- From: Cameron McCormack via GitHub <sysbot+gh@w3.org>
- Date: Wed, 22 Jan 2020 15:58:44 +0000
- To: public-css-archive@w3.org
Minutes from the discussion just now that led to that: ``` <heycam> ... another one about CSS keylogging <fantasai> https://github.com/w3c/csswg-drafts/issues/2426 <heycam> ... don't know what to do with that issue <heycam> TabAtkins: this is not even a Backgrounds-specific issue <heycam> astearns: there was pushback from Mozilla on taking the fix <heycam> AmeliaBR: worth mentioning that the issue here isn't specific to CSS, the problem is with JS frameworks that reflect the content of an input as an attribute that is constantly updated by JS <heycam> ... then CSS attribute selectors can expose that <heycam> ... there are many steps involved in creating this keylogger <heycam> ... not sure CSS is the weakest link <heycam> astearns: we can either close this issue no change, or we can make this issue be not a Backgrounds issue <heycam> ... lacking any idea to move forward, Im inclined to close <heycam> TabAtkins: fairly confident there's nothing we can do apart from eliminating attribute selectors <heycam> fremy: sounds like a framework bug <heycam> dbaron: in the past we have considered selectors that work on form control values <heycam> ... but you probably shouldn't be including untrusted CSS in your website <heycam> TabAtkins: I will write the rationale for closing <heycam> RESOLVED: Closed WONTFIX. ``` -- GitHub Notification of comment by heycam Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/2426#issuecomment-577255041 using your GitHub account
Received on Wednesday, 22 January 2020 15:58:45 UTC