Some css properties and their values need to be sanitized to prevent injections or phishing For example,
background-image: url(javascript:alert('Injected')); -moz-binding: url('http://virus.com/htmlBindings.xml'); position: absolute;
See more at https://code.google.com/p/browsersec/wiki/Part1#Cascading_stylesheets
Some css properties and their values need to be sanitized to prevent injections or phishing
For example,
background-image: url(javascript: alert(' Injected' )); virus.com/ htmlBindings. xml');
-moz-binding: url('http://
position: absolute;
See more at https:/ /code.google. com/p/browserse c/wiki/ Part1#Cascading _stylesheets