Good point. If only there were a way to mark a section of HTML as "no scripting ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		justin_oaks on May 26, 2023 \| parent \| context \| favorite \| on: That people produce HTML with string templates is ... Good point. If only there were a way to mark a section of HTML as "no scripting here". Inside that section all <script> tags would be ignored, all onclick and similar attributes would be ignored, etc. That said, even if that existed, there'd still probably be some dangers you'd have to be careful to avoid.

yyyk on May 26, 2023 [–]

>If only there were a way to mark a section of HTML as "no scripting here"

iframe sandbox with srcdoc? Not so elegant, but it works. [Alternatively, iframe to another document and use CSP header there to ban everything]

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact