W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

Re: Seamless iframes + CSS3 selectors = bad idea

From: gaz Heyes <gazheyes@gmail.com>
Date: Tue, 8 Dec 2009 20:40:21 +0000
Message-ID: <252dd75b0912081240mf0429dfi148d7e81598d2012@mail.gmail.com>
To: Devdatta <dev.akhawe@gmail.com>
Cc: Daniel Glazman <daniel@glazman.org>, Adam Barth <w3c@adambarth.com>, Thomas Roessler <tlr@w3.org>, public-web-security@w3.org
2009/12/8 Devdatta <dev.akhawe@gmail.com>

> > This is quite a good overview of which email/web clients support which
> CSS
> > properties:-
> > <http://www.campaignmonitor.com/css/>
>
> This seems to say that everyone is doing some sort of black/white
> listing . Do you have examples of people allowing _arbitrary_ CSS but
> still (think) are safe ?
>

I think myspace allow css and selectors in user defined stylesheet
Received on Tuesday, 8 December 2009 20:41:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:01 GMT