> So you have untrusted code and an untrusted user, and the untrusted code > and the untrusted user don't trust each other as well? > > How many different people will be able to upload untrusted code? >
Each "user" has an account and creates forms. The plugins created by the "users" do things like validate input, decide the format of how information is packed/unpacked and stored, etc... They can only do what has been exposed to them through an API. Their visitors submit information into these forms. Validation has to be at least done on the server side to ensure visitors aren't manipulating the page (injecting their own code in the browser). Validation can happen on the client side as well, but only in addition. Visitors spend most of their time on the form after it's been generated. -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
