search

pfrazee / machine

User software environment for the Web
0 stars 0 forks source link

Harden against attacks from rendered items #11

Open pfrazee opened 10 years ago

pfrazee commented 10 years ago

https://github.com/pfraze/machine/wiki/Security-Design

pfrazee commented 10 years ago

Resources:

https://code.google.com/p/google-caja/wiki/JsHtmlSanitizer https://developer.mozilla.org/en-US/docs/Web/API/DOMParser https://developer.mozilla.org/en-US/Add-ons/Code_snippets/HTML_to_DOM

var oParser = new DOMParser();
var oDOM = oParser.parseFromString('<div>'+html+'</div>', "text/html");
update.html = oDOM.body.innerHTML;
pfrazee commented 10 years ago

Related: #50