It seems one can do: var doc = document.implementation.createHTMLDocument(''); var r = doc.createRange(); r.selectNodeContents(doc.body); var df = r.createContextualFragment("<a href=javascript:alert(1) onclick=alert(2)>"); And then do a whitelist over the document fragment nodes, and then import the node into the current document. Apparently, documents without a view don't execute javascript.Received on Wednesday, 8 May 2013 02:31:57 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC