Application submission question

[xcandiottix]

I have an idea for a site in which someone could submit an application (html, JS, php, flash, etc) for testing it. The site would have different variables that the application could access and use. My concern is how can I protect the rest of my site from an attack? Would having a subdomain offer any type of protection and if so how could I do it? If not, should I consider an off site solution? For example, another site which only has the files need for testing on it? I'm trying to get a good concept down before starting on the code and i was hoping i could bounce some ideas around.

 

Obviously a big area of concern would be someone submitting a php script that erases files or a javascript that runs a malicious script. I've looked into strip_tags etc. but i don't want to limit the application designers freedom to produce something. Ideally, the application should have the freedom to access a site provided XML file to read information from and can write to an onsite text file. Aside from performing these tasks, what commands should not be allowed to be used?

 

Any ideas would be a great help.

 

Thank you