Forum: Rails Spinoffs (closed, excessive spam) Avoid script execution after update

Hi everyone!

I have a hidden div-Box with some content. Inside the div box is some
JavaScript. I fetch the content of the hidden div-Box with the
prototype $ method and put it into another one which is visible.
(using the "update" method) After the paste the script is executed and
all page content is replaced by the script output.
Is there a way to avoid the script inside the pasted HTML to be
executed?

Here is an example what I mean:

The script inside this box is coming from a cms, it is just to avoid
spaming. I can't change it - it is the result of an "mailto:" link in
the backend.

<div id="hiddenbox" class="hideme">

<h2>Immobilienfachwirt</h2><br /> <img src='/demo/vrbank-immo/images/
burkhard_niessing_web.jpg' border='0' alt='' align='left' /> <table
border='0'>   <tbody>     <tr>       <td>Burkhard Nie&szlig;ing </td>
<td>&nbsp;</td>     </tr>     <tr>       <td>Telefon<br />       </td>
<td>02563 401-17<br />       </td>     </tr>     <tr>       <td>Mobil<br 
/>       </
td>       <td>0172 176 12 17<br />       </td>     </tr>     <tr>
<td>Telefax<br />       </td>       <td>02563 401-68<br />       </td> 
</tr>
    <tr>       <td>Email<br />       </td>       <td><SCRIPT TYPE="text/
javascript"
LANGUAGE="javascript">document.write(String.fromCharCode(60,97,32,104,114,101,102,61,39,109,97,105,108,116,111,58,98,117,114,107,104,97,114,100,46,110,105,101,115,115,105,110,103,64,99,111,110,115,117,108,116,105,110,103,117,110,100,105,109,109,111,98,105,108,105,101,110,46,100,101,39,62,98,117,114,107,104,97,114,100,46,110,105,101,115,115,105,110,103,64,99,111,110,115,117,108,116,105,110,103,117,110,100,105,109,109,111,98,105,108,105,101,110,46,100,101,60,47,97,62));
</SCRIPT><br />       </td>     </tr>   </tbody> </table> &nbsp;<SCRIPT
TYPE="text/javascript"
LANGUAGE="javascript">document.write(String.fromCharCode(60,97,32,104,114,101,102,61,39,109,97,105,108,116,111,58,98,117,114,107,104,97,114,100,46,110,105,101,115,115,105,110,103,64,99,111,110,115,117,108,116,105,110,103,117,110,100,105,109,109,111,98,105,108,105,101,110,46,100,101,39,62,60,47,97,62));
</SCRIPT><br />


</div>

<div id="infocolumn"></div>


<a href="javascript:void(0);" onclick= "$('infocolumn').update($
('hiddenbox').innerHTML);">Click me</a>

After cklicking the link the content of the hidden div replaces the
content inside the infocolumn correctly. But after a few moments the
page is completely cleared and all content is replaced by the output
of the "mailto hideing" script.

This is the only page content after the insert:

<html><head></head><body><a
href="mailto:burkhard.niessing@consultingundimmobilien.de">burkhard.niessing@consultingundimmobilien.de</
a><a href="mailto:burkhard.niessing@consultingundimmobilien.de"></a></
body></html>


Can anyone explain whats happening there???? I would expect that the
mailto link shows up twice  inside the div after the update but not
replacing the complete content.

Anyway - how can I avoid the script execution after the update. Or
will I have to search for any scripts inside the hidden div and delete
them?

Thanks for any tipps and kind regards
marcus

Use the String#stripScripts method:

$('infocolumn').update($('hiddenbox').innerHTML.stripScripts())

-Fred

On Fri, Jun 27, 2008 at 9:43 AM, MarcusX <jamcentrale@gmail.com> wrote:

>
> Hi everyone!
>
> I have a hidden div-Box with some content. Inside the div box is some
> JavaScript. I fetch the content of the hidden div-Box with the
> prototype $ method and put it into another one which is visible.
> (using the "update" method) After the paste the script is executed and
> all page content is replaced by the script output.
> Is there a way to avoid the script inside the pasted HTML to be
> executed?


--
Science answers questions; philosophy questions answers.