Are there any dangers or security risks in allowing user css?
Sorry for unspecific question. Possible implementation: having a textarea for users to input custom css, and then taking that css and putting it into a style element: <style type="text/css"></style> with js.
That depends on how you implement that functionality. If you provide a form that allows people to select their own CSS values, then there's an inherent risk of dirty input.
Yes, there are many potential XSS attacks, mostly through putting JavaScript in urls for background-image and whatnot. Search for "style" in the XSS Cheat Sheet for some examples.
There is also the potential that the user CSS could break your site, for example making the navigation menu 0x0 pixels or moving it offscreen to -1000, -1000. Or the CSS itself could reference images from other sites, which you can't guarantee will continue to stay up.
What if they write some CSS that hides or obscures something like a login?
There are multiple issues as well, there is a CSS history hack, several XSS vulnerabilities related to url's, and probably more that haven't been thought of.
Always sanitize user input before displaying it on a page.
If the only user affected by the CSS is the user that provided the CSS, then there's not much of a risk. Any XSS vulnerability could only affect the user.
Some browsers allow users to use custom CSS anyway, or ignore it altogether, so I wouldn't consider it a problem.