- From: Tab Atkins Jr. via GitHub <sysbot+gh@w3.org>
- Date: Wed, 22 Jan 2020 15:58:24 +0000
- To: public-css-archive@w3.org
The WG resolved to close this as WONTFIX. Ultimately we don't believe there's anything we could do to stop this besides just throwing away attribute selectors entirely; you can't even do something like "don't match attribute selectors against attributes on password inputs", because as @Ryuno-Ki says, inputs other than password can show this as well. Ultimately this is a problem combining (a) frameworks that reflect the live value of an input into an attribute, and (b) sites that allow uncontrolled 3rd-party CSS to be applied to the page. Both of these are probably mistakes on their own already (especially (b)); when combined they're an information leak. -- GitHub Notification of comment by tabatkins Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/2426#issuecomment-577254880 using your GitHub account
Received on Wednesday, 22 January 2020 15:58:25 UTC