Read more

How to exploit websites that include user input in their CSS

Henning Koch
September 09, 2017Software engineer at makandra GmbH

The linked article Show archive.org snapshot shows how to exploit websites that include unsanitized user input in their CSS.

Illustration online protection

Rails Long Term Support

Rails LTS provides security patches for old versions of Ruby on Rails (2.3, 3.2, 4.2 and 5.2)

  • Prevents you from data breaches and liability risks
  • Upgrade at your own pace
  • Works with modern Rubies
Read more Show archive.org snapshot

Although the article often mentions React and CSS-in-JS libraries, the methods are applicable to any web app that injects user input into style tags or properties.

Also, sanitizing user input for CSS injection is much harder than sanitizing HTML.

Posted by Henning Koch to makandra dev (2017-09-09 15:55)