Re: [csswg-drafts] [selectors-4] [backgrounds-3] Prevent CSS keylogging from Jake Archibald via GitHub on 2018-03-09 (public-css-archive@w3.org from March 2018)

From: Jake Archibald via GitHub <sysbot+gh@w3.org>
Date: Fri, 09 Mar 2018 07:13:37 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-371732609-1520579616-sysbot+gh@w3.org>

> My intention was to get ideas on how we as web authors can deal with it.

If you use third party content it must come from a source you trust, and you must also trust their security.

Although, if you don't trust the source but you're happy with the resource content, you can use [SRI](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) to ensure the resource load fails if the content changes.

-- 
GitHub Notification of comment by jakearchibald
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/2426#issuecomment-371732609 using your GitHub account

Received on Friday, 9 March 2018 07:13:40 UTC