Avatar of jksung
jksung

asked on 

Is it possible to "sandbox" html content within a JSP?

I am trying to create a tool within my Spring MVC webapp where the JSP page takes in text from a user from a textbox, then displays the user text below the textbox with every non-UTF8 decode-able character highlighted in yellow (by taking in the user text as a string, and wrapping every non-UTF8 character with <span style='background:yellow'>(character)</span> and saving the result as form.userDataHighlighted), then display it in the webpage as such:

                                          <TABLE...>
                                          ........
                                          <TR>
                                                <TD valign="top">
                                                      <div>${form.userDataHighlighted}</div>
                                                </TD>
                                          </TR>
                                           </TABLE>

The problem is that the user may enter html content with CSS styling as such:

<html>
    <head>
        <meta http-equiv=Content-Type content="text/plain; charset=utf-8">
        <title></title>

        <style>
                (some user defined styling)
                ......
        </style>
    </head>
   <body>
       ....
    </body>
</html>

and this can affect the styling of the main webpage (for example, change the background color of the main webpage).

Is there a way I can "sandbox" the user text within the JSP so that it cannot affect the main JSP styling (such as display it in some kind of frame)?  I have tried something like:

<table border="1">
<tr>
<td style="width:500px;height:400px">
<iframe srcdoc=${form.userDataHighlighted} frameborder="0" style="width:100%;height:100%"></iframe>
</td>
</tr>
</table>

and also:

<jsp:include.......>

but in both cases, the background color of the main page is still affected.  Is there a way I can display the user's text with the non-UTF8 characters highlighted without allowing the user content to affect the styling of the main page?
JSPCSSJavaJavaScriptHTML

Avatar of undefined
Last Comment
mccarl

8/22/2022 - Mon