Caja

“Caja (pronounced "KA-ha") allows you to put untrusted third-party HTML and JavaScript inline in your page and still be secure.”

See.