Reputation: 341
Is it dangerous to use third party CSS?
I found a some MIT-licensed CSS I would like to use for my web app. I've been reading that malicious css can be injected into websites (source: Can Malicious Code Be Executed From A CSS File?) to launch a cross-site-scripting type of attack.
Here's my question: I'm wondering if it is possible for malicious css to infect my webserver with malware, and if so, what would be the tell-tale signs of malice in that kind of css that I should look out for?
Upvotes: 0
Views: 296
Answers (1)
Reputation: 1031
Short answer: Yes.
Long answer: You should always read and own the code you are copy-pasting. It’s also a good clean code practice to fix “smelly” code. You should check for any links and suspicious css. Do not just publish a code before testing it yourself; ie. visiting the pages yourself like a user/visitor of the website. This way you can be sure to avoid any malicious css code.
Upvotes: 1
Related Questions
- Is there any danger in loading external, third-party CSS?
- Can Malicious Code Be Executed From A CSS File?
- Is CSS (and derivates SASS, SCSS, ...) is it safe to allow user upload? Is there a security issue?
- security issues with user-supplied CSS?
- Is it safe to allow to embed an arbitrary external stylesheet into my web-page?
- Is including an external CSS file safe, or could it lead to code injection?
- User Uploaded CSS safe?
- User-defined CSS: What can go wrong?
- dangers to user css
- Is it safe to allow users to edit css?