Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Path-relative style sheet import vulnerabilities

Tags:

css

security

To avoid path-relative style sheet import vulnerabilities should I attach css file on my page using full path e.g.

<link href="http://mywebsite/style.css" type="text/css" rel="stylesheet" />

instead of 

<link href="style.css" type="text/css" rel="stylesheet" />

What do you think?

like image 870
user3896104 Avatar asked Mar 25 '15 15:03

user3896104

1 Answers

Just add a leading slash and make the path root-relative, rather than relative which this vulnerability relies on.
No need for the domain / scheme.

 <link rel="stylesheet" href="/style.css">
like image 116
Adria Avatar answered Sep 27 '22 22:09

Adria
Sign in to Comment

Related questions

Skeuomorphic keys for keyboard shortcut documentation
Tooltip issue with twitter bootstrap
Stop Motion Animation CSS
Angular.js animations
CSS select first button with same class of the second button
Sass / Compass Font Awesome issues (displaying odd glyphs instead of icons?)
Bootstrap Push/Pull Issues
What is the best practice for setting image size? css or attributes? [closed]
Disable inertia scroll for "single-page" webapp
How to render multiple columns with Markdown in GitHub README?
UI Bootstrap Fade Carousel flashes white
Set div height to window height (Not 100% with CSS)
Collapse and expand elements with CSS
execCommand() doesn't "unbold" text
How to make all sibling DIVs inside a container DIV have equal height?
How to change the width of a CSS flex-box column?
Can't enter text in a textarea
HTML details tag opening direction? How to change?
How do I get this code from Codepen to work?
Using Bootstrap "Collapse" on radio buttons to show/hide content (NO JS)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!