Restricted CSS expressions

Restricted CSS expressions in the Custom CSS field of Web consent notices

⚙️ What CSS expressions are not allowed in custom CSS?

When configuring custom CSS on your consent notice from the Didomi Console, the following expressions are not allowed:

  • url()
  • @import()
  • @charset()
  • expression()
  • -moz-binding
  • javascript

If one of the listed expressions is used, the Console will prevent you from saving or publishing your consent notice and an error message will be displayed.
You will not be able to save or publish your consent notice until you remove the expression that is not allowed.


⚙️ Why are CSS expressions not allowed?

We restrict the acceptable CSS expressions in custom CSS for security reasons.

Expressions that load external resources or execute JavaScript can be used to execute code on a webpage. To ensure that the Didomi Console cannot be used for cross-site scripting (XSS), those expressions are blocked.

If you absolutely need those expressions for your custom CSS, you can set them directly on your website and not through the Didomi Console.