Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight

Re: Safe CSS Stylesheets

by robot_tourist (Hermit)
on May 15, 2002 at 07:31 UTC ( #166658=note: print w/replies, xml ) Need Help??

in reply to Safe CSS Stylesheets

The <img /> and <style></style> tags can tell the browser to load things from any valid URI, plus I think all tags can contain the style="" attribute. Therefore, obviously they can be pointed to malicious web pages, cgi scripts etc. An image doesn't have to have a jpeg, png or gif extension and they can be created on the fly, so it would be hard to filter them by name. Plus, a malicious program could be given a picture-like extension that a properly configured server would be able to execute. I never thought of that last one before now, scary.

I have a wiry brain/each eye a camera. Robot Tourist, by Ten Benson

Replies are listed 'Best First'.
Re: Re: Safe CSS Stylesheets
by belg4mit (Prior) on May 15, 2002 at 14:22 UTC
    Style attributes (style="") do not refer to a URI, though any valid CSS setting for that element which uses a URI may be used. In this case the STYLE attribute and tag are not different.

    The SRC value of an IMG tag is not the issue, whatever type of image, the browser SHOULD only handle it as an image. Although certain plugins may have co-opted control of given MIME-types (eg. QuickTime and PNG), and be exploitable. What was likely referred to is touched upon in the JavaScript discussion I linked to, IMG tags (and so many others) are allowed event attributes such as ONLOAD which can execute inlined script.

    The matter at hand is Cross Site Scripting, this is protecting the user from malicious foreign content. *Mis*configuration of a server to execute images on the server is irrelevant( The only likely means for this is to have the execution bit set on the file on a UN*X server and allow execution of either any file, or files by location. Files from a Samaba share typically appear to have the execution bit set. Again though, this affects the *server*.)

    perl -pew "s/\b;([mnst])/'$1/g"

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://166658]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (3)
As of 2021-12-07 22:41 GMT
Find Nodes?
    Voting Booth?
    R or B?

    Results (34 votes). Check out past polls.