Execute code in page it self.

[kunjee17]

I know there are three options given. But it will be great if we can give execution of code on same page. Dotnetfiddle is doing it. And I have used them in my blog. It will be great for user if s/he can see what code is doing on page. And also edit it before copying it.

Just and idea. Please provide your thoughts on that.

[tpetricek]

I'd be happy to have this - provided we can figure out how to run the code without ruining my server :). It might be safer to compile the code to JS and run that like in github.com/tpetricek/Fun3D

[takemyoxygen]

I think, compiling to JS won't work if code requires NuGet packages. Maybe limit execution time? E.g. if code is not executed in 2 seconds, kill the process. Plus limit permissions like here.

[tpetricek]

Yeah, compiling to JS is a toy version :). If we can limit permissions to disallow IO and all other dangerous things, then that would be pretty neat.

[kunjee17]

@tpetricek I guess @mathias-brandewinder can help us here. He do have fsibot with all the checks so no one can break system. If he can open up that thing as API we just need to do jQuery post and result will be back from fsibot. And we can keep this as kind of static site as it is.

fsibot is already doing all the hardwork I don't think it will mind little bit much more in this case.

What is your opinion?

[Krzysztof-Cieslak]

Crazy idea: don't limit permissions, run docker on VM, spawn container with F# installed for each session.

[kunjee17]

@Krzysztof-Cieslak I don't know. @mathias-brandewinder and/or @tpetricek can give answer better.

[mathias-brandewinder]

I don't know enough about Docker in practice, but @Krzysztof-Cieslak idea sounds right - just run the code on a 'disposable instance' (what we really need is an F# unikernel!). @fsibot is working fine, but people could still do bad things to it - having 140 characters limit helps a lot :) What I wanted to do for @fsibot was create a separate AppDomain for each session, where you should be able to 'whitelist' what is allowed, but I ended up being too lazy to do it, and it was more fun to do it the way I did it, black-listing 'threatening calls' - but black-listing is much weaker than explicitly stating what IS allowed.

[tpetricek]

I think the Docker idea is interesting - if someone does it and it doesn't cost too much Azure money, I'm up for it.

A separate problem then is that it would probably change what people expect - turning fssnip from a simple pastebin into an online IDE :). So, it could potentially add a lot of work. But if there are people interested, I'm happy to help!

[kunjee17]

@mathias-brandewinder @tpetricek I was in favor of things like dotnetfiddle. I don't know how that people are doing it. But it would be great.

It will be great if you can check it out if you haven't yet.

[anthonyflores-github]

hello, I created a page to test the code. There is a "test code" button on the code page. Can you take a look at my PR when I push it? thank you