在运行时解释和/或接收 dotNet 代码

发布于 2024-08-04 16:01:31 字数 956 浏览 5 评论 0原文

Html 可以包含嵌入其中的少量Javascript(例如在onclick 事件处理程序中定义)。

  1. 如果我使用 C# 等 dotNet 语言编写 Html 浏览器,那么我可以使用哪些技术或 API 来运行此类 Javascript 片段,因为我直到运行时才收到它(并将其作为字符串数据接收,不是可执行代码)?

  2. 如果要运行的代码是 C# 片段而不是 Javascript,是更容易还是更困难?

  3. 是否有任何技术不需要我的代码具有不寻常的权限?例如,像 CodeCompiler.FromSource 这样的方法需要 SecurityPermissionFlag.UnmanagedCode (这在我看来有点过分:我不明白为什么编译代码的风险如此之大)。

  4. 如果我控制服务器端和客户端代码,我还可以考虑在服务器而不是客户端编译此类脚本片段,然后将其作为预编译代码发送到客户端执行。有没有办法通过网络将此类代码(大概是 dotNet 程序集)发送到客户端,让客户端代码从网络将其接收到客户端 RAM,并在客户端调用它而无需< /em> 将其作为文件存储在客户端磁盘驱动器上?


编辑

我已经回答了前三个问题:我已经接受了编译需要高权限的事实。我不明白为什么;也许(虽然我不认为这是一个非常令人信服的原因)这是因为编译器是使用非托管代码实现的。也许当他们使用托管代码重新实现编译器时(可能是“C# 版本 5”时间范围内),这种情况会发生变化。无论如何,无论什么原因,事情似乎就是这样,并且没有解决方法(其他类似的 API,但需要较少的权限)。

我剩下的问题是如何将 Assembly 实例从一台机器获取到另一台机器。当我有时间时,我会查明不受信任的代码是否可以运行 Assembly.Load(byte[] rawAssembly) 方法。

Html can contain little bits of Javascript embedded in it (e.g. defined in onclick event handlers).

  1. If I were writing an Html browser using a dotNet language like C#, what technologies or APIs could I use to run such Javascript fragments, given that I don't receive it until run-time (and receive it as string data, not as executable code)?

  2. Is it any easier or harder if the code to be run were C# snippets rather than Javascript?

  3. Is there any technique which doesn't require my code to have unusual priviledges? For example, a method like CodeCompiler.FromSource requires SecurityPermissionFlag.UnmanagedCode (which seems to me excessive: I don't see why it's so risky to compile code).

  4. If I controlled the server-side as well as the client-side code, I could also consider compiling such script fragments on the server instead of on the client, and then sending it as precompiled code to the client side to be executed. Is there a way to send such code (a dotNet assembly, presumably) over the network to the client, have client-side code receive it from the network into client-side RAM, and invoke it on the client side without storing it as a file on a client-side disk drive?


Edit

I have answer to the first three questions: I've resigned myself to the fact that compiling takes high privileges. I don't see why; maybe (although I don't find this a very convincing reason) it's because the compiler is implemented using unmanaged code. Maybe this will change when they reimplement the compiler using managed code, in maybe the "C# version 5" timeframe. In any case, whatever the reason, that seems to be the way it is, and there are no work-arounds (other similar APIs but which require fewer privileges).

My remaining question then is how to get an Assembly instance from one machine to another. When I have time I'll find out whether untrusted code can run the Assembly.Load(byte[] rawAssembly) method.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

我最亲爱的 2024-08-11 16:01:31
  1. 服务器端Javascript是.NET平台支持的语言之一。当您需要将小代码片段插入现有代码时,我多次使用它。运行时它可以从ie数据库加载并编译,因此没有性能损失。

  2. 从使管道工作(检索源代码、编译源代码等)的角度来看,没有什么区别。对于强类型语言,尽管将代码片段组装成可编译的编译单元要困难得多。

  3. 权限无疑是一个挑战。我不确定您提到的具体权限,但安全性是一个问题,毕竟您编译的源代码可以是任何内容,如果您不小心代码的源代码,它可能会成为您系统的后门

  4. 这个问题的答案是——当然可以。您可以从任何地方加载程序集,不一定从文件中加载,您也可以在内存中编译 - 这就是我所做的。在本例中没有 dll 文件。

  1. Server side Javascript is one of the languages supported by the .NET platform. I used it many times in the scenrios when you need to insert small code snippets into existing code. Runtime it can be loaded from i.e. database and compiled, so there is no preformance penalty.

  2. From the standpoint of making the plumbing work (retrieveing the source, compiling it, etc.) there is no difference. With strongly typed languages though it is much more difficult to assemble code snippets into a compilable compilation unit.

  3. Permissions is certanly a challenge. I am not sure about the specific permission you mentioned, but security is a concern, after all the source you compile can be anything and if you are not careful about the source of your code it can become the backdoor into your system

  4. The answer to this one is - yes of course. You can load an assembly from anywhere, not necessarily from a file, you can also compile in memory - that's what I do. There is no dll file in this case.

○闲身 2024-08-11 16:01:31

你问了几个问题,所以我会给你一个关于其中一个的想法。
有一篇非常好的文章和一些代码示例来自:
http://www.west-wind.com/presentations/dynamicCode/DynamicCode。嗯
其中讨论了在运行时编译和执行 C# 代码。我发现它非常有用,我正在标准 C# 应用程序中使用它。看起来它也可以用于解决您的问题。

You're asking several questions, sort of, so I'll give you an idea on one of them.
There's a very good article and some code samples from:
http://www.west-wind.com/presentations/dynamicCode/DynamicCode.htm
which talks about compiling and executing C# code at runtime. I found it very useful and I am using this in a standard c# application. Seems like it would be usable for your problem as well.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文