Third-party embedded scripts provide a powerful way to build rich web applications, but raise important security risks. These untrusted scripts can access everything on the embedding web pages including sensitive data, which can then be leaked to malicious third-party servers. We propose RedactDOM, an egress-based approach that prevents untrusted scripts from leaking sensitive information without disrupting the scripts’ functionality. For each page, a projection page is created with a redacted DOM that has the structure and scripts from the original page but removes all potentially sensitive data. RedactDOM blocks outgoing requests generated by untrusted scripts on the real page and replaces them with a safe substitutes from the redacted page.