Reputation: 21
Remove script which is executed after load the page
There is a site with wall of topics. Anyone can write anything. But anyone can write JS script and this script will be executed with loading this site.
Something like document.body.innerHTML = "";.
I wrote also script which found every script in <div> with topics and rewrite its to empty string, but it does not work.
If I tested this script on the site (in console) with topics (before executed), it found scripts and rewrite its, but after post my script to this website, it does not work. Scripts will be executed after all.
Can I fix it before help from IT tech?
Upvotes: 2
Views: 1340
Answers (1)
Reputation: 6965
One solution is to add the user content as a text node. The content will show up exactly as the user typed it. Though if you're trying to include formatting (bold, italic, etc.), this won't work.
const userContent = "<myScript>alert('here')</myScript>"
const userContentNode = document.createTextNode(userContent)
document.body.appendChild(userContentNode)<body>
</body>I had to use <myScript> instead of <script> because it looks like Stackoverflow does some kind of anti-XSS stuff for snippets.
Upvotes: 1
Related Questions
- How to delete script loaded by .getScript()
- remove an element that created
- How do I stop the execution of a certain javascript on page load
- browser shows script which I have deleted
- Remove JavaScript code from page with JavaScript
- How to remove specific <script> on click
- How to remove loaded script and add new script?
- How to remove script initialisation from javaScript file
- How can I remove a some javascript from my webpage?
- Remove script from site before being executed