[thelist] In memory browser to evaluate a DOM after JS has been applied?

sam foster potatosculptor at gmail.com
Mon May 18 06:52:11 CDT 2009

Facebook has had to solve a similar problem. It might be worth taking
your de-obfuscator(1) in hand and looking though their source.

1) e.g. http://jsbeautifier.org/


On Wed, May 13, 2009 at 6:45 PM, Matt Warden <mwarden at gmail.com> wrote:
> On Wed, May 13, 2009 at 12:50 PM, ivo <cervantes_vive at yahoo.com> wrote:
>> I have an interesting problem I am trying to solve. I have a set of HTML pages onto which clients can add their own HTML & JS. The client HTML & JS can only be to modify the page DOM for presentation purposes. What I need to check for is if the client HTML & JS attempts to include any additional scripts or iframes. Checking the HTML document for script tags and iframes is straightforward but checking the JS fragments included on the page so that they dont dynamically build these tags or that they do ajax calls is challenging.

More information about the thelist mailing list