a bit more work – max pleaner Oct 04 '19 at 18:00
  • 1
    Does opal-parser work in an iframe? – Maytha8 Oct 04 '19 at 23:28
  • I guess it can work in an IFrame, but i wouldn't recommend it. you'll be having CORS issues. i think best is to just run it in a div. – Glenn van Acker Oct 29 '19 at 13:18
  • Please show so more code, so we have something to work with. – Chris Oct 29 '19 at 19:23

1 Answers1

4

If I understood your question right, what you need to do, is to POST whatever is in the <textarea>to a PHP script, which could then, write the POST(ed) code into a file, and use a PHP system call to execute that code.

<?php
file_put_contents('tmp.rb', $_POST['txtTextArea']);
echo system('ruby tmp.rb');
?>

original link to Executing Ruby script from PHP and getting output .

I would suggest that you do that using an asynchronous JavaScript call such as fetch (or ajax), then you can have the PHP return the result of the Ruby execution, and you can print it somewhere inside your page.

Beware that this opens the possibility to remotely execute commands that can be dangerous depending on the permissions of the web server user configured on the server running PHP and Ruby.

Telmo Dias
  • 3,938
  • 2
  • 36
  • 48
  • Please refer to https://stackoverflow.com/questions/732832/php-exec-vs-system-vs-passthru – Telmo Dias Nov 11 '19 at 15:56
  • Would running the commands in a container or a VM make the concept more secure? – Maytha8 Jan 11 '22 at 11:21
  • for sure yes, but of course it depends on what you are trying to achieve from the commands you want to execute on Ruby. I'm not familiar with the ruby protection mechanisms, PHP has some possibilities to only allow some commands to be executed. Running it inside a container or vm might enable more security but limit too much your abilities to achieve what you originally intended. – Telmo Dias Jan 11 '22 at 12:08