Thursday, May 9, 2024
Homepage · iframe
 Popular · Latest · Hot · Upcoming
107
rated 0 times [  109] [ 2]  / answers: 1 / hits: 28550  / 14 Years ago, sat, september 11, 2010, 12:00:00

I am making a small HTML page editor. The editor loads a file into an iframe. From there, it could add, modify, or delete the elements on the page with new attributes, styles, etc. The problem with this, is that JavaScript (and/or other programming languages) can completely modify the page when it loads, before you start editing the elements. So when you save, it won't save the original markup, but the modified page + your changes.



So, I need some way to disable the JavaScript on the iframe, or somehow remove all the JavaScript before the JavaScript starts modifying the page. (I figure I'll have to end up parsing the file for PHP, but that shouldn't be too hard) I considered writing a script to loop through all the elements, removing any tags, onclick's, onfocus's, onmouseover's, etc. But that would be a real pain.



Does anyone know of an easier way to get rid of JavaScript from running inside an iframe?



UPDATE: unless I've missed something, I believe there is no way to simply 'disable JavaScript.' Please correct me if I'm wrong. But, I guess the only way to do it would be to parse out any script tags and JavaScript events (click, mouseover, etc) from a requested page string.


More From » iframe
 Answers
11

You can try the same solution adopted by CKEditor, of which you have a demo here.

By switching from RTE mode to view source mode, you can enter some JavaScript and see the result, which is a replacement of the JS node in a safely encoded string.

If you are in view source mode, by entering some JS line like:



<script type=text/javascript>

// comment

alert('Ciao');

</script>


you will see it rendered this way when going back to rich text editor mode:



<!--{cke_protected}%3Cscript%20type%3D%22text%2Fjavascript%22%3E%0D%0A%2F%2F%20comment%0D%0Aalert('Ciao')%3B%0D%0A%3C%2Fscript%3E-->


I think it is one of the easiest and effective way, since the RegExp to parse JS nodes is not complex.

An example:



var pattern = /<script(s+(w+s*=s*(|').*?3)s*)*s*(/>|>.*?</scripts*>)/;

var match = HTMLString.match(pattern); // array containing the occurrences found


(Of course, to replace the script node you should use the replace() method).



Regards.


[#95660] Tuesday, September 7, 2010, 14 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
kiley
Add To Favorites
Follow
Total Points: 733
Total Questions: 118
Total Answers: 94
Location: Liechtenstein
Member since Wed, Dec 8, 2021
2 Years ago
;