In a collaborative editing environment where scripting is enabled (e.g. via JavaScript), there are a number of ways that a malicious attacker can place well-constructed content on a content page, such as a publicly shared wiki document or wiki page. For example, a hidden script embedded in the content page may steal the currently logged-in user's authentication token, or lead the user to unknowingly perform actions where a script masquerades itself as a built-in feature of the content page (e.g. “clickjacking”).
Typically, when storing a wiki page in a server for sharing with wiki users, a security measure may be performed to strip any malicious looking scripts or texts of dubious styles from the wiki page to prevent security risks. However, there may be a genuine need to place scripts on wiki pages for non-malicious reasons, such as allowing multimedia content presentation.
Therefore, traditional approaches for collaborative document editing do not provide a secure manner to accommodate evolving types of active content.