Javascript input whitelist

Question

Javascript input whitelist

I need to execute javascript code written by users. Of course, I have to consider javascript evil. I have a global object on the page that scripts should interact with, but I am not a wan script to be able to access anything else, including the DOM, jQuery and the window object.

Is it possible to modify the incoming javascript to cut out everything that I did not specify explicitly white?

For instance:

function modField(){
  if(!f.alpha.enabled){
    f.main.enabled = /960/.test(f.productName.text);
    f.name = document.getElementById('#username');
  }

}

Would after cleaning:

function modField(){
  if(!f.alpha.enabled){
    f.main.enabled = /960/.test(f.productName.text);
  }

}

How to do it?

+4

javascript security sanitization whitelist

Prichmp Nov 16 '16 at 16:45

source share

No one has answered this question yet.

See similar questions:

135

Is it possible to work with a JavaScript sandbox in a browser?

or similar:

7649

How do JavaScript locks work?

7494

How to remove a specific element from an array in JavaScript?

7432

How to check if a string contains a substring in JavaScript?

7287

What does use strict do in JavaScript, and what are the reasons for this?

5722

How to remove a property from a JavaScript object?

5670

Which operator is equal (== vs ===) should be used in comparing JavaScript?

5101

What is the most efficient way to deeply clone an object in JavaScript?

4829

How to include a javascript file in another javascript file?

4380

For each array in javascript?

3842

Create GUID / UUID in JavaScript?

Javascript input whitelist

More articles: