Sanitizing CSS in Rails
Posted
by Erik
on Stack Overflow
See other posts from Stack Overflow
or by Erik
Published on 2010-06-16T07:09:09Z
Indexed on
2010/06/16
7:12 UTC
Read the original article
Hit count: 265
Hello!
I want to allow the users of a web app that I'm building to write their own CSS in order to customize their profile page.
However I am aware of this opening up for many security risks, i e background: url('javascript:alert("Got your cookies! " + document.cookies').
Hence I am looking for a solution to sanitize the CSS while still allowing as much CSS functionality as possible for my users.
So my questions if anyone anyone knows of a gem or a plugin to handles this? I've googled my brains out already so any tips would be really appreciated!
© Stack Overflow or respective owner