This will also execute javascript, use with caution.
Recommended CSP Response Header : default-src 'self' 'nonce-abc123' 'sha256-abc123';base-uri 'self';frame-ancestors 'none';img-src 'self' * data:;script-src 'self' 'nonce-abc123' 'strict-dynamic' 'unsafe-inline' 'unsafe-hashes' 'sha256-abc123' http: https:;style-src 'self' 'unsafe-inline'
fetch('https://stackoverflow.com/')
.then(response => {
if (response.status !== 200) {
console.log(`Looks like there was a problem. Status Code: ${response.status}`);
return;
}
return response.text();
})
.then(function (data) {
var headContent = data.match(/(<head(\s[^>]*>|>)([\s\S]*?)<\/head>)/im)[3];
var bodyContent = data.match(/(<body(\s[^>]*>|>)([\s\S]*?)<\/body>)/im)[3];
var range = document.createRange();
var rangeHead = range.createContextualFragment(headContent);
var rangeBody = range.createContextualFragment(bodyContent);
document.head.replaceChildren(rangeHead);
document.body.replaceChildren(rangeBody);
window.dispatchEvent(new Event('DOMContentLoaded'));
})
.catch(err => {
console.log('Fetch Error :-S', err);
});