Welcome to Geeklog Tuesday, November 21 2017 @ 02:58 am EST

Suggestions for filtering CSS url( ) images?

  • Contributed by:
  • Views: 14,622
Security

While playing with what sorts of HTML I could include in a message I managed to get a logo to appear overtop of the site logo via a CSS url() call. Neat thought it was a neat hack personally but now I've got potential clients ("suits") who are concerned about having porn added to their sites.

There is an example in this message, you should be able to see an example image just under the Geeklog logo in most browsers.

It only takes a few minutes of playing with this to see how much stuff you can do with it. (Using position:fixed; can be really annoying)

I was just going to add a bunch of eregi() calls but thought I'd ask around here first for opinions/suggestions/comments on filtering out stuff like this without crippling GeekLog's HTML inclusion facility.

Editors note: here is the example code:

style="position:absolute;top:100px;left:100px;
width:200px;height:101px;z-index:100;
background-image:url('http://www.example.com/someimage.gif');
border:0;margin:0;padding:0;display:block"

--
Lucas Thompson
sardu@mac.com