252
edits
This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!
m (→Security implications: links added) |
|||
== Security implications ==
Pointing your Firebrick to
The extent of the potential outcomes that an attacker could achieve by succeeding in pulling in an evil .css file is an open question. Some versions of Microsoft Internet Explorer for Windows could cause code to be executed when ''triggered from within a mere .css file'' by the use of the powerful non standard <span lang="en-US"><code>behavior:</code></lang> and <code>expression()</code> CSS features. See MSDN articles on [https://msdn.microsoft.com/en-us/library/ms530723(v=vs.85).aspx CSS 'behavior:'] and [https://blogs.msdn.microsoft.com/ie/2008/10/16/ending-expressions/ CSS 'expression()'].
== Internal inline CSS - using data URIs ==
|
edits