Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it a bad idea to store javascript and css in a database?

Ok so I'm trying to store user custom css and javascript in mysql database to be used later the head section on the page, so is it a good idea to store css and javascript in a database ? and if not what is the safe way to do this ?

I'm using wordpress and using esc_js() on javascript code I noticed it adds a backslash before quotes, and adds \n instead of new lines, so is it enough for javascript ?

and thanks in advance.

like image 714
Pierre Avatar asked Apr 30 '12 09:04

Pierre


1 Answers

Short answer: Yes, it's fine as long as it's people you trust.

Long answer:

Make sure you 100% trust your users. There's a lot of exploits that can be done through CSS/JS, so make sure you're only allowing people you completely trust to do this. Even if you tried to implement filtering of some kind, people would find ways around.

Depending on how easily you could figure out the file name, I might consider storing the data in a file. After all, the database is unnecessary overhead if you can readily determine the file name. If you can't determine the file name easily, I just go ahead and store it in the database. (Or if you're planning on storing any meta data or version information or anything, I would go ahead and go for a DB.)

like image 137
Corbin Avatar answered Oct 12 '22 22:10

Corbin