View Full Version : What is the drawback of submittable css?

11-20-2011, 05:50 PM
What would be the drawback/s of allowing players to submit CSS to the database? I know its possible to run some sort of cdata inside css, but i do not use that kind of thing too much.

11-20-2011, 10:46 PM
If you want to do this why not have users upload a file, you store it in a common folder and generate a name for it, store the name of the file in the DB with user info. Then when you retrieve info check if they have a personal css file and load it after your css is finished.

11-22-2011, 11:21 PM
Why in the world would i let them send me a file, i just want them to be able to enter in CSS so they can change the background colors how they please (gradients and what not).

11-23-2011, 05:59 PM
i don't see a major issue with doing such a thing provided you have your security locked down... (the CDATA is for <style> css)
but if somewere to do something like

select * from tbl_users

and saved it as mycss.css and then you now upload that SQL script to your DB you now have a nifty way to allow anyone to upload any code they want to the DB... now they only need a way to open the file and read the contents which can be done in a few lines of code... of course you will always hit issues like this allowing anyone access to your DB, and handling this sort of thing is usually done by an experienced DBA... but just food for thought...

a better method would be to make custom CSS files and then the user selects which one they want to use based off of a value in a checkbox and then you apply accordingly... then allow them to send you their CSS files for review for submission... I am not 100% on this (bc I don't have a tmblr) but I am pretty sure they do a similar process for theme submitting...
i guess my main point in posting this is that based on the question you may be unaware the risks

11-29-2011, 04:00 PM
Thanks for your reply, i was hoping to steer away from having to make up some layouts for them to choose from, but it might be the best way. Thanks again.