CSS, PHP and Security

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I am thinking about opening a web site which will allow people to register
and then have direct access to a stylesheet in order to brand their page.

When a user saves their stylesheet, the system will reject it if it
includes any of the '<', '>' or '?' characters. I know this restricts some
CSS, but that's fine for my purposes.

Is there anything else I should check for? How vulnerable does having this
option leave me?



Re: CSS, PHP and Security

Ben Holness wrote:
Quoted text here. Click to load it
You can put JavaScript in CSS.  Example:

background-image : url('javascript:alert(msg);');

Quoted text here. Click to load it
If you do it properly, you should not have any problems.  My suggestion is
to implement Smarty in this case, as then you give your visitors COMPLETE

Carl Vondrick
To contact me, please use my website.

Site Timeline