RSS Validator

style attribute contains potentially dangerous content

Style attributes are very problematic in feeds. One one hand, they can be used to convey important Unicode or accessibility information. Style attributes even at times have been used to convey semantic information. But on the other hand, they can be used as Trojan Horses and cause dangerous scripts to be executed.

The list of dangerous properties varies from browser to browser, and even from browser version to browser version. As such the RSS Validator takes a white-list approach, and only accepts the following CSS properties:

azimuth, background, background-color, border, border-bottom, border-bottom-color, border-bottom-style, border-bottom-width, border-collapse, border-color, border-left, border-left-color, border-left-style, border-left-width, border-right, border-right-color, border-right-style, border-right-width, border-spacing, border-style, border-top, border-top-color, border-top-style, border-top-width, border-width, clear, color, cursor, direction, display, elevation, float, font, font-family, font-size, font-style, font-variant, font-weight, height, letter-spacing, line-height, margin, margin-bottom, margin-left, margin-right, margin-top, overflow, padding, padding-bottom, padding-left, padding-right, padding-top, pause, pause-after, pause-before, pitch, pitch-range, richness, speak, speak-header, speak-numeral, speak-punctuation, speech-rate, stress, text-align, text-decoration, text-indent, unicode-bidi, vertical-align, voice-family, volume, white-space, and width

Additionally, the values of a number of these properties can be problematic to verify as safe, so any references to URIs or difficult to parse constructs should be avoided.

Consider simplifying or completely removing the potentially unsafe style attribute. At a minimum, ensure that your content will still display as intended if this attribute is stripped by security conscious clients.

You might be able to find help in one of these fine resources.