RE: Why is the style tag restricted to the head?

At 10:27 AM -0400 8/9/02, Peter Foti (PeterF) wrote:
>2.  What would happen then for sites that allow users to enter data to be
>displayed, like on a message board?  Suppose a user posts some style that
>adversely affects the layout of the rest of the page?  For example:
>    <style type="text/css">
>    div
>    {
>       position : absolute;
>       width : 100%;
>       height : 100%;
>       background-color : Black;
>       top : 0px;
>       left : 0px;
>    }
>    </style>
>    <div>Ha Ha!  I am blocking your entire page!</div>

I could do this now with inline style attributes too, though.

In fact, I did it once on LiveJournal -- I stuck a fixed button
(a link to my CSS book!) in the upper right corner of everyone's
friends lists. ;)

>This essentially opens up a very large security whole, in that you can cover
>the entire contents of a web page.  This in itself is a good enough reason
>to NOT allow <style> elements within the body of a document.

But, see, most good message board software will filter out certain
tags.  <style> would be one of those elements that's dumped.


Kynn Bartlett <>       
Chief Technologist, Idyll Mountain  
Next Book: Teach Yourself CSS in 24
Kynn on Web Accessibility ->>

Received on Friday, 9 August 2002 13:23:46 UTC