Session V CSS Precompilers and Vulnerabilities www.profburnett.com 8/1/2014Copyright © Carl M. Burnett1.

Slides:

Advertisements

Similar presentations

The Future of CSS and JavaScript Today Daniel Laughland Forward Thinking.

Advertisements

Very quick intro HTML and CSS. Sample html A Web Title.

Advance CSS (Menu and Layout) Miftahul Huda. CSS Navigation MENU It's truly remarkable what can be achieved through CSS, especially with navigation menus.

Web Pages and Style Sheets Bert Wachsmuth. HTML versus XHTML XHTML is a stricter version of HTML: HTML + stricter rules = XHTML. XHTML Rule violations:

Class four: the box model and positioning. is an HTML tag which allows you to create an element out of inline text. It doesn’t mean anything! try it:

Unit 20 - Client Side Customisation of Web Pages

Today’s objectives Site performance Padding, Margins, Borders

ITI 133: HTML5 Desktop and Mobile Level I

Basics of Web Design Chapter 6 More CSS Basics Key Concepts 1.

CSE CASCADING STYLE SHEETS CSS Faculty of Computer Science and Engineering.

March Intensive: XSS Exploits

Cascading Style Sheets CS3505. What are CSS? Method for adding style attributes consistently to HML tags Cascading because styles are applied in order.

Cascading Style Sheets Billy Toy Cascading Style Sheets Syntax review How to Implement style sheets Background properties Text properties.

CSS Dvijesh Bhatt.

HTML/CSS Hyper Text Markup Language. CSS Cascading Style Sheets.

Cascading Style Sheets CSS. CSS - Structure Declaration block Property: identifies what to change Value: how to change it Selector – example h1{ font-size:

BLUEPRINT: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers Mike Ter Louw, V.N. Venkatakrishnan University of Illinois at Chicago.

By Tuyet Le & Madhura Pitale. Seating Chart with CSS3.

CSS Best Practices By Peter Funk 1. Web development since 1996 Senior Front-end web developer at Ancestry.com Proficient at CSS, HTML, and native JavaScript.

Advanced CSS & HTML 5 Introduction to Web Design and Development.

Web Design I Spring 2009 Kevin Cole Gallaudet University

Cascading Style Sheet Bayu Priyambadha, S.Kom. Definition Cascading Style Sheets (CSS) form the presentation layer of the user interface. –Structure (HTML)

Copyright © Terry Felke-Morris WEB DEVELOPMENT & DESIGN FOUNDATIONS WITH HTML5 Chapter 4 Key Concepts 1 Copyright © Terry Felke-Morris.

CHAPTER 3 CSS & CSS3 อ. ยืนยง กันทะเนตร คณะเทคโนโลยีสารสนเทศและการสื่อสาร มหาวิทยาลัยพะเยา 1.

COMP213 – Web Interface Design

LITTLE BOXES Controlling size of boxes Box model for borders, margin and padding Displaying and hiding boxes.

Lesson 03 // Cascading Style Sheets. CSS Stands for Cascading Style Sheets. We’ll be using a combination of Html and CSS to create websites. CSS is a.

Session I Chapter 1 - Introduction to Web Development

CSS Class 2 -Add margins to elements on a page. -Set width and height of elements. - CSS shorthand properties for box model. -Style links. -Style tables.

SASS & LESS Syntactically Awesome StyleSheets Dynamic StyleSheet Language Svetlin Nakov Technical Trainer Software University

CSS Layout Cascading Style Sheets. Lesson Overview  In this lesson, you will learn:  CSS Box Model  CSS properties for border  CSS properties for.

©SoftMoore ConsultingSlide 1 Introduction to HTML: Cascading Style Sheets.

Lecture 2: Cascading Style Sheets (CSS) Instructor: Dr. M. Anwar Hossain.

5 th ed: Chapter 4 4 th ed: Chapter 5 SY306 Web and Databases for Cyber Operations Slide Set #4: CSS.

