Is the style considered harmful?

Question

Is the style considered harmful?

We have code that removes “dangerous” attributes and tags from HTML. I noticed that it styleis on the list of "dangerous" attributes. What is the risk of this attribute?

+5

html security

Joelfan Aug 20 '10 at 17:33

source share

3 answers

In IE, you can enable @behaviorsit where you can download small Javascripts.

CSS3 , .

+2

Kevin Sedgley 20 . '10 17:36

Here's an example error in MediaWiki that creates a vulnerability based on inline style attributes.

+2

Jacob Mattison Aug 20 '10 at 17:38

source share

Chuck · Accepted Answer · 2010-08-20T17:39:50+0000

You can make things invisible or otherwise very deceptive using style sheets. For example, you can put a giant invisible anchor link on the entire page, so that when a user clicks on something, he goes to an identical page on a server in Russia.

Is the style considered harmful?

More articles: