//
// While TinyMCE can strip out <script> tags,
// it does not remove inline JS event handlers.
//
// Example: onmouseover, onclick, etc.
//
// This should be included at the bottom of a page,
// contained inside an <iframe> to sandbox user-created
// content. The reason it is contained in an <iframe>
// is to prevent user-created CSS from affecting
// the parent page's overall look and feel.
//

(function() {
	var all = document.getElementsByTagName('*');
	var i = all.length;
	var j;

	// All inline JS events. HTML5 too.
	var events = [
		'onabort',
		'onafterprint',
		'onbeforeonload',
		'onbeforeprint',
		'onblur',
		'onblur',
		'oncanplay',
		'oncanplaythrough',
		'onchange',
		'onclick',
		'oncontextmenu',
		'ondblclick',
		'ondrag',
		'ondragend',
		'ondragenter',
		'ondragleave',
		'ondragover',
		'ondragstart',
		'ondrop',
		'ondurationchange',
		'onemptied',
		'onended',
		'onerror',
		'onerror',
		'onfocus',
		'onfocus',
		'onformchange',
		'onforminput',
		'onhaschange',
		'oninput',
		'oninvalid',
		'onkeydown',
		'onkeypress',
		'onkeyup',
		'onload',
		'onloadeddata',
		'onloadedmetadata',
		'onloadstart',
		'onmessage',
		'onmousedown',
		'onmousemove',
		'onmouseout',
		'onmouseover',
		'onmouseup',
		'onmousewheel',
		'onoffline',
		'ononline',
		'onpagehide',
		'onpageshow',
		'onpause',
		'onplay',
		'onplaying',
		'onpopstate',
		'onprogress',
		'onratechange',
		'onreadystatechange',
		'onredo',
		'onreset',
		'onresize',
		'onscroll',
		'onseeked',
		'onseeking',
		'onselect',
		'onstalled',
		'onstorage',
		'onsubmit',
		'onsuspend',
		'ontimeupdate',
		'onundo',
		'onunload',
		'onvolumechange',
		'onwaiting'
	];

	while (i--) {
		// Keeps links from opening within the <iframe>
		if (all[i].tagName.toLowerCase() === 'a' && all[i].target !== '_blank') {
			all[i].target = '_top';
		}	

		j = events.length;

		while (j--) {
			all[i].removeAttribute(events[j]);
		}
	}
})();