Presentation is loading. Please wait.

Presentation is loading. Please wait.

Session V CSS Precompilers and Vulnerabilities www.profburnett.com 8/1/2014Copyright © Carl M. Burnett1.

Published byTracey Anderson Modified over 8 years ago

Similar presentations

Presentation on theme: "Session V CSS Precompilers and Vulnerabilities www.profburnett.com 8/1/2014Copyright © Carl M. Burnett1."— Presentation transcript:

1 Session V CSS Precompilers and Vulnerabilities www.profburnett.com 8/1/2014Copyright © Carl M. Burnett1

2 Class Outline Why precompile? Precompile Languages CSS Vulnerabilities Types of Cross-Site Scripting 8/1/2014Copyright © Carl M. Burnett2

3 Why Precompile? Less code Easier to read Easier to maintain More Power to……….... 8/1/2014Copyright © Carl M. Burnett3 Wait!

4 Why Precompile? - Variable 8/1/2014Copyright © Carl M. Burnett4 h1 { font-size: 18px; line-height: 2em; color: #FFF0000; border-bottom: solid 1px #FFF0000; } p { font-size: 14px; line-height: 1.3em; color: #FFF0000; }

5 Why Precompile? - Variable 8/1/2014Copyright © Carl M. Burnett5 same-color: #FFF0000; h1 { font-size: 18px; line-height: 2em; color: [same-color]; border-bottom: solid 1px [same-color]; } p { font-size: 14px; line-height: 1.3em; color: [same-color]; }

6 Why Precompile? - m ixins 8/1/2014Copyright © Carl M. Burnett6.container { -moz-box-shadow: 0 2px 3px rgba(0,0,0,0.8); -ms-box-shadow: 0 2px 3px rgba(0,0,0,0.8); -o-box-shadow: 0 2px 3px rgba(0,0,0,0.8); -webkit-box-shadow: 0 2px 3px rgba(0,0,0,0.8); box-shadow: 0 2px 3px rgba(0,0,0,0.8); }.image-wrap { -moz-box-shadow: -2px 5px 10px #383838; -ms-box-shadow: -2px 5px 10px #383838; -o-box-shadow: -2px 5px 10px #383838; -webkit-box-shadow: -2px 5px 10px #383838; box-shadow: -2px 5px 10px #383838; }

7 Why Precompile? - mixins 8/1/2014Copyright © Carl M. Burnett7 mixin: box-shadow([variable]) { -moz-box-shadow: [variable]; -ms-box-shadow: [variable]; -o-box-shadow: [variable]; -webkit-box-shadow: [variable]; box-shadow: [variable]; }.container { mixin: box-shadow(0 20px 3px rgba(0,0,0,0.8); }.image-wrap { mixin: box-shadow(-2px 5px 10px #383838); }

8 Why Precompile? - Inheritance 8/1/2014Copyright © Carl M. Burnett8.primary-button { border-radius: 20px; border: solid 1px lightsteelblue; background: blue; color: white; font-size: 16px; padding: 5px 15px; text-decoration: none; }.secondary-button { border-radius: 20px; border: solid 1px grey; background: white; color: grey; font-size: 16px; padding: 5px 15px; text-decoration: none; }

9 Why Precompile? - Inheritance 8/1/2014Copyright © Carl M. Burnett9.primary-button,.secondary-button { border-radius: 20px; border: solid 1px lightsteelblue; background: blue; color: white; font-size: 16px; padding: 5px 15px; text-decoration: none; }.secondary-button { border: solid 1px grey; background: white; color: grey; }

10 Why Precompile? - Inheritance 8/1/2014Copyright © Carl M. Burnett10.primary-button { border-radius: 20px; border: solid 1px lightsteelblue; background: blue; color: white; font-size: 16px; padding: 5px 15px; text-decoration: none; }.secondary-button { inherit:[,primary-button]; border: solid 1px grey; background: white; color: grey; }

11 Why Precompile? - Nesting 8/1/2014Copyright © Carl M. Burnett11 ul { padding-left: 20px; list-style: none; } #my-container { background: #ccc; border: solid 1px #383838; padding: 20px; } #my-container ul { list-style: disc; padding-right: 40px; color: hotpink; } #my-caontainer ul li { border-bottom: solid 1px red; }

12 Why Precompile? - Nesting 8/1/2014Copyright © Carl M. Burnett12 ul { padding-left: 20px; list-style: none; } #my-container { background: #ccc; border: solid 1px #383838; padding: 20px; ul { list-style: disc; padding-right: 40px; color: hotpink; li { border-bottom: solid 1px red; } #my-caontainer ul li { border-bottom: solid 1px red; }

13 CSS Languages CreatedLanguageLicenseReleaseWebsite SASS 2006RubyMIT3.4.13 LESS2009JavaScriptApache2.5.3 Stylus2010 Jade / node.js MIT0.53.0 CSS-Crush2012php/jsonMIT2.4.0 Rework2013 node.js MIT1.0.1rework Myth2015 JavaScript / CLI MIT1.5.9 Myth 8/1/2014Copyright © Carl M. Burnett13

