Jump to content

Save custom codes (html and javascript)


Dennis Spohr
 Share

Recommended Posts

I created a tool where users can design their individual landingpage. Lately users want to implement their own html- and/or javascript code, for example for loading an iframe or custom tracking codes.

If I give them an textarea, where they can paste their custom html or javascript code - is this secure?
I would use $sanitizer->text to prevent sql injections.

But is this a safe way? I don't (really) know which code they would save (and load).

I would like to get an idea and your thoughts.

Thanks and greetings from Malta,
Dennis

Link to comment
Share on other sites

It's not that I don't trust people but... I'd be careful with things like that. 

First off all most people just take code they get from whoever and place it somewhere without knowing what will happen afterwards.

If there are tools and services like Facebook Pixel, HubSpot or similar they want to use, give them the option to enter only the necessary details like Pixel ID or campaign ID and let your system do the rest.

Maybe you can ask your users what they want to add to their landingpages and start from there.

In my opinion that's much safer and easier for everyone.

If it was my service I wouldn't allow them more than that. At the end I'm the one that risks everything.

  • Like 3
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...