All Collections
Rule documentation
Avoid Inline CSS Styles
Avoid Inline CSS Styles

Detect inline CSS

Gabriele Gallo Stampino avatar
Written by Gabriele Gallo Stampino
Updated over a week ago


When using CSS style tags and attributes, the HTML parser switches to CDATA or raw text context, which is prone to code injection. For this reason, using inline CSS is considered unsafe and should be avoided.

The goal of this rule is to ban the usage of HTML style property to make sure that all CSS styles are defined in CSS classes. <style> tags can also be a weak point for HTML injection.


  • Visualforce

  • Aura

  • LWC

Related resources


Did this answer your question?