[thelist] In memory browser to evaluate a DOM after JS has been applied?

ivo cervantes_vive at yahoo.com
Wed May 13 11:50:02 CDT 2009

Hello listers,

I have an interesting problem I am trying to solve. I have a set of HTML pages onto which clients can add their own HTML & JS. The client HTML & JS can only be to modify the page DOM for presentation purposes. What I need to check for is if the client HTML & JS attempts to include any additional scripts or iframes. Checking the HTML document for script tags and iframes is straightforward but checking the JS fragments included on the page so that they dont dynamically build these tags or that they do ajax calls is challenging.

One potential approach is to sandbox a page, apply the client HTML and JS and evaluate the DOM for these tags. Another approach would be to sandbox the page, apply the client HTML/JS and observe for any outgoing requests. Both of these approaches require a browser onto which I can load the document and automagically examine any outgoing requests, much like Firebug logs these requests.

Are there a more appropiate solution I am overlooking? (allowing JS & HTML fragments from the client is a requirement)

Is there an in memory browser available that can be manipulated in such a manner? A Firebug-type tool with no GUI that can be automated so it can be run on a server, load a document and report any outgoing requests or from which I could request the resultant DOM after all JS has been applied.

Thanks for any thoughts.

- Ivo

More information about the thelist mailing list