Jump to content
SirGod

Exploiting React CSS-in-JS

By SirGod, in Securitate web

Recommended Posts

SirGod Contributor

SirGod

Posted
Posted

Cateva trucuri interesante pentru CSS Injection. 

 

Articlehttps://reactarmory.com/answers/how-can-i-use-css-in-js-securely

Author: James K Nelson

Summary

 

Exploiting CSS-in-JS

 

CSS-in-JS tools are like eval for CSS. They’ll take any input and evaluate it as CSS.

The problem is that they’ll literally evaluate any input, even if it is untrusted. And to make matters worse, they encourageuntrusted input, by allowing you to pass in variables via props.

If your styled components have props whose value is set by your users, you’ll need to manually sanitize the inputs. Otherwise malicious users will be able to inject arbitrary styles into other user’s pages.

But styles are just styles, right? They can’t be that scary…

  • Like 2
  • Upvote 3
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...