-
Notifications
You must be signed in to change notification settings - Fork 128
Security Concerns
Several questions arise when considering this. First and foremost I want to say that in it's current state, the database is absolutely harmless and will not affect anyone. CSS is simply a stylesheet language and cannot deal any considerable damage. Needless to say, this page will go over possible security concerns that could arise.
Once you submit an entry, you are asked to provide your username and discriminator, as well as your user ID. All of this information is publicly available for anyone to view. This does not have any affect on you or your account. We will also gladly remove anyone who does not wish to have an entry here anymore, either.
Worst case scenario: Someone with write access to this repo publishes code that makes the app temporarily unusable for anyone using a USRBG enabled theme. This will be handled as fast as possible and they will have their access perminantely restricted. These changes are also only visible. Like mentioned earlier, CSS cannot deal real damage.
Another concern of mine is the fact that content called using a url() tag will send traffic to the source and back. This opens a loophole for logging possible user traffic, or even an IP. To counteract this, we've banned all selfhosted links and limited image sources to discord's personal CDN and imgur.com. Any selfhosted requests will denied.
CSS is a harmless language that can only visually impair the user experience. Little to no actual damage can be done through it, and USRBG is safe to use in your theme.
For support, please visit Black Box, and ask your question in #support.