Path-relative style sheet import vulnerabilities

Question

To avoid path-relative style sheet import vulnerabilities should I attach css file on my page using full path e.g.

<link href="http://mywebsite/style.css" type="text/css" rel="stylesheet" />

instead of

<link href="style.css" type="text/css" rel="stylesheet" />

What do you think?

score 8 · Answer 1 · answered Apr 28 '15 at 14:06

8

Just add a leading slash and make the path root-relative, rather than relative which this vulnerability relies on.
No need for the domain / scheme.

 <link rel="stylesheet" href="/style.css">

answered Apr 28 '15 at 14:06

Adria

1 Answers1