Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Grabbing everything but the script
Message
 
À
01/05/2013 13:32:50
Michel Fournier
Level Extreme Inc.
Petit-Rocher, Nouveau-Brunswick, Canada
Information générale
Forum:
Javascript
Catégorie:
DHTML
Titre:
Re: Grabbing everything but the script
Divers
Thread ID:
01572384
Message ID:
01574006
Vues:
75
This message has been marked as a message which has helped to the initial question of the thread.
Using jQuery you can strip all the script tags like this:
        < script src="scripts/jquery.min.js"></script>

        < script type="text/javascript">
	    $().ready( function() {
	        var html = document.body.innerHTML;	    
	        $html = $(html);
	        $html.remove("script");        
	        alert($html[0].outerHTML);
	    });
        </ script>
If you use regex approaches be aware that code like Thierry's doesn't capture things like extra leading spaces on tags.

Also be aware that there are many more attack vectors than script tags - javascript inside of HREF links, object tags form tags that can point at script etc.

For some rudimentary discussion of what's involved at minimum take a look at this post where I tackle server side cleanup of HTML using HtmlAgilityPack.
http://www.west-wind.com/weblog/posts/2012/Jul/19/NET-HTML-Sanitation-for-rich-HTML-Input

+++ Rick ---

>I am grabbing the content of the actual page and dumping that into a DIV area inside the parent. I do it like this:
>
>
>window.parent.oDiv.innerHTML=document.body.innerHTML
>
>
>When I do this, it grabs as well the script. What kind of approach can I use so that the script will not be included?
+++ Rick ---

West Wind Technologies
Maui, Hawaii

west-wind.com/
West Wind Message Board
Rick's Web Log
Markdown Monster
---
Making waves on the Web

Where do you want to surf today?
Précédent
Suivant
Répondre
Fil
Voir

Click here to load this message in the networking platform