Jake Archibald writes in his blog about the bigger problem presented by importing third-party content into web pages. Even CSS is a problem as a CSS keylogger demo showed the other day.
A few days ago there was a lot of chatter about a 'keylogger' built in CSS.
Some folks called for browsers to 'fix' it. Some folks dug a bit deeper and saw that it only affected sites built in React-like frameworks, and pointed the finger at React. But the real problem is thinking that third party content is 'safe'.
While most are acutely aware, yet ignore, the danger presentd by third-party javascript and javascript in general, most forget about CSS. Jake reminds us and walks through quite a few exampled of how CSS can be misused by third-parties exporting it.
Source : Third party CSS is not safe
(Score: 2) by MichaelDavidCrawford on Thursday March 01 2018, @01:09AM
You may have at least heard of Oracle's "Cover Oregon" clusterfuck.
After it had been - cough - "Live" - cough - I tried to use it to sign up for Obamacare from my MacBook Pro.
When was this? 2014 or some such. Anyway a long time since Microsoft claimed to have surrendered to the HTML validity wars.
Cover Oregon required Internet Explorer. It's not available for Mac OS X.
Eventually the state sued Oracle, Oracle sued the state, and the state started using healthcare.gov.
Meanwhile Washington's Obamacare sight works just fine.
Yes I Have No Bananas. [gofundme.com]