SirGod Posted September 6, 2017 Report Share Posted September 6, 2017 Cateva trucuri interesante pentru CSS Injection. Article: https://reactarmory.com/answers/how-can-i-use-css-in-js-securely Author: James K Nelson Summary: Exploiting CSS-in-JS CSS-in-JS tools are like eval for CSS. They’ll take any input and evaluate it as CSS. The problem is that they’ll literally evaluate any input, even if it is untrusted. And to make matters worse, they encourageuntrusted input, by allowing you to pass in variables via props. If your styled components have props whose value is set by your users, you’ll need to manually sanitize the inputs. Otherwise malicious users will be able to inject arbitrary styles into other user’s pages. But styles are just styles, right? They can’t be that scary… 2 3 Quote Link to comment Share on other sites More sharing options...