Re: Allowing 3rd party CSS sheets loading in my content?
From: Joris Lambrecht (jl_post_at_telenet.be)
To: JoJimJoe@netscape.net, firstname.lastname@example.org Date: Fri, 14 Oct 2005 06:40:26 +0000
imho No change on the website is required, most browsers support this as an option in the configuration/preferences.
But also, supporting different stylesheets on the server/scripting side could indeed contain a security risk. RTFM carefully and verify your server is not set for 'invitation'-mode.
>----- Oorspronkelijk bericht -----
>Van: JoJimJoe@netscape.net [mailto:JoJimJoe@netscape.net]
>Verzonden: donderdag, oktober 13, 2005 02:25 PM
>Onderwerp: Allowing 3rd party CSS sheets loading in my content?
>I have a php script that allows those who use my site, to render some of my xml content as html on their own site.
>I'm getting a lot requests to allow them to pass a parameter so they can load a style sheet, to give it their own look
>which i'd put into
><link href="http://theirsite.com/style.css" etc >
>I'm concerned this is a security risk, that they can do more than just modify the look of the page, like some type of XSS attack.
>This is all part of a link exchange, and it's important they not be able to do anything with cookies on my domain, or make anything appear to be done under my domain by something tricky...
>thanks for your feedback