I would like to see if I can move our server side mail tag injection to jQuery on the client side.
I guess I am wondering if the logic I am thinking will prevent any premature browser processing before jQuery gets to perform the filtering. When a message is going to be displayed on our system, the server will generate the page and based on the user's options, it may filter the message as it spits out the message body to the browser: <div id="msgwin" style="margin-left: 1%; margin-right: 1%;"> @get message.body@ </div> The server will filter the mail body removing typical tags considered dangerous and/or related to user tracking (like images). The end result is pure HTML - no special tags like scripts, links, frames, images, etc. Moving this to jQuery, I guess I have to get the data in a mode where none of the special tags are processed. Can I safely presume a initial style="display:none;" for <DIV id="msgwin"> will not activate any of the tags? Here is what I did and it seems to work without changing the <div> tag to make it initiallize hidden. I am doing it programmatically. <head> <script type="text/javascript" src="/public/js/jquery.pack.js"></ script> <script type='text/javascript'> $(document).ready(function() { var $msg = $("#msgwin"); $msg.hide(); $("#msgwin img,link,script,iframe").remove(); $msg.show(); }); </script> </head> I checked the server logs and firebug and there is no request for the special tags. Is this good enough or is there any other consideration? thanks -- HLS