0

I'm working on an online-directory type of project where my clients (users) will have their own profile page. I want to give them the flexibility to customize their profile page via CSS and I was think to incorporate in the users dashboards some sort of text area where the users would copy/paste their CSS code, and the code will be injected in the of the users profile pages. The development of the platform will be done using node.js and react. My concern is around security because obviously, there are many malicious actions that could be done via this CSS field. What would be the most efficient way(s) to let the users add their own CSS without compromising security? Many thanks,

Gregory

Greg
  • 3,025
  • 13
  • 58
  • 106
  • The most secure would be probably to create a hand of templates yourself and allow the users choose one of them. This is what everyone (google, stack overflow, ...) is doing. This is also probably the most user friendly thing to do. Unless I need to run a CMS, I don't have time to choose colours of links on my page. – Marek Puchalski Oct 16 '21 at 20:28
  • Relevant: https://security.stackexchange.com/q/24163/235964 – nobody Oct 17 '21 at 02:30

0 Answers0