Protecting from XSS in stylesheet
Unanswered
Rhinelander posted this in #help-forum
RhinelanderOP
I'm building a feature to allow users to chose & upload their font. To apply the font, im using this code:
How can I make sure that the user does not try to import a script instead of the font ? Is there a way with
Note:
<style jsx>{`
@font-face {
font-family: 'Custom';
src: url('${fontUrl}');
}
`}</style>How can I make sure that the user does not try to import a script instead of the font ? Is there a way with
next/font to prevent this vulnerability ? Note:
fontUrl is the uploaded font url stored on the server.