I found a some MIT-licensed CSS I would like to use for my web app. I've been reading that malicious css can be injected into websites (source: Can Malicious Code Be Executed From A CSS File?) to launch a cross-site-scripting type of attack.
Here's my question: I'm wondering if it is possible for malicious css to infect my webserver with malware, and if so, what would be the tell-tale signs of malice in that kind of css that I should look out for?
Short answer: Yes.
Long answer: You should always read and own the code you are copy-pasting. It’s also a good clean code practice to fix “smelly” code. You should check for any links and suspicious css. Do not just publish a code before testing it yourself; ie. visiting the pages yourself like a user/visitor of the website. This way you can be sure to avoid any malicious css code.