Sanitize user defined CSS in PHP

Question

I want to allow users to use their own stylesheets for thei profiles on my forum, but I\'m afraid of possible security vulnerabilities. Does anyone have any tips for sanitiz

Answer 1

This probably won't fix all sorts of hacks but probably most automated hacks at least:

$css = strip_tags($css);
$css = htmlspecialchars($css, ENT_HTML5 | ENT_NOQUOTES | ENT_SUBSTITUTE, 'utf-8');

Depends on how many users are allowed to use this feature and how big of a threat it could be due to that..