 HTML, CSS, JavaScript – enormously successful  SASS has all the tools we need! INTRO.

What Is XSS ? ! Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to.

Martin Kruliš by Martin Kruliš (v1.0)1.

第六讲列表样式及导航条. 基本列表样式 Read s Write chapter Go shopping Cook dinner Watch Lost.

Review First – on your own... Go to Day 5 Grab the contents of position review file Place in DW Add styles to recreate – get something close to

Cascading Style Sheet (CSS) SAMPLE IT133 Pengembangan Web.

Creating Layouts with CSS. Span tag Here is some underlined text. Here is some blinking text. Here's some bold text.

Stylizing a Navigational Menu Web Design Section 6-3 Part or all of this lesson was adapted from the University of Washington’s “Web Design & Development.

ECA 228 Internet/Intranet Design I Cascading Style Sheets.

PERSPECTIVES: TUTORIAL 4 CREATING PAGE LAYOUTS WITH CSS.

1 Copyright © 2013 Lee, Kim & Park, Life & Power Press 1 를 이용한 레이아웃.

Welcome To Website Design, Hosting And Management Prepared By Webdev Solution ip ,223,96.

开发平台皮肤说明. 定制网站皮肤也就是更改网站的外观展现，包括：色调背景图片边框布局位置.

Customizing MORE to Improve Your Moodle’s Appearance Dr. Rick Jerz LeClaire, Iowa (link to video)link to video.

Doing More with Less for CSS Todd Anglin Telerik

Simple theme creation using Sass

Session I Chapter 10 - How to Work with Tables

ITI 133 HTML5 Desktop and Mobile Level I

HTML5 Level I Session III

HTML5 Level II Session III

HTML5 Session III Chapter 5 - How to Use the CSS Box Model for Spacing, Borders, and Backgrounds Chapter 6 - How to use CSS for page.

HTML5 Level I Session III

HTML5 Level I Session III

HTML5 Level I Session I Chapter 1 - Introduction to Web Development

HTML Level II (CyberAdvantage)

ITI 239 HTML5 Desktop and Mobile Level I

HTML5 Level I CyberAdvantage

Create an Unordered List

HTML5 Course Review Master a Skill / Learn for Life.

Session IV Chapter 20 - How to use SASS and Less

HTML5 Level I CyberAdvantage

ITI 133: HTML5 Desktop and Mobile Level I

Course Review HTML5 Level I Course Review

Presentation transcript:

Session V CSS Precompilers and Vulnerabilities 8/1/2014Copyright © Carl M. Burnett1

Class Outline Why precompile? Precompile Languages CSS Vulnerabilities Types of Cross-Site Scripting 8/1/2014Copyright © Carl M. Burnett2

Why Precompile? Less code Easier to read Easier to maintain More Power to……….... 8/1/2014Copyright © Carl M. Burnett3 Wait!

Why Precompile? - Variable 8/1/2014Copyright © Carl M. Burnett4 h1 { font-size: 18px; line-height: 2em; color: #FFF0000; border-bottom: solid 1px #FFF0000; } p { font-size: 14px; line-height: 1.3em; color: #FFF0000; }

Why Precompile? - Variable 8/1/2014Copyright © Carl M. Burnett5 same-color: #FFF0000; h1 { font-size: 18px; line-height: 2em; color: [same-color]; border-bottom: solid 1px [same-color]; } p { font-size: 14px; line-height: 1.3em; color: [same-color]; }

Why Precompile? - m ixins 8/1/2014Copyright © Carl M. Burnett6.container { -moz-box-shadow: 0 2px 3px rgba(0,0,0,0.8); -ms-box-shadow: 0 2px 3px rgba(0,0,0,0.8); -o-box-shadow: 0 2px 3px rgba(0,0,0,0.8); -webkit-box-shadow: 0 2px 3px rgba(0,0,0,0.8); box-shadow: 0 2px 3px rgba(0,0,0,0.8); }.image-wrap { -moz-box-shadow: -2px 5px 10px #383838; -ms-box-shadow: -2px 5px 10px #383838; -o-box-shadow: -2px 5px 10px #383838; -webkit-box-shadow: -2px 5px 10px #383838; box-shadow: -2px 5px 10px #383838; }

