Hello! I’m trying to inject an external CSS file into a website displayed in a QWebEngineView. I successfully injected one with
QString css = readFromFileInAnyWayYouLike();
QString jsscript = QString(R"(
(function() {
css = document.createElement('style');
css.type = 'text/css';
css.id = 'userContent';
document.head.appendChild(css);
css.innerText = '${css}';
})())").replace("${css}", css);
m_webEngine->page()->runJavaScript(jsscript);
but I don’t like this solution at all, because it would allow a malicious css file to execute arbitary code.
So I tried injecting giving the style element an src to a remote file, or assigning @import "http://localhost:8000/userContent.css"; to the css inner text, but both these methods were blocked by the CSP. researches on the web didn’t help me at all sadly. Is this possible to inject an external css fine into the webpage in a “secure” way?
thanks in advance!
You must log in or register to comment.