Table of Contents

Security - Style attribute

About

ComboStrap does not supports the style attribute for security concerns.

The style attribute is deleted if found.

Why?

Via the style attribute, you can inject code.

For instance, you can make from a link, an invisible box that takes the whole screen. If a user click on the page, it will then click on this link and be redirected. This kind of attack is known as ClikJacking.

Demo

Even if you try to style your component with the style attribute, they would have no effect.

<card
    style="
        color:white;
        background-color:purple;
        margin: 0 auto;
        width:50%;
        text-align: center;
        font-size:1.2rem
        "
>
A card without any style applied.
</card>

A card without any style applied.