XSS in custom, user-supplied CSS
Users of our web app would like to use custom CSS to customize parts of UI. I’ve came up with some kind of blacklist for CSS “bad words” and I’m curious whether it is sufficient or if I need to improve it.
Basically, if the C… Continue reading XSS in custom, user-supplied CSS