I am building a social network site and I want to allow users to post object tags (ie videos from youtube, etc.) but I want to prevent my server from running an javascript that may be embedded in the posts. Bascially it's like the comment system on MySpace, and I know myspace has accomplished this somehow, but I'm not even sure where to begin.
Basically I just want my site to only run the javascript I have linked to on my server and disable any other javascript that users may post via comments, either by adding javascript code in the comment box or adding an object tag which has javascript in its content.
Basically I just want my site to only run the javascript I have linked to on my server and disable any other javascript that users may post via comments, either by adding javascript code in the comment box or adding an object tag which has javascript in its content.