/Knowledge/sources/honojs__hono/llms-full/css-helper-security--ad636b6627ac.md
css Helper: Security - hono-docs
css Helper: Security Source evidence: /Sources/honojs hono/provenance.md Canonical citation: https://hono.dev/llms full.txt security Summary The CSS helpers...
css Helper: Security
Source evidence: /Sources/honojs__hono/provenance.md Canonical citation: https://hono.dev/llms-full.txt#security
Summary
The CSS helpers are CSS-authoring APIs: like other CSS-in-JS libraries, interpolated values are inserted as raw CSS. They block breaking out into HTML (quotes, backslashes, and </), but {, }, and ; pass through since they are...
Content
The CSS helpers are CSS-authoring APIs: like other CSS-in-JS libraries, interpolated values are inserted as raw CSS. They block breaking out into HTML (quotes, backslashes, and </), but {, }, and ; pass through since they are valid CSS.
::: warning
Treat the CSS helpers like other raw sinks (html, raw, rawCssString): don't pass untrusted input into them directly. Doing so allows CSS injection. Validate against an allowlist first.
const ALLOWED_COLORS = ['red', 'green', 'blue']
const color = ALLOWED_COLORS.includes(input) ? input : 'black'
const headerClass = css`
color: ${color};
`
:::
Metadata
{
"chunk_index": 0,
"citation": "https://hono.dev/llms-full.txt#security",
"coverage_role": "overview",
"qualified_title": "Hono / llms-full / css Helper > Security",
"retrieved_at": "2026-07-02T05:51:01Z",
"section_index": 704,
"source_id": "/honojs/hono",
"source_type": "llms_full",
"target_label": "llms-full",
"title": "css Helper: Security",
"upstream_url": "https://hono.dev/llms-full.txt",
"version": "2026"
}