css securities

[Anonymous]

Hi, I was wondering what the security risks might be (if any), to allow users to use their own stylesheets on my web page. I was thinking of possibly allowing to point to a stylesheet on their computer, and maybe eventually uploading stylesheets for others to use. The uploaded stylesheets would of course have to be approved before becoming availabl to all users. As far as I can tell, there would be no security risks in allowing users to point to a local stylesheet on their hard drive, but I though I would ask, just to check if anyone knows something I don't.

Thanks

-Trevis

 

[Alexej Kubarev]

well, there wouldnt be any problems as i can see, not for you or your site anyways
in css you may define some behaviours for, lets say images.

that will be connected to a htc file that will contain javascript. this will not be able to harm you in any way, as Js is clientside.. so this shouldnt be any problem

 

[Anonymous]

You should still be carefull when you allow the stylesheet to be used by others, wrt the JS.

By the way, every IE user (don't know about other browsers) can setup IE to use a custom stylesheet with your site without any work from you... (Tools > Internet Options > General > Accessibility > Format documents using my stylesheet)

Coditor

 

[Alexej Kubarev]

this is true however there is no point in that, its a "cooler" feature to allow css.. the only problem that i see is JS, but it cant harm your files or anything

 

[Anonymous]

Thanks for the input. The only people who would be able to use the stylesheets before getting them approved by myself would be the user who created them. So I will be able to check each stylesheet myself before I choose to add it to a list that all members can use.

 

[Alexej Kubarev]

like i said, i dont see any problems there. as it will not be possible to excecute a php script or such... so this shouldnt be any problems.. like you said: they will only be able to ruine their OWN computer