Custom CSS: what could go wrong?

Question

Custom CSS: what could go wrong?

So, for the new community site I'm working on, we are considering providing users with their own CSS. Perhaps with a text area on the profile page. Then it becomes CSS, which the website sends to its browser whenever it views the site. This seems like a pretty obvious and cheap setup, but I never saw it.

Assuming we add some precautions so that users cannot unconditionally ruin their own page, is there something that could go wrong how this happens on the site? Perhaps for safety?

+3

security user-interface css user experience

Alexandros Marinos May 2, '11 at 9:15

source share

5 answers

Internet Explorer, , , javascript- CSS. XSS, CSS.

, .

CSS, , . , CSS, / .. CSS.

CSS, , . , , , .

+1

Spyros 02 '11 9:20

, css. .

, CSS, .

, PHP, . .

+1

RJD22 02 '11 9:20

, CMS, , . , , , .

, "CSS-", CSS, ( , ).

, - , , Times ( , ), Arial ( , ).

, jquery , .

, , , , .

, :

, - , 24pt .
, , , - , , , , !:)

+1

Terry_Brown 02 '11 9:22

, , , CSS , CSS.

CSS (, Stylish, ), CSS - .

- ( , .. ) .

+1

JB Nizet 02 '11 9:42

Nick · Accepted Answer · 2011-05-02T09:45:02+0000

OWASP has some good tips on escaping untrusted CSS that you might consider.

I recommend offering users some general appearance preferences (font size, style and color, etc.) rather than giving them carte blanche. The advantage of this is that it becomes more accessible to less technical users, and also leads to fewer likely technical support requests (do not forget to enable the “reset styles” button so that they can cancel their changes without sending you an email )

, CSS , , , , , , ; (, tumblr), .

Custom CSS: what could go wrong?

More articles: