Sanitizing CSS in Rails

Posted by Erik on Stack Overflow See other posts from Stack Overflow or by Erik
Published on 2010-06-16T07:09:09Z Indexed on 2010/06/16 7:12 UTC
Read the original article Hit count: 268

Filed under:
|
|
|

Hello!

I want to allow the users of a web app that I'm building to write their own CSS in order to customize their profile page.

However I am aware of this opening up for many security risks, i e background: url('javascript:alert("Got your cookies! " + document.cookies').

Hence I am looking for a solution to sanitize the CSS while still allowing as much CSS functionality as possible for my users.

So my questions if anyone anyone knows of a gem or a plugin to handles this? I've googled my brains out already so any tips would be really appreciated!

© Stack Overflow or respective owner

Related posts about JavaScript

Related posts about ruby-on-rails