generated from nathanwoodburn/python-webserver-template
fix: Remove scripts from html to stop redirects or other random things
All checks were successful
Build Docker / BuildImage (push) Successful in 30s
All checks were successful
Build Docker / BuildImage (push) Successful in 30s
This commit is contained in:
@@ -78,8 +78,10 @@ document.addEventListener('DOMContentLoaded', function() {
|
||||
const iframe = document.getElementById('result-iframe');
|
||||
const viewSourceButton = document.getElementById('view-source');
|
||||
|
||||
// Create a blob URL from the HTML content
|
||||
const blob = new Blob([data.result], { type: 'text/html' });
|
||||
const cleanedHtml = removeScripts(data.result);
|
||||
|
||||
// Create a blob URL from the cleaned HTML content
|
||||
const blob = new Blob([cleanedHtml], { type: 'text/html' });
|
||||
const blobUrl = URL.createObjectURL(blob);
|
||||
|
||||
// Set the iframe src to the blob URL
|
||||
@@ -124,6 +126,45 @@ document.addEventListener('DOMContentLoaded', function() {
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove all script tags and event handlers from HTML content
|
||||
* @param {string} html - The HTML content
|
||||
* @returns {string} - HTML content with scripts removed
|
||||
*/
|
||||
function removeScripts(html) {
|
||||
// Create a DOM parser to work with the HTML
|
||||
const parser = new DOMParser();
|
||||
const doc = parser.parseFromString(html, 'text/html');
|
||||
|
||||
// Remove all script elements
|
||||
const scripts = doc.getElementsByTagName('script');
|
||||
while (scripts.length > 0) {
|
||||
scripts[0].parentNode.removeChild(scripts[0]);
|
||||
}
|
||||
|
||||
// Remove inline event handlers from all elements
|
||||
const allElements = doc.getElementsByTagName('*');
|
||||
for (let i = 0; i < allElements.length; i++) {
|
||||
const element = allElements[i];
|
||||
const attrs = element.attributes;
|
||||
const attrsToRemove = [];
|
||||
|
||||
// Collect all event handler attributes (on*)
|
||||
for (let j = 0; j < attrs.length; j++) {
|
||||
if (attrs[j].name.toLowerCase().startsWith('on')) {
|
||||
attrsToRemove.push(attrs[j].name);
|
||||
}
|
||||
}
|
||||
|
||||
// Remove the collected attributes
|
||||
attrsToRemove.forEach(attr => {
|
||||
element.removeAttribute(attr);
|
||||
});
|
||||
}
|
||||
|
||||
// Return the cleaned HTML
|
||||
return doc.documentElement.outerHTML;
|
||||
}
|
||||
/**
|
||||
* Display a message in the results container
|
||||
* @param {string} message - The message to display
|
||||
* @param {string} type - Message type (error, success, info)
|
||||
|
||||
Reference in New Issue
Block a user