Jake Archibald writes in his blog about the bigger problem presented by importing third-party content into web pages. Even CSS is a problem as a CSS keylogger demo showed the other day.
A few days ago there was a lot of chatter about a 'keylogger' built in CSS.
Some folks called for browsers to 'fix' it. Some folks dug a bit deeper and saw that it only affected sites built in React-like frameworks, and pointed the finger at React. But the real problem is thinking that third party content is 'safe'.
While most are acutely aware, yet ignore, the danger presentd by third-party javascript and javascript in general, most forget about CSS. Jake reminds us and walks through quite a few exampled of how CSS can be misused by third-parties exporting it.
Source : Third party CSS is not safe
(Score: 2) by stretch611 on Wednesday February 28 2018, @09:49PM (2 children)
Unfortunately, many web "developers" rely on 3rd party code as a crutch. If they did not use 3rd party content they would have to write the code themselves.
Even the developer of the linked article uses 3rd party content... He has commenting provided by Disqus. (I did not try to look for any, but that was obvious.)
Now with 5 covid vaccine shots/boosters altering my DNA :P
(Score: 2) by requerdanos on Wednesday February 28 2018, @10:13PM
Well, I believe that's because of this pervasive phone-home mindset.
Before that mindset took hold here, it was "If they did not use third party content then they would have to copy and paste the code into their own site."
Since having things work autonomously on the server of the website is no longer important, most code doesn't work nowadays unless it's in touch with the mothership.
I am kind of anti-mothership. Snowden is a hero.
(Score: 0) by Anonymous Coward on Thursday March 01 2018, @02:45PM
I've started to use third party CSS, but it is served from my servers rather than use a CDN.
I'm.. not sure if this counts as bad or not (from your point of view).
I will totally admit it is a crutch though. I find CSS very frustrating to work with and since I started using this framework, I've finished doing CSS-related stuff and still been in a good mood at the end of it!