this post was submitted on 14 Jul 2023
3 points (100.0% liked)

C++

1783 readers
1 users here now

The center for all discussion and news regarding C++.

Rules

founded 1 year ago
MODERATORS
 

Hello! I'm trying to inject an external CSS file into a website displayed in a QWebEngineView. I successfully injected one with

QString css = readFromFileInAnyWayYouLike();
QString jsscript = QString(R"( 
	(function() { 
		css = document.createElement('style'); 
		css.type = 'text/css'; 
		css.id = 'userContent';
		document.head.appendChild(css); 
		css.innerText = '${css}';
	})())").replace("${css}", css);
m_webEngine->page()->runJavaScript(jsscript);

but I don't like this solution at all, because it would allow a malicious css file to execute arbitary code. So I tried injecting giving the style element an src to a remote file, or assigning @import "http://localhost:8000/userContent.css"; to the css inner text, but both these methods were blocked by the CSP. researches on the web didn't help me at all sadly. Is this possible to inject an external css fine into the webpage in a "secure" way?

thanks in advance!

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here