On Sun, 2007-12-23 at 14:39 +0000, Matthew Britton wrote:
You realize CSS files don't contain any kind of executable code, pose no seurity risk at all, and thus all you're really doing there is making websites look ugly?
That's not entirely true... you can add constructs that add images in your .css files, which can be used to exploit the recent gif and png issues on certain clients, but then again... so do browsers.
If you're going to block css because you fear exploits in images, you may as well block fonts, colors and images from the browser also.