I would like to see if I can move our server side mail tag injection
to jQuery on the client side.
I guess I am wondering if the logic I am thinking will prevent any
premature browser processing before jQuery gets to perform the
filtering.
When a message is going to be displayed on our system, the server will
generate the page and based on the user's options, it may filter the
message as it spits out the message body to the browser:
<div id="msgwin" style="margin-left: 1%; margin-right: 1%;">
@get message.body@
</div>
The server will filter the mail body removing typical tags considered
dangerous and/or related to user tracking (like images). The end
result is pure HTML - no special tags like scripts, links, frames,
images, etc.
Moving this to jQuery, I guess I have to get the data in a mode where
none of the special tags are processed.
Can I safely presume a initial style="display:none;" for <DIV
id="msgwin"> will not activate any of the tags?
Here is what I did and it seems to work without changing the <div> tag
to make it initiallize hidden. I am doing it programmatically.
<head>
<script type="text/javascript" src="/public/js/jquery.pack.js"></
script>
<script type='text/javascript'>
$(document).ready(function() {
var $msg = $("#msgwin");
$msg.hide();
$("#msgwin img,link,script,iframe").remove();
$msg.show();
});
</script>
</head>
I checked the server logs and firebug and there is no request for the
special tags.
Is this good enough or is there any other consideration?
thanks
--
HLS
