Jake Archibald writes in his blog about the bigger problem presented by importing third-party content into web pages. Even CSS is a problem as a CSS keylogger demo showed the other day.
A few days ago there was a lot of chatter about a 'keylogger' built in CSS.
Some folks called for browsers to 'fix' it. Some folks dug a bit deeper and saw that it only affected sites built in React-like frameworks, and pointed the finger at React. But the real problem is thinking that third party content is 'safe'.
While most are acutely aware, yet ignore, the danger presentd by third-party javascript and javascript in general, most forget about CSS. Jake reminds us and walks through quite a few exampled of how CSS can be misused by third-parties exporting it.
Source : Third party CSS is not safe
(Score: 3, Insightful) by Arik on Thursday March 01 2018, @12:11AM (1 child)
Time has proven me wrong. If anything, he's minimized it.
If laughter is the best medicine, who are the best doctors?
(Score: 2) by MichaelDavidCrawford on Thursday March 01 2018, @12:59AM
What appeared to be "resume.doc" on my website used to link to the above essay.
I put that link on my website roughly twenty years ago. The recruiters still ask for word resumes.
It eventually occurred to me that their resume retrieval applications were hardwired to parse word .doc documents. For word attachments to become a thing of the past, all those body shops would need new versions of those applications. For that to happen, those applications' vendors would have to lift a finger.
I finally sidestepped the problem by removing my resume from the web. Its old URL still works but it redirects to my homepage.
Yes I Have No Bananas. [gofundme.com]