17

I know there are a number of "Try It Yourself" JavaScript editors, such as W3School's Try It editor, JSBin, and JSFiddle.

I'm developing a graphical JavaScript library that I'd like to let people try out from my own site (one difference from other editors is that my output would be to a canvas, not an HTML frame). Not wanting to reinvent the wheel, are there established ways for creating a "Try It Yourself" capability that consider issues like DOM-based scripting vulnerabilities?

David Koelle
  • 20,726
  • 23
  • 93
  • 130
  • 1
    JSFiddle just takes the HTML, CSS, and JavaScript you provide and loads it into an iFrame. – gen_Eric Jan 09 '12 at 20:53
  • Similar in that it talks about Try-It editors, but does not get to the _development_ of such an editor: http://stackoverflow.com/questions/2814453/javascript-online-try-it-editor, http://stackoverflow.com/questions/2114160/how-to-create-a-online-javascript-editor – David Koelle Jan 09 '12 at 20:54
  • What vulnerabilities are you worried about? Isn't it essentially the same as the user having the debug console open? (Although maybe I've missed something!) – Mark Rhodes Jan 09 '12 at 20:59
  • 3
    @David: In the accepted answer of the second question you linked to, a link to [JSBin's GitHub repository](https://github.com/remy/jsbin) is provided. Perhaps examining that would be a helpful starting point? – Colin Brock Jan 09 '12 at 21:01
  • 1
    @Mark - I would think so, too, but then I come across so much "eval === evil" that I had second thoughts. – David Koelle Jan 09 '12 at 21:24
  • @Colin, thanks, I'll dig around the GitHub respository – David Koelle Jan 09 '12 at 21:24
  • 1
    I can't find any established ways either, but if I were to go about reinventing this wheel I would consider sanitizing the code with JSLint (http://www.jslint.com/) before injecting it into an IFRAME – George Mandis Jan 11 '12 at 01:25
  • You can find complete code on for this on following link : http://techisquest.blogspot.in/?view=classic – Avdhut Jun 16 '12 at 14:08

3 Answers3

9

A simple design would be a start page with a form containing three textarea's and one iframe. The textarea's contain the html/css and javascript parts, and the iframe contains the result:

<!--index.html-->
<html>
<form method="post" action="tryit-result.php" target="result">
<button>Try it</button>
<table>
    <tr>
        <td><textarea name="html"></textarea></td>
        <td><textarea name="css"></textarea></td>
    </tr>
    <tr>
        <td><textarea name="js"></textarea></td>
        <td><iframe src="tryit-result.php" name="result"></iframe></td>
    </tr>
</table>
</form>
</html>

The submit is then handled at the server by saving the html/css/scripts to file and then returning a page that references these files, something in the line of:

<!--tryit-result.php-->
<html>
<head>
    <style type='text/css'>
        <?php echo file_get_contents('css contents')?>
    </style>
    <script type='text/javascript'>
    $(function() {
        <?php echo file_get_contents('js contents')?>
    });
    </script>
</head>
<body>
    <?php echo file_get_contents('html contents')?>
</body>
</html>
eolsson
  • 12,567
  • 3
  • 41
  • 43
4

This doesnt require 2 files at all infact this can be done very easily: For simplicity im just creating a single textarea but you can create 3 textarea if you want to and add prefixes such as <style> or <script> etc

<body>
  <textarea id="code" oninput="putcode(this.value)">
  </textarea>
  <iframe frameborder="0"></iframe>
  <script>
    var val;
    function putcode(val){
      document.querySelector("iframe").srcdoc=val;
    }
  </script>
</body>

You can add further css code to make it prettier but this is quite a basic version of what im trying to explain.and there is no need to worry about security as this is perfectly secure.

Shrikantha Budya
  • 646
  • 1
  • 4
  • 15
  • If you're in the middle of typing something in the "code" textarea, would this load incorrect JavaScript into the iframe - and is that a problem? – David Koelle Jun 20 '16 at 01:52
  • What do you mean by incorrect javascript?whatever you write in the textarea will be visible in the iframe and is treated as a completely different page.. – Shrikantha Budya Jun 20 '16 at 04:35
2

Create a simple html page with textarea and iframe first :

<html>
  <head>
<script type="text/javascript">
function data_submit()
{
document.form1.txt_data.value= document.form1.txt_html.value;
 }
</script>

  <title>Try It yourself Online Editor</title>
 </head>
  <body>
  <form name="form1" id="form1" method="post" action="" >
 <table width="100%" cellspacing="0" cellpadding="0" border="1">
    <tr >

     <td>
 <input type="submit" name="bt_submit" value="Click to Execute " align="top" onClick="data_submit();"/>
</td>
      <td align="center">Output</td>
    </tr>
      <tr>
        <td width="50%" >
      <input type="text"  name="txt_data" value="" style="visibility:hidden;" />

        <textarea rows="35" width="90px" height="550px" cols="77" name="txt_html">

    </textarea>
          </td>
        <td width="50%" style="border-width:10px;border-style:none;">
          <iframe height="550px" width="100%" src="try_it.php" name="iframe_a"></iframe>
         </td>
    </table>
  </form>
  </body>
  </html>

Now code written by the user need to be displayed in the iframe so we need to store the code in a file. Write PHP code to create a file. following is the code create a file.

  if(isset($_POST['bt_submit']))
 {
 $file = "try_it.php";
 $fp = fopen($file, 'w');
 //Following code will store the content in textarea in a variable which will create a file.
 $content = $_POST['txt_data'];
 fwrite($fp, $content);
  fclose($fp);
  }
 ?>

Following php code is written to display a default output and changed output after submit button is clicked by the user.

<?php


 if(isset($_POST['bt_submit']))
 {
 echo trim($content);
  }
  else
  {
  echo "<html>\n";
echo "<body>\n";


echo "<h1>Hello World!!!</h1>\n";


echo "</body>\n";
echo "</html>\n";
 } ?>

Now combine all the code and you will get a simple try it yourself editor.

Avson1023
  • 21
  • 1