Is there a way to prevent Javascript from executing?
Question
I know that this question already has been asked before - and I find this answer to be very useful ( https://stackoverflow.com/a/550583 ). Even though it doesn't completely deliver the wanted outcome.
Some background: I am building a small CMS where a website can be edited through the frontend. After the edit is complete the DOM is saved via PHP to a HTML file. Some websites include js-files which manipulate the dom or load data via AJAX. As those changes shouldn't be in the final output, javascript should be blocked. If you have any other idea how to go about it please let me know.
I hope the question is clear - how should I go about it, that the "external" javascript of the page is stopped, but I am still able to manipulate the DOM by my own js-file.
Thank you
1 answers
solution1
1 ACCPTED 2019-06-05 11:04:45
You can implement a Content Security Policy to only allow JS to be loaded if it is from a specific domain. This will allow you to block inline JS and JS from other domains. You'll need to tailor it based on what you want to allow in the way of JS and other resources.
You can, and should, also sanitise the user inputted HTML .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.