An implementation of a sanitizer using this approach is bleach.js: https://github.com/asutherland/bleach.js/blob/master/lib/bleach.js
On May 7, 2013, at 7:31 PM, Eduardo' Vela wrote:
> It seems one can do:
> var doc = document.implementation.createHTMLDocument('');
> var r = doc.createRange();
> r.selectNodeContents(doc.body);
> var df = r.createContextualFragment("<a href=javascript:alert(1) onclick=alert(2)>");
>
> And then do a whitelist over the document fragment nodes, and then import the node into the current document. Apparently, documents without a view don't execute javascript.
Received on Wednesday, 8 May 2013 17:49:53 UTC