Re: [csswg-drafts] [selectors][css-values] Hide "sensitive" attributes from CSS (#5136) from Maciej Stachowiak via GitHub on 2020-07-01 (public-css-archive@w3.org from July 2020)

From: Maciej Stachowiak via GitHub <sysbot+gh@w3.org>
Date: Wed, 01 Jul 2020 19:39:21 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-652609657-1593632353-sysbot+gh@w3.org>

Is it a goal for CSS that using a stylesheet from an untrusted source is "safe" in some sense? Because I don't think that would be true with only the change described in the issue. Untrusted CSS could hide elements of the page, inject text and images, make invisible but still clickable elements appear on top of other elements, etc. Making it safe to include untrusted CSS would be a significant project.

-- 
GitHub Notification of comment by othermaciej
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5136#issuecomment-652609657 using your GitHub account

Received on Wednesday, 1 July 2020 19:39:22 UTC