0

I'm looking for some solution of next problem: Now i'm developing an Rails app. I want to have possibility to code in Ruby at browser and then execute that code in my Rails app.

Are there some ready solutions?

UPD:

  1. what about code highlighting?
  2. what about Native Client?
falinsky
  • 7,229
  • 3
  • 32
  • 56
  • 3
    is that a huge security breach that i smell ? – m_x Jan 19 '12 at 08:15
  • Native Client in C++, not ruby. – Raynos Jan 19 '12 at 09:09
  • @Raynos http://code.google.com/p/nativeclient/source/browse/trunk/src/native_client/tests/ruby/ruby.html?r=1053 – falinsky Jan 19 '12 at 09:11
  • @falinsky interesting, I guess you could do it that way. But why would you want to execute ruby in a browser environment? – Raynos Jan 19 '12 at 09:14
  • @Raynos actualy i need to get valid ruby code from web page and execute it server-side. though i'm not sure about native client – falinsky Jan 19 '12 at 09:29
  • @falinsky does it need to be validated before being send? You can just use a ` – Raynos Jan 19 '12 at 09:48
  • @Raynos i'm looking for ready solution so – falinsky Jan 19 '12 at 10:05
  • @falinsky doesn't exist. Running arbitary ruby code from a client on your server is not a problem you can solve generically in a safe manner. – Raynos Jan 19 '12 at 10:06
  • @Raynos i understand. i mean, i'm looking for ready **highlighting and validation** solution. – falinsky Jan 19 '12 at 10:15
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/6876/discussion-between-falinsky-and-raynos) – falinsky Jan 20 '12 at 05:05

3 Answers3

1

There aren't really any real-world deployable solutions for this yet, but you might look at text/x-ruby as a proof of concept.

There's also the Cloud9 IDE which functions as a browser-based IDE, and will persist code back to your server to be run.

Chris Heald
  • 61,439
  • 10
  • 123
  • 137
1

eval is what you are looking for. A user enters Ruby-code, which gets POSTed to your rails app. Inside your controller you will need to eval the submitted Ruby code.

But. You probably don't want this. If there really seems to be a need to evaluate and run user submitted code, you most probably will need to re-think the need for that feature. This is almost impossible to make secure. And even when you secure it from certain users, it can be exploited trough XSS; which can actually take over a server in no-time trough this "feature".

Community
  • 1
  • 1
berkes
  • 26,996
  • 27
  • 115
  • 206
1

https://github.com/codegram/rack-webconsole

Or you could simply pass the Ruby code to the server via post and call eval eval(CODE).

You should note that especially the second way is very insecure since it gives the executing code complete access to your system.

If this really has to be done "Locking Ruby in the Safe" could help secure it.

EDIT:

For syntax highlighting take a look at Code Mirror and ACE. Both are decent source code editors with ruby support.

dgasper
  • 212
  • 2
  • 7