14 CSS Vulnerabilities CSS Injection XSS inside of CSS Injection 8/1/2014Copyright © Carl M. Burnett14

15 Types of Cross-Site Scripting Stored XSS (AKA Persistent or Type I) Stored XSS Reflected XSS (AKA Non-Persistent or Type II) Reflected XSS DOM Based XSS (AKA Type-0) DOM Based XSS Server XSS Client XSS 8/1/2014Copyright © Carl M. Burnett15

16 Types of Cross-Site Scripting 8/1/2014Copyright © Carl M. Burnett16 XSSServe-SideClient-Side Stored Stored Server-Side XSS Stored Client-Side XSS Reflected Server-Side XSS Reflected Client-Side XSS Where Untrusted Data is Used Data Persistence DOM Based XSS is a subset of Client-Side XSS (Data is DOM only)

17 Class Review Why precompile? Precompile Languages CSS Vulnerabilities Types of Cross-Site Scripting 8/1/2014Copyright © Carl M. Burnett17

Download ppt "Session V CSS Precompilers and Vulnerabilities www.profburnett.com 8/1/2014Copyright © Carl M. Burnett1."

Similar presentations

The Future of CSS and JavaScript Today Daniel Laughland Forward Thinking.

The Future of CSS and JavaScript Today Daniel Laughland Forward Thinking.
Very quick intro HTML and CSS. Sample html A Web Title.

Very quick intro HTML and CSS. Sample html A Web Title.
Advance CSS (Menu and Layout) Miftahul Huda. CSS Navigation MENU It's truly remarkable what can be achieved through CSS, especially with navigation menus.

Advance CSS (Menu and Layout) Miftahul Huda. CSS Navigation MENU It's truly remarkable what can be achieved through CSS, especially with navigation menus.
Web Pages and Style Sheets Bert Wachsmuth. HTML versus XHTML XHTML is a stricter version of HTML: HTML + stricter rules = XHTML. XHTML Rule violations:

Web Pages and Style Sheets Bert Wachsmuth. HTML versus XHTML XHTML is a stricter version of HTML: HTML + stricter rules = XHTML. XHTML Rule violations:
Class four: the box model and positioning. is an HTML tag which allows you to create an element out of inline text. It doesn’t mean anything! try it:

Class four: the box model and positioning. is an HTML tag which allows you to create an element out of inline text. It doesn’t mean anything! try it:
Unit 20 - Client Side Customisation of Web Pages

Unit 20 - Client Side Customisation of Web Pages
Today’s objectives Site performance Padding, Margins, Borders

Today’s objectives Site performance Padding, Margins, Borders
ITI 133: HTML5 Desktop and Mobile Level I

ITI 133: HTML5 Desktop and Mobile Level I
Basics of Web Design Chapter 6 More CSS Basics Key Concepts 1.

Basics of Web Design Chapter 6 More CSS Basics Key Concepts 1.
CSE CASCADING STYLE SHEETS CSS Faculty of Computer Science and Engineering.

CSE CASCADING STYLE SHEETS CSS Faculty of Computer Science and Engineering.
March Intensive: XSS Exploits

March Intensive: XSS Exploits
Cascading Style Sheets CS3505. What are CSS? Method for adding style attributes consistently to HML tags Cascading because styles are applied in order.

Cascading Style Sheets CS3505. What are CSS? Method for adding style attributes consistently to HML tags Cascading because styles are applied in order.
Cascading Style Sheets Billy Toy Cascading Style Sheets Syntax review How to Implement style sheets Background properties Text properties.

Cascading Style Sheets Billy Toy Cascading Style Sheets Syntax review How to Implement style sheets Background properties Text properties.
CSS Dvijesh Bhatt.

CSS Dvijesh Bhatt.
HTML/CSS Hyper Text Markup Language. CSS Cascading Style Sheets.

HTML/CSS Hyper Text Markup Language. CSS Cascading Style Sheets.
Cascading Style Sheets CSS. CSS - Structure Declaration block Property: identifies what to change Value: how to change it Selector – example h1{ font-size:

Cascading Style Sheets CSS. CSS - Structure Declaration block Property: identifies what to change Value: how to change it Selector – example h1{ font-size:
BLUEPRINT: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers Mike Ter Louw, V.N. Venkatakrishnan University of Illinois at Chicago.

BLUEPRINT: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers Mike Ter Louw, V.N. Venkatakrishnan University of Illinois at Chicago.
By Tuyet Le & Madhura Pitale. Seating Chart with CSS3.

By Tuyet Le & Madhura Pitale. Seating Chart with CSS3.
CSS Best Practices By Peter Funk 1. Web development since 1996 Senior Front-end web developer at Ancestry.com Proficient at CSS, HTML, and native JavaScript.

CSS Best Practices By Peter Funk 1. Web development since 1996 Senior Front-end web developer at Ancestry.com Proficient at CSS, HTML, and native JavaScript.
Advanced CSS & HTML 5 Introduction to Web Design and Development.

Advanced CSS & HTML 5 Introduction to Web Design and Development.

Similar presentations

Ads by Google