Avatar of jksung

asked on 

Is it possible to "sandbox" html content within a JSP?

I am trying to create a tool within my Spring MVC webapp where the JSP page takes in text from a user from a textbox, then displays the user text below the textbox with every non-UTF8 decode-able character highlighted in yellow (by taking in the user text as a string, and wrapping every non-UTF8 character with <span style='background:yellow'>(character)</span> and saving the result as form.userDataHighlighted), then display it in the webpage as such:

                                                <TD valign="top">

The problem is that the user may enter html content with CSS styling as such:

        <meta http-equiv=Content-Type content="text/plain; charset=utf-8">

                (some user defined styling)

and this can affect the styling of the main webpage (for example, change the background color of the main webpage).

Is there a way I can "sandbox" the user text within the JSP so that it cannot affect the main JSP styling (such as display it in some kind of frame)?  I have tried something like:

<table border="1">
<td style="width:500px;height:400px">
<iframe srcdoc=${form.userDataHighlighted} frameborder="0" style="width:100%;height:100%"></iframe>

and also:


but in both cases, the background color of the main page is still affected.  Is there a way I can display the user's text with the non-UTF8 characters highlighted without allowing the user content to affect the styling of the main page?

Avatar of undefined
Last Comment

8/22/2022 - Mon