I've had this idea brewing in my head for a while now concerning user style sheets and I thought I'd run it by the list and get some feedback on the idea.
The issue I'm trying to address, is that people who use user style sheets usually have site-specific style sheets but they can only be applied via the browser (natively or with extensions). This means that if one had multiple machines, the user style sheet would have to be saved on each machine, which may not even be possible (public access computers, for instance). This led to the idea of having hosted user style sheets, where the web application stored the style sheet along with the rest of the user's profile information. Therefore, whenever, wherever and however the user signed on, the user styles would take hold. Obviously, this introduces serious potential security risks. Without any intensive research, my initial idea is to simply run any user styles through a CSS validator and to reject anything that isn't fully valid. This should keep users from being able to inject javascript, etc. Although before this is ever implemented, serious security testing would be done. Any thoughts or comments on this idea? ~ Jason ______________________________________________________________________ css-discuss [EMAIL PROTECTED] http://www.css-discuss.org/mailman/listinfo/css-d List wiki/FAQ -- http://css-discuss.incutio.com/ List policies -- http://css-discuss.org/policies.html Supported by evolt.org -- http://www.evolt.org/help_support_evolt/
