Clayton

When using CSS style tags and attributes, the HTML parser switches to CDATA or raw text context, which is prone to code injection. For this reason, using inline CSS is considered unsafe and should be avoided.

The goal of this rule is to ban the usage of HTML <code>style </code>property to make sure that all CSS styles are defined in CSS classes. <code>&lt;style&gt;</code> tags can also be a weak point for HTML injection.

<a href="https://developer.salesforce.com/docs/atlas.en-us.secure_coding_guide.meta/secure_coding_guide/secure_coding_cross_site_scripting.htm" rel="nofollow noopener noreferrer" target="_blank">Secure Coding Cross Site Scripting</a>

- <a href="https://developer.salesforce.com/docs/atlas.en-us.secure_coding_guide.meta/secure_coding_guide/secure_coding_cross_site_scripting.htm" rel="nofollow noopener noreferrer" target="_blank">Secure Coding Cross Site Scripting</a>

Avoid Inline CSS Styles

Home

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you

Rationale

Scope

Related resources