Secure isolated iFrame? Alternative?

开发者_JAVA技巧I am running into a problem. I want to host an external page securely. Meaning, no JavaScript in the iFrame. Or it only execute safe code, such as change the text of its page or set the color of its page. And I want to keep CSS alive.

They should look the same from the source, but, no melacious code running behind. No ActiveX, no Flash, no Plug-in. I want them look correct without all the security compromise.

I have tried jQuery load(), but, it only works for internal pages, not external pages. And the CSS in that DIV overwrite my site's CSS, which is not what I wanted.

I am looking for an isolated frame like iframe. But, without security problem. Is this possible?

HTML5 now has a 'sandbox' option for iframes.
This will allow you to block code inside the iframe.

You can learn more at: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe

You can create a server side stateful proxy, like a php script that read the remote page and clean whatever you don't like. Not a really simple thing to do, but I'm afraid there is no really easy way around.

I mean, for instance, you create proxy.php:

<?php
  $remote = file($_GET['remote']);
  // .. filter whatever you like in $remote then print it

And then link to a site using

<iframe src="proxy.php?remote=http://www.example.com"></iframe>

This is not a complete example, just a way of showing my idea.