Sorry if this is a silly question, but is there any way a user could add dodgy javascript or anything like that to a css definition?
Basically, is it safe to let users edit their own stylesheets for my site, which will be included with <link> tag in the <head> of each page?
thanks for your help, sam
css security?
Moderator: General Moderators
-
samscripts
- Forum Commoner
- Posts: 57
- Joined: Tue Apr 23, 2002 4:34 pm
- Location: London, UK
what's found in this file referenced by <link rel="stylesheet" TYPE="text/css" HREF=.... is considered to be css-only.
But for Internet Explorer you may define a behaviour-property.
And the file referenced by it can contain script-code
But for Internet Explorer you may define a behaviour-property.
And the file referenced by it can contain script-code
-
samscripts
- Forum Commoner
- Posts: 57
- Joined: Tue Apr 23, 2002 4:34 pm
- Location: London, UK
thanks Volka, still not quite clear:
basically if I let my site's users create their own style sheet through a form with an input field for each style ie:
which I then add nto the style sheet like this:
would anyone be able to add any script or calls to external scripts / styles that would present any kind of security risk? I'm not concerned about them messing up display of the page for themselves
, and only the user who creates the style sheet will be able to use it.
thanks for your help, sam
basically if I let my site's users create their own style sheet through a form with an input field for each style ie:
Code: Select all
<b>body:</b><input type="text" name="body"><br>
<b>td:</b><input type="text" name="td"><br>
etc...Code: Select all
$styles = array("td", "body",...);
$css = "";
for( $i =0;$i < count($styles); $i++){
$css .= $stylesї$i] .' { '.str_replace('}', '', $_POSTї$stylesї$i]]).'}';
}
// save $css into a file called $username.cssthanks for your help, sam