If I were to create a site where users could put arbitrary html into their 'profile' or something similar, how might I prevent JavaScript embedded in that html from running?
Could I put an infinite loop for(;;);
somewhere? If so, where would I put it?
What other security concerns are associated with this approach?