Approaches for ensuring a document does not inadvertently link or contain to any malicious content. A request from a document embedded within a parent web page itself, or comprised within a window launched by the parent web page, is received. The request is executed in a memory address space separate from a memory address space in which the parent web page resides. The execution of the request is performed using a parent proxy that represents the parent web page. Any malicious actions resulting from the performance of the request affect the parent proxy rather than the parent web page. The parent proxy provides at least a portion of the results of executing the request to a child proxy, which in turn determines what, if any, content within the results should be sent to the web browser rendering the parent web page.