Disabling javascript in specific block/div (containing suspect HTML) ?

Posted by T4NK3R on Stack Overflow See other posts from Stack Overflow or by T4NK3R
Published on 2010-06-15T10:56:35Z Indexed on 2010/06/15 11:52 UTC
Read the original article Hit count: 286

Is it, in any way, possible to disable the browsers execution of script inside a block/section/element ?

My scenario is, that I'm letting my (future) users create "rich content" (using CK-editor). Content that wil later be shown to other users - with all the dangers that imply: xss, redirection, identity theft, spam and what not...

I've, more or less, given up on trying to "sanitize" the incomming XHTML, after seeing how many known "vectors of attack" there are: http://ha.ckers.org/xss.html

What I'm really looking for is something like:

< div id="userContent">< scriptOFF>

suspect HTML

< /scriptOFF>< /div>

© Stack Overflow or respective owner

Related posts about JavaScript

Related posts about security