SoylentNews is people
SoylentNews
Jake Archibald writes in his blog about the bigger problem presented by importing third-party content into web pages. Even CSS is a problem as a CSS keylogger demo showed the other day.
A few days ago there was a lot of chatter about a 'keylogger' built in CSS.
Some folks called for browsers to 'fix' it. Some folks dug a bit deeper and saw that it only affected sites built in React-like frameworks, and pointed the finger at React. But the real problem is thinking that third party content is 'safe'.
While most are acutely aware, yet ignore, the danger presentd by third-party javascript and javascript in general, most forget about CSS. Jake reminds us and walks through quite a few exampled of how CSS can be misused by third-parties exporting it.
Source : Third party CSS is not safe
(Score: 4, Informative) by lentilla on Wednesday February 28 2018, @09:02PM
The reason this isn't a problem is that when the bank robbers turn up and steal all the cash, they are stealing the bank's cash, and the bank still owes you the money you have loaned to them. Chances are good you'll get your three bucks and fifty-one cents, or whatever happens to be in your account.
For the same reason I don't invite those robbers back to my place for a cuppa and all my cash and goodies. It's simply a matter of exposure. Not to mention banks tend to have security people whose sole job it is to make sure their cash and their systems are secure. Ordinary people can't be expected to be full-time ordinary people and security experts. And even assuming they wanted to: auditing secret software is difficult - by the unlikely chance it's even allowed by the terms of service.
No, the grandparent has good reason to be wary.