nathanwoodburn/debug-tools
1
0
Fork 0
generated from nathanwoodburn/python-webserver-template
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Remove scripts from html to stop redirects or other random things
All checks were successful
Build Docker / BuildImage (push) Successful in 30s
Details

Browse Source
This commit is contained in:
Nathan Woodburn
2025-02-27 14:28:59 +11:00
parent 3998e1cafc
commit 964779136c
1 changed files with 157 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
templates/assets/js/curl.js
View File

@@ -1,11 +1,11 @@
document.addEventListener('DOMContentLoaded', function() {
document.addEventListener('DOMContentLoaded', function () {
// Get references to elements
const curlButton = document.getElementById('curl');
const curlUrlInput = document.getElementById('curl-url');
const resultsContainer = document.getElementById('curl-results');
// Add click event listener to the button
curlButton.addEventListener('click', function() {
curlButton.addEventListener('click', function () {
// Get the URL from the input
const url = curlUrlInput.value.trim();
@@ -32,7 +32,7 @@ document.addEventListener('DOMContentLoaded', function() {
handleCurlRequest(url);
});
// Add enter key listener to input
curlUrlInput.addEventListener('keyup', function(event) {
curlUrlInput.addEventListener('keyup', function (event) {
if (event.key === 'Enter') {
curlButton.click();
}
@@ -78,15 +78,17 @@ document.addEventListener('DOMContentLoaded', function() {
const iframe = document.getElementById('result-iframe');
const viewSourceButton = document.getElementById('view-source');
// Create a blob URL from the HTML content
const blob = new Blob([data.result], { type: 'text/html' });
const cleanedHtml = removeScripts(data.result);
// Create a blob URL from the cleaned HTML content
const blob = new Blob([cleanedHtml], { type: 'text/html' });
const blobUrl = URL.createObjectURL(blob);
// Set the iframe src to the blob URL
iframe.src = blobUrl;
// Add event listener to view source button
viewSourceButton.addEventListener('click', function() {
viewSourceButton.addEventListener('click', function () {
// Show source code in a modal or new window
const sourceWindow = window.open('', '_blank');
sourceWindow.document.write(`
@@ -105,7 +107,7 @@ document.addEventListener('DOMContentLoaded', function() {
});
// Set up cleanup when iframe is no longer needed
window.addEventListener('beforeunload', function() {
window.addEventListener('beforeunload', function () {
URL.revokeObjectURL(blobUrl);
});
} else {
@@ -124,6 +126,45 @@ document.addEventListener('DOMContentLoaded', function() {
}
/**
* Remove all script tags and event handlers from HTML content
* @param {string} html - The HTML content
* @returns {string} - HTML content with scripts removed
*/
function removeScripts(html) {
// Create a DOM parser to work with the HTML
const parser = new DOMParser();
const doc = parser.parseFromString(html, 'text/html');
// Remove all script elements
const scripts = doc.getElementsByTagName('script');
while (scripts.length > 0) {
scripts[0].parentNode.removeChild(scripts[0]);
}
// Remove inline event handlers from all elements
const allElements = doc.getElementsByTagName('*');
for (let i = 0; i < allElements.length; i++) {
const element = allElements[i];
const attrs = element.attributes;
const attrsToRemove = [];
// Collect all event handler attributes (on*)
for (let j = 0; j < attrs.length; j++) {
if (attrs[j].name.toLowerCase().startsWith('on')) {
attrsToRemove.push(attrs[j].name);
}
}
// Remove the collected attributes
attrsToRemove.forEach(attr => {
element.removeAttribute(attr);
});
}
// Return the cleaned HTML
return doc.documentElement.outerHTML;
}
/**
* Display a message in the results container
* @param {string} message - The message to display
* @param {string} type - Message type (error, success, info)
@@ -177,4 +218,4 @@ document.addEventListener('DOMContentLoaded', function() {
handleCurlRequest(url);
}
}
});
});