Questions tagged [css]
Cascading Style Sheets (CSS) is a language used to describe the presentation of markup documents, usually written in HTML.
48 questions
1
vote
1
answer
2k
views
SQL Lite Injection via CSS URL
We had a "pentest" done on our website - and received the following alert (xyz.com is a placeholder for the real name.
I queried this with the testers, and they say their automated tools ...
0
votes
0
answers
108
views
Load url from CSS applied to element outside DOM
I was wondering if it's possible to kick off a network call by manipulating the style tag on an element outside the DOM (which could lead to potential SSRF if this were done server-side). I've tried a ...
- 349
3
votes
1
answer
5k
views
Can XSS ever occur in an <img> tag's "src" attribute?
In a scenario where an attacker has control over the src attribute of an img HTML tag, they could easily inject a simple JavaScript XSS payload like the following:
<img src="javascript:alert(1)...
- 133
5
votes
1
answer
1k
views
Google CSP Evaluator and style-src 'unsafe-inline'
Google provides a CSP evaluator to validate if a given content-security policy is well set up (github, validator). However, if one uses 'unsafe-inline' in the style-src directive this is reported as '...
- 51
7
votes
1
answer
761
views
Is it safe to allow CSS filter: url(data:<SVG SOURCE HERE>)?
We have a web service where logged in users can create web page content and write custom CSS for their pages. All the HTML goes through a whitelist parser and doesn't allow any executable content. All ...
0
votes
1
answer
777
views
XSS Payloads: <script> vs javascript:
Hello I was experimenting with XSS payloads and couldn't help wonder the syntax for
javascript:alert(0)
The most basic payload for XSS makes sense, since the tag is used for JavaScript in HTML.
<...
0
votes
1
answer
454
views
Is it true that frontend validation is generally redundant for minimalist contact forms on minimalist environments?
Say I have a continuously upgraded and well maintained LAMP environment with a website which its CMS is all-core and continuously upgraded as well and I have created a simple backend HTML contact form ...
0
votes
1
answer
220
views
Tor Browser: Could a website or ISP detect modification to DOM done by users if Javascript is disabled?
I have Tor Browser (which is basically Firefox ESR) on "Safest" setting (Javascript disabled). We're generally scolded about using extensions in it, as they can alter web traffic patterns to ...
- 101
1
vote
1
answer
171
views
Is there any way for a Content-Security-Policy to block a CSS function, (specifically the url() function)?
I would like to block the execution of any instance of CSS's url() function in CSS provided by my server. One promising method would be a CSP, but I'm not sure if this is possible using a CSP. Is it? ...
- 200
0
votes
1
answer
386
views
XSS and Content Security Policy, and existing CSS
I have done the first development of a website and deployment. Scanning the server with an online security evaluation tool I was recommended that I add a Content security Policy to the website, and I ...
- 3
5
votes
1
answer
1k
views
What's the security risk of using a protocol-relative URL in a CSS stylesheet?
I used SonarQube to perform a static code analysis of my project and it detected a security vulnerability in one of my CSS files:
For security reasons, protocol-relative URLs should not be used.
...
- 14.8k
1
vote
2
answers
298
views
What can a 3rd party learn about a user through only CSS and images?
In its default settings, uMatrix content blocker allows CSS and images (JPG, PNG, etc) from all sources, unless denied by a site-specific block list. It also allows 1st party cookies, scripts, and ...
- 367
0
votes
1
answer
345
views
Published URL File APP.CSS
I am crossing an analysis on a website and while fuzzing and testing I came across the below URL:
https//www.****.**.*/content/css/app.css
Which generated the below output:
/* Minification failed. ...
- 13
1
vote
1
answer
463
views
Stealing page source via Clickjacking [closed]
I am learning Javascript. Also researching web based vulnerabilitys to learn. I just wondering how Javascript can be used to steal view page source or any text or any tokens leaking on the page via ...
- 11
3
votes
1
answer
1k
views
Can Arbitrary Code Execution be done using CSS Injection?
As part of our class project, we are studying the attacks that could be done using CSS Injection. In our threat model, attacker can manipulate any CSS file on the server. If attacker replaces original ...
- 151