Description
Yeah - I know the title might sound as if I'm crazy, but it's a serious question. I'd like to either:
- Load HTML to DOM, without executing any scripts and then call a script on loaded DOM.
or
- Be able to execute script on a page, but if that script uses DOMParser, then scripts in HTML parsed by it should not be executed.
My specific case: I'm trying to evaluate if it is possible to run DOMPurify server side, so that my sanitization on server side is as close as possiblt to the client side. Before I start conversion of JS to C#, I decided to check if DOMPurify will work "out of the box" and what its performace will be. After working around of some issues (e.g. #101) it does work for simple cases, but I encountered issues sanitizing HTML with script tags. I'm aware that a lot more can backfire, but hey - why not try! :)
I'm sure I can workaround this problem as well, but again - maybe I miss some obvious solution. I saw in code, that if fragment is processed, then scripts execution is skipped. I'm not sure if that is what I want, but maybe there's another way...
Versions:
AngleSharp & AngleSharp.JS: master
Jint: 4.2.1