Why Precompile? - mixins 8/1/2014Copyright © Carl M. Burnett7 mixin: box-shadow([variable]) { -moz-box-shadow: [variable]; -ms-box-shadow: [variable]; -o-box-shadow: [variable]; -webkit-box-shadow: [variable]; box-shadow: [variable]; }.container { mixin: box-shadow(0 20px 3px rgba(0,0,0,0.8); }.image-wrap { mixin: box-shadow(-2px 5px 10px #383838); }

Why Precompile? - Inheritance 8/1/2014Copyright © Carl M. Burnett8.primary-button { border-radius: 20px; border: solid 1px lightsteelblue; background: blue; color: white; font-size: 16px; padding: 5px 15px; text-decoration: none; }.secondary-button { border-radius: 20px; border: solid 1px grey; background: white; color: grey; font-size: 16px; padding: 5px 15px; text-decoration: none; }

Why Precompile? - Inheritance 8/1/2014Copyright © Carl M. Burnett9.primary-button,.secondary-button { border-radius: 20px; border: solid 1px lightsteelblue; background: blue; color: white; font-size: 16px; padding: 5px 15px; text-decoration: none; }.secondary-button { border: solid 1px grey; background: white; color: grey; }

Why Precompile? - Inheritance 8/1/2014Copyright © Carl M. Burnett10.primary-button { border-radius: 20px; border: solid 1px lightsteelblue; background: blue; color: white; font-size: 16px; padding: 5px 15px; text-decoration: none; }.secondary-button { inherit:[,primary-button]; border: solid 1px grey; background: white; color: grey; }

Why Precompile? - Nesting 8/1/2014Copyright © Carl M. Burnett11 ul { padding-left: 20px; list-style: none; } #my-container { background: #ccc; border: solid 1px #383838; padding: 20px; } #my-container ul { list-style: disc; padding-right: 40px; color: hotpink; } #my-caontainer ul li { border-bottom: solid 1px red; }

Why Precompile? - Nesting 8/1/2014Copyright © Carl M. Burnett12 ul { padding-left: 20px; list-style: none; } #my-container { background: #ccc; border: solid 1px #383838; padding: 20px; ul { list-style: disc; padding-right: 40px; color: hotpink; li { border-bottom: solid 1px red; } #my-caontainer ul li { border-bottom: solid 1px red; }

CSS Languages CreatedLanguageLicenseReleaseWebsite SASS 2006RubyMIT LESS2009JavaScriptApache2.5.3 Stylus2010 Jade / node.js MIT CSS-Crush2012php/jsonMIT2.4.0 Rework2013 node.js MIT1.0.1rework Myth2015 JavaScript / CLI MIT1.5.9 Myth 8/1/2014Copyright © Carl M. Burnett13

CSS Vulnerabilities CSS Injection XSS inside of CSS Injection 8/1/2014Copyright © Carl M. Burnett14

Types of Cross-Site Scripting Stored XSS (AKA Persistent or Type I) Stored XSS Reflected XSS (AKA Non-Persistent or Type II) Reflected XSS DOM Based XSS (AKA Type-0) DOM Based XSS Server XSS Client XSS 8/1/2014Copyright © Carl M. Burnett15

Types of Cross-Site Scripting 8/1/2014Copyright © Carl M. Burnett16 XSSServe-SideClient-Side Stored Stored Server-Side XSS Stored Client-Side XSS Reflected Server-Side XSS Reflected Client-Side XSS Where Untrusted Data is Used Data Persistence DOM Based XSS is a subset of Client-Side XSS (Data is DOM only)

Class Review Why precompile? Precompile Languages CSS Vulnerabilities Types of Cross-Site Scripting 8/1/2014Copyright © Carl M. Burnett17