Determine a CSS file is valid CSS file

Asked by At

I'm attempting to validate that a file that is uploaded to my application is actually that file to increase security.

For image formats, we can check the magic bits and the file extension to determine the format.

I'm looking to do the same for a CSS file. From my understanding, there's no magic bits for a CSS file. The extent of what I could check would be the magic bits from a UTF-8 formatted file, which wouldn't protect against scripts in the event of an injection flaw.

Currently we validate the file extension is correct, but if you were to change the file extension, any file could be uploaded.

Is there a best practice way of validating a CSS file?

1 Answers

0
Nexie On

Can you read file content and use regex to check for valid css styles, such as:

([#[email protected]]?[\w.:> ]+)[\s]{[\r\n]?([A-Za-z\- \r\n\t]+[:][\s]*[\w .\/()\-!]+;[\r\n]*(?:[A-Za-z\- \r\n\t]+[:][\s]*[\w .\/()\-!]+;[\r\n]*(?2)*)*)}

See: https://regex101.com/r/fK9mY3/1