- From: Jan Roland Eriksson <jrexon@newsguy.com>
- Date: Wed, 19 Jul 2000 20:21:24 +0200
- To: "Bruno" <bruno@teraram.com>
- Cc: <www-style@w3.org>
On Tue, 18 Jul 2000 20:15:32 +0200, "Bruno" <bruno@teraram.com> wrote: >I was just wondering where there or is there any CSS virus? In the best of worlds it should be impossible to create a CSS virus. CSS code is per specification only _describing_ a relationship between specific properties of document content and suggested values for those properties. CSS code in it self is not really "executed" in any way. Now since not so long ago this inherent security level in CSS was broken by MS when they included a possibility to use JS style "function calls" to assign values to properties. So as the saying goes, "make something idiot proof and some one will invent a better idiot". My guess is that now we only have to sit back and wait for that some one to "invent a better idiot" and the first CSS based security attack will be a reality through some version of MSIE at least. It's my opinion and I stand for it. -- Jan Roland Eriksson <jrexon@newsguy.com> <URL:http://member.newsguy.com/%7Ejrexon/>
Received on Wednesday, 19 July 2000 14:21:24 UTC