Security Basics mailing list archives
Allowing 3rd party CSS sheets loading in my content?
From: JoJimJoe () netscape net
Date: 13 Oct 2005 12:25:51 -0000
Hi, I have a php script that allows those who use my site, to render some of my xml content as html on their own site. I'm getting a lot requests to allow them to pass a parameter so they can load a style sheet, to give it their own look essentially: script.php?style=http://theirsite.com/style.css which i'd put into <link href="http://theirsite.com/style.css" etc > I'm concerned this is a security risk, that they can do more than just modify the look of the page, like some type of XSS attack. This is all part of a link exchange, and it's important they not be able to do anything with cookies on my domain, or make anything appear to be done under my domain by something tricky... thanks for your feedback Jim
Current thread:
- Allowing 3rd party CSS sheets loading in my content? JoJimJoe (Oct 13)
- Re: Allowing 3rd party CSS sheets loading in my content? Saqib Ali (Oct 14)
- <Possible follow-ups>
- Re: Allowing 3rd party CSS sheets loading in my content? Joris Lambrecht (Oct 14)