Login/Register
Interpreting and/or receiving dotNet code at run-time
Asked Answered
Solved javascriptc#.netinterpretercodedom
P

2

6

Html can contain little bits of Javascript embedded in it (e.g. defined in onclick event handlers).

  1. If I were writing an Html browser using a dotNet language like C#, what technologies or APIs could I use to run such Javascript fragments, given that I don't receive it until run-time (and receive it as string data, not as executable code)?

  2. Is it any easier or harder if the code to be run were C# snippets rather than Javascript?

  3. Is there any technique which doesn't require my code to have unusual priviledges? For example, a method like CodeCompiler.FromSource requires SecurityPermissionFlag.UnmanagedCode (which seems to me excessive: I don't see why it's so risky to compile code).

  4. If I controlled the server-side as well as the client-side code, I could also consider compiling such script fragments on the server instead of on the client, and then sending it as precompiled code to the client side to be executed. Is there a way to send such code (a dotNet assembly, presumably) over the network to the client, have client-side code receive it from the network into client-side RAM, and invoke it on the client side without storing it as a file on a client-side disk drive?

Edit

I have answer to the first three questions: I've resigned myself to the fact that compiling takes high privileges. I don't see why; maybe (although I don't find this a very convincing reason) it's because the compiler is implemented using unmanaged code. Maybe this will change when they reimplement the compiler using managed code, in maybe the "C# version 5" timeframe. In any case, whatever the reason, that seems to be the way it is, and there are no work-arounds (other similar APIs but which require fewer privileges).

My remaining question then is how to get an Assembly instance from one machine to another. When I have time I'll find out whether untrusted code can run the Assembly.Load(byte[] rawAssembly) method.

Priory answered 14/9, 2009 at 21:6 Comment(6)
Have you seen Anders REPL loop demo from PDC '08. Just wait until that comes out and you'll be set :) --channel9.msdn.com/pdc2008/TL16 (It's towards the end)Savoirvivre
So you want to interpret .NET code from client, compile on server side, then execute on client directly from memory?Scratchboard
I have some client-server code already running. Using that I'd like to send scripts from the server to be run on the client. If those scripts need to be compiled, I don't mind much whether they're compiled on the server or on the client. I'd prefer to do it using client-side code that has minimal priviledges, e.g. "partial trust / internet zone", which prevents me writing to client-side disk etc.Priory
dlr.codeplex.com/Thread/View.aspx?ThreadId=58121 says there's a "Dynamic Language Runtime" (and I should investigate what that is), but that the DLR can't be used with JavaScript (wich never made it to production); the DLR is instead to used by the 'Iron' languages, and I don't know whether/how that might interop with normal (e.g. with compiled C#) code. I don't know whether the DLR might be relevent to my question.Priory
west-wind.com/WebLog/posts/10688.aspx says that Microsoft.JScript.Eval.JScriptEvaluate works under limited trust. But, MSDN says that "this API supports the .NET Framework infrastructure and is not intended to be used directly from your code"; and, the code being evaluated presumably can't link to / reference / invoke anything substantial, e.g. dotNet APIs.Priory
@Jason "Have you seen Anders REPL loop demo from PDC '08." -- Thank you for referencing that: it was informative. I think it seems to be scheduled for after C# v4.Priory
M
2

  1. Server side Javascript is one of the languages supported by the .NET platform. I used it many times in the scenrios when you need to insert small code snippets into existing code. Runtime it can be loaded from i.e. database and compiled, so there is no preformance penalty.

  2. From the standpoint of making the plumbing work (retrieveing the source, compiling it, etc.) there is no difference. With strongly typed languages though it is much more difficult to assemble code snippets into a compilable compilation unit.

  3. Permissions is certanly a challenge. I am not sure about the specific permission you mentioned, but security is a concern, after all the source you compile can be anything and if you are not careful about the source of your code it can become the backdoor into your system

  4. The answer to this one is - yes of course. You can load an assembly from anywhere, not necessarily from a file, you can also compile in memory - that's what I do. There is no dll file in this case.

Mckenney answered 14/9, 2009 at 22:13 Comment(2)
To summarize my problem: even instantiating a JScriptCodeProvider instance requires full trust, so compiling on the low-trust client side doesn't look good. Or if I create/compile an Assembly instance on the server, I can serialize it using a BinaryFormatter ... but then when I try to deserialize it I get an exception ("System.IO.FileNotFoundException: Could not load file or assembly 'Foo, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. The system cannot find the file specified") so I don't know how to get the Assembly instance from the server to the client.Priory
You do not "deserialize" it. not explicitly. Just give it the url pointing to your server and let AssemblyLoader do the jobMckenney
T
1

You're asking several questions, sort of, so I'll give you an idea on one of them. There's a very good article and some code samples from: http://www.west-wind.com/presentations/dynamicCode/DynamicCode.htm which talks about compiling and executing C# code at runtime. I found it very useful and I am using this in a standard c# application. Seems like it would be usable for your problem as well.

Tabard answered 16/9, 2009 at 19:50 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.