Path-relative style sheet import vulnerabilities

To avoid path-relative style sheet import vulnerabilities should I attach css file on my page using full path e.g.

<link href="http://mywebsite/style.css" type="text/css" rel="stylesheet" />

instead of

<link href="style.css" type="text/css" rel="stylesheet" />

What do you think?

Just add a leading slash and make the path root-relative, rather than relative which this vulnerability relies on.
No need for the domain / scheme.

 <link rel="stylesheet" href="/style.css">

来源：https://stackoverflow.com/questions/29260013/path-relative-style-sheet-import-vulnerabilities

标签

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!