Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

style considered harmful?

Tags:

html

security

We have some code that removes "dangerous" attributes and tags from HTML. I noticed that style is among the list of "dangerous" attributes. What could be the risk from that attribute?

like image 781
JoelFan Avatar asked Aug 20 '10 17:08

JoelFan

1 Answers

In IE you can include @behaviors in there which can load little Javascripts.

With CSS3 you can also interject little bits of text, which could be dangerous depending on your website.

like image 112
Kevin Sedgley Avatar answered Sep 24 '22 06:09

Kevin Sedgley
Sign in to Comment

Related questions

Record/playback keystrokes in textfield using Javascript
Firefox can not layout nested tables properly?
How does one validate an entire site?
Html Select List: why would onchange be called twice?
HTML5 Doctype Support
Any ideas on how to prepare for the future of Flash/Flex/HTML5 Development?
CSS conditional comments for other Browsers except IE?
Is Google font api supported in all current and old browsers?
Transforming XML into HTML (as opposed to xhtml)
Will websockets in HTML 5 replace ajax for partial page refreshes?
Is it possible to create, package and successfully submit HTML5 apps to the app store? [closed]
Javascript click through element
How to embed a resized website throught an iframe? [closed]
Is it important to i18n your img alt attributes?
Regular expression to remove <br> from <pre>
How to handle meta elements not validating in HTML5?
html select dropdrown width is too big
Adjust size of leaflet map in rmarkdown html
gmail html email background color
Live video streaming with HTML 5?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!