Re: [csswg-drafts] [selectors][css-values] Hide "sensitive" attributes from CSS (#5136)

Is it a goal for CSS that using a stylesheet from an untrusted source is "safe" in some sense? Because I don't think that would be true with only the change described in the issue. Untrusted CSS could hide elements of the page, inject text and images, make invisible but still clickable elements appear on top of other elements, etc. Making it safe to include untrusted CSS would be a significant project.

-- 
GitHub Notification of comment by othermaciej
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5136#issuecomment-652609657 using your GitHub account

Received on Wednesday, 1 July 2020 19:39:22 UTC