On Thu, Sep 20, 2012 at 7:46 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote: > For now. Until people add selectors to inline styles. There have been > several proposals for that. Hrm. That sounds weird. Link? I'm morbidly curious. :) > (On a side note, it's not clear to me how attribute selectors would lead > data typed into an <input>, unless the page has script stashing the data > into an attribute somewhere....) I just came across http://www.nds.ruhr-uni-bochum.de/media/emma/veroeffentlichungen/2012/08/16/scriptlessAttacks-ccs2012.pdf, which describes some interesting scriptless attack vectors. Section 3.1 bullet 3 and following has good detail on CSS3 in particular. -- Mike West <mkwst@google.com>, Developer Advocate Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91Received on Thursday, 20 September 2012 17:57:38 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 20 September 2012 17:57:39 GMT