Can XSS attacks be executed from a linked stylesheet?

Question

Possible duplicate:
Scripts on sites in CSS styles

I am considering creating my own CSS using related style sheets (NOT inline style tags). Is it possible to perform an XSS attack from a stylesheet?

thank

+5

Tom Jun 24 '11 at 19:23

3 answers

. , , . , : after : before, .

, , , - .

0

Amir Raminfar 24 . '11 19:31

these are old hacks, but they can work in an older browser, for example, you can put the javascript protocol in href attr.

0

vlscanner Jun 24 '11 at 19:47

phihag · Accepted Answer · 2011-06-24T19:31:08+0000

In Internet Explorer , Firefox, and other browsers, it can embed JavaScript in CSS by providing a URL javascript:in a url()CSS statement .

, ( ) CSS. , XSS. , Delete Account " , 1000 $".

white-list (text-*, font-*, color, background ( , URL- )), , .