Reputation: 19
How to disable inline javascript in html?
I have html entered by user that is put in an iframe. The purpose is to suppress all inline javascript in the html. Have thought about Regexp to remove all scripts, but it caught only <script> ... </script>, but no <txt onload='..javascript...
This is the regex: /<\s*script[^>]*>[^<]*<\s*\/\s*script\s*>/gi
How can I block all js in the entered html?
Upvotes: 0
Views: 2339
Answers (1)
Reputation: 31805
Just set sandbox="" in the iframe tag and that won't allow scripts to execute.
To figure it out you can add the sandbox attribute in this demo https://www.w3schools.com/tags/tryit.asp?filename=tryhtml_iframe, then run it and open your console.
Chrome displays this message:
Blocked script execution in '' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Upvotes: 1
Related Questions
- Is there a way to disable JavaScript within the HTML file?
- Disable all javascript inside div
- Disable js within an html tag
- How to avoid inline javascript?
- how to disable script tags in a html text?
- Disable javascript in a element
- How do disable JavaScript inside an div?
- How can I disable inline javascript but allow external .js file?
- Avoid inline javascript
- Prevent inline JS execution