How can I accept front end code without risk of injection? Autoparsing optimization

[greenace92]

This is a two parter... mostly a discussion as I am currently not employing the purpose of these "things"

 

I am creating an autoparsing webapp that has unlimited use... whatever a person can think of

 

It accesses camera, microphone, gyro/accelerometer, flash etc... mostly it takes in data and does something to it according to the parsing tool

 

I'm not saying this is new, in fact I spent a while using Touch Develop which is a scripting "thing" by Microsoft, the problem was lag

 

That is another thing that concerns me, without web access the web-app is useless right? So I'm wondering if it is possible to copy your current setup and either translate it to the mobile languages like Java, C#/XML, Objective C or somehow a platform independent alternative

 

Anyway...

 

I'm not sure if I can access front end code, like <div class="whatever"> safely using injection

 

Well injection you just bind parameters but what if the incoming string is literally malicious ?

 

Also as far as autoparsing optimization goes, what I mean by that is

I intended to create a character by character comparison, obviously or at least to me, starting with easier stuff first like

 

for example a link is entered

 

http://www.something.com

 

then the autoparser compares each character one at a time from left to right

 

|1|2|3|4|5|6|7|8|9|10|

|h|t|t|p|:|/|/|w|w|w|...etc...

 

But I would check for existing formats starting with the shortest first and also checking from right and left, eg. .mp4 is obvious as a file type

 

I'll have more once I actually know what I need just looking to discuss I suppose... sorry if that is not appropriate feel free to delete this thread

 

In the future the users who have modified their personal accounts would benefit from an "AI" thing that is specific to their personalities based on what they have enabled

Edited December 28, 2014 by greenace92

[QuickOldCar]

Personally I always thought web apps were a waste, especially since most phones now can view web pages a lot better now.

 

You can make nice mobile capable sites these days, some screen size discovery is harder now with the huge phones and tablets.

 

It sounds like you need to make an api

Include any extensions/library or code need for particular tasks.

 

json data usually works out well a few languages, I would try to make anything you have output to that.

 

As for escaping, let pdo do the work mostly, but you can match anything as for tags,scripts,bad words and such and filter them out.

 

A way to grab the extension, some files have to download at least a partial of it to find out what it really is.

$url = "http://mysite.com/file/greatsong.mp4";
$ext = array();
$ext = end(explode(".",$url));
if(!empty($ext)){
echo $ext;
}

You can't always rely on extensions as being safe, as an example is viruses embed into pdf files

There is mp4 video and audio, without the mime type is unknown

Images generated with gd or through a script could have no extension unless downloaded a partial of it and find out what it is.

 

I parse pages a lot with dom, simplexml or preg_match

[greenace92]

Hey thanks for your post

 

I can't think clearly right now... I'm contemplating on completely removing my presence from the internet aside from work that I publish.

Be a pedestrian/bystander if you will rather than a participator.

 

I'm going to start working on this project, I've pretty much finished the other one thanks to your help and NotionCommotion.

 

It's dumb how I get hung up on problems like that and I am literally stuck, as I say, like smashing my head into a brick wall over and over again 

 

Sleep helps though, after 24 hours or more, you start to get irritated, sleep paralysis sucks too

 

I just can't handle it, I will not accept being doomed to be a laborer when there are people who make money from the internet while they sleep, more than any laborer can make and that person doesn't even lift a finger... only manages once it is built

 

Life will be better...

 

Anyway thanks for your input

 

I'm sure once I actually know what I want, the answers will present themselves, after all, the answer is just a click away...or a lot

[QuickOldCar]

It gets tiresome after a while, I've been at it many years and spent many sleepless days in a chair.

What keeps me going is a few projects that interest me.

 

Using your brain a lot is sometimes more stressful than manual labor.

[greenace92]

Yeah it is wonderful to have a passion. For me it was building and flying model airplanes, I learned that when I was young that happiness for me wasn't money, it was green grass, a clear blue sky, the sun, warmth and a model airplane. I hope to return to that someday.

 

Sorry to get so off topic lol. <- this will come off some day, as well as haha and "man". I don't know why I choose to append/ prepend these words, lol just looks childish...

 

I don't know... I think exhaustion brings out the worst in me... that feeling of despair.

 

I'm almost to the point where I can look at this again.

 

I don't know if I can accomplish what I'm after.

 

A php-based autoparser that has a built in community with an imbedded market.

 

I need to look into embedding an IDE of some sort so people can write code directly at the website, to be sold under their name ( a percentage on my end of course hehe)

 

Additionally backgrounds could be sold as well as icons / associated code like accessing cameras, etc...

Edited January 12, 2015 by greenace92