css securities

Questions and tutorials related to Cascading Style Sheets *all versions*

Moderators: macek, egami, gesf

trevis
New php-forum User
New php-forum User
Posts: 15
Joined: Fri Feb 24, 2006 1:25 pm
Location: CA, United States
Contact:

css securities

Postby trevis » Fri Feb 24, 2006 6:13 pm

Hi, I was wondering what the security risks might be (if any), to allow users to use their own stylesheets on my web page. I was thinking of possibly allowing to point to a stylesheet on their computer, and maybe eventually uploading stylesheets for others to use. The uploaded stylesheets would of course have to be approved before becoming availabl to all users. As far as I can tell, there would be no security risks in allowing users to point to a local stylesheet on their hard drive, but I though I would ask, just to check if anyone knows something I don't.

Thanks

-Trevis

User avatar
Alexej Kubarev
Site Admin
Site Admin
Posts: 2223
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län
Contact:

Postby Alexej Kubarev » Sat Feb 25, 2006 12:49 pm

well, there wouldnt be any problems as i can see, not for you or your site anyways
in css you may define some behaviours for, lets say images.

that will be connected to a htc file that will contain javascript. this will not be able to harm you in any way, as Js is clientside.. so this shouldnt be any problem

User avatar
Coditor
New php-forum User
New php-forum User
Posts: 243
Joined: Wed Feb 01, 2006 9:18 am
Location: Netherlands
Contact:

Postby Coditor » Sat Feb 25, 2006 2:09 pm

You should still be carefull when you allow the stylesheet to be used by others, wrt the JS.

By the way, every IE user (don't know about other browsers) can setup IE to use a custom stylesheet with your site without any work from you... (Tools > Internet Options > General > Accessibility > Format documents using my stylesheet)

Coditor

User avatar
Alexej Kubarev
Site Admin
Site Admin
Posts: 2223
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län
Contact:

Postby Alexej Kubarev » Sat Feb 25, 2006 2:13 pm

this is true however there is no point in that, its a "cooler" feature to allow css.. the only problem that i see is JS, but it cant harm your files or anything

trevis
New php-forum User
New php-forum User
Posts: 15
Joined: Fri Feb 24, 2006 1:25 pm
Location: CA, United States
Contact:

Postby trevis » Sat Feb 25, 2006 2:25 pm

Thanks for the input. The only people who would be able to use the stylesheets before getting them approved by myself would be the user who created them. So I will be able to check each stylesheet myself before I choose to add it to a list that all members can use.

User avatar
Alexej Kubarev
Site Admin
Site Admin
Posts: 2223
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län
Contact:

Postby Alexej Kubarev » Sat Feb 25, 2006 2:32 pm

like i said, i dont see any problems there. as it will not be possible to excecute a php script or such... so this shouldnt be any problems.. like you said: they will only be able to ruine their OWN computer


Return to “CSS”

Who is online

Users browsing this forum: No registered users and 0 guests