Inline Cascading Style Sheets (CSS)

Overview

When using CSS style tags and attributes, the HTML parser switches to CDATA or raw text context, which is prone to code injection. For this reason, using inline CSS is considered unsafe and should be avoided.

Business Impact

Suboptimal resource allocation, increased costs, and delayed time-to-market for new features and products.

Is your Salesforce solution affected by Inline Cascading Style Sheets (CSS)?

Clayton detects anti-patterns and offers automated fix advice to kickstart your Well-Architected journey.

Scan your solution

Resources

Secure Coding Cross Site Scripting
Content Security Policy Cheat Sheet
Cross Site Scripting Prevention Cheat Sheet

Incidence

How common is this issue?

lower

Exposure

How long do organizations remain exposed before fixing the problem?

74%

shorter

Frameworks

Easy

Intentional

Readability

Design Standards

A03:2021 – Injection

Found a mistake?

If you think something is incorrect, missing or misleading please let us know.

Report an error