Disabling javascript in specific block/div (containing suspect HTML) ?
Posted
by T4NK3R
on Stack Overflow
See other posts from Stack Overflow
or by T4NK3R
Published on 2010-06-15T10:56:35Z
Indexed on
2010/06/15
11:52 UTC
Read the original article
Hit count: 286
Is it, in any way, possible to disable the browsers execution of script inside a block/section/element ?
My scenario is, that I'm letting my (future) users create "rich content" (using CK-editor). Content that wil later be shown to other users - with all the dangers that imply: xss, redirection, identity theft, spam and what not...
I've, more or less, given up on trying to "sanitize" the incomming XHTML, after seeing how many known "vectors of attack" there are: http://ha.ckers.org/xss.html
What I'm really looking for is something like:
< div id="userContent">< scriptOFF>
suspect HTML
< /scriptOFF>< /div>
© Stack Overflow or respective owner