KPC
Kevin Powell - Communityā€¢4d ago
dysbulic šŸ™

What are the dangers of allowing a user to specify a stylesheet?

I've got a NFT site & I'm considering allowing users to specify custom page styles as an element of the NFT's metadata. The style will be an emotionesque CSS-in-JS encoding like: 
const color = 'blue'
const style = {
  padding: '32px',
  backgroundColor: 'hotpink',
  fontSize: '24px',
  borderRadius: '4px',
  '&:hover': { color },
}
const color = 'blue'
const style = {
  padding: '32px',
  backgroundColor: 'hotpink',
  fontSize: '24px',
  borderRadius: '4px',
  '&:hover': { color },
}
What are the security considerations here? I can easily disallow @import directives.
3 Replies
b1mind
b1mindā€¢4d ago
why not just use custom props šŸ¤”
ChooKing
ChooKingā€¢4d ago
Background images can be set in CSS, so it's possible to insert spam or porn. It's also possible to replace content on the page, which could be the basis for a scam.
dysbulic šŸ™
dysbulic šŸ™ā€¢4d ago
Doing custom props requires me to structure the page and figure out all the ways a user might want to alter the appearance. Say they want a border radius of 5% on the header & 2rem on the body elements. With CSS they can do that pretty readily (if I use a coherent semantic markup), if I'm defining all the props, I'll need separate ones for each different location. For me to create a structure that matches the natural expressiveness of CSS is pretty much impossible.
Want results from more Discord servers?
Add your server
More Posts
Looking for New Animation Ideas!I recently created an animation, which you can check out here : https://github.com/Ibrahim-AbuFarhrevealed content not starting at desired pointHey, i have 6 paragraphs, 3 of which are hidden that become revealed when pressing a button. When scWhen switching from one div to another the elements are jumpy why?is this the behaviour of div elements by default, when converted to button doesn't seem to have simiHow to make this number "1234567890" into "1,234,567,890"?So a whole number to separate by commas, so I can format it to look like that? Important thing is foi have a container that contains 6 items and i want 3 items of the exact same size in each rowi have a container that contains 6 items and i want 3 items of the exact same size in each rows ( i Slick slider inside a flex boxI have a slick-slider inside a two-column flexbox, but the slider is not respecting the parent contaAny ideas on how to create a double border chamfer with transparent background?I remember that Kevin has a good video on creating borders with cut corners here: https://www.youtubSuggestions on how to correctly handle 2 scrollable items on mobileI have a main webpage that scrolls like any other website would but on one of my pages I have a fullPreserve image aspect ratio with Gatsby image component within Flexbox``` export default function Header() { return ( <header> <StaticImage src="../imObject ConversionsCan anyone pls explain in brief what are the important and necessary object to primitive conversions