Re: [csswg-drafts] [css-values] `value()` function (#7869) from Brandon McConnell via GitHub on 2022-10-12 (public-css-archive@w3.org from October 2022)

From: Brandon McConnell via GitHub <sysbot+gh@w3.org>
Date: Wed, 12 Oct 2022 12:19:46 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-1276070958-1665577184-sysbot+gh@w3.org>

@Loirooriol Yeah, it's a valid concern. I think it would be worth having a larger conversation about protecting against that before implementing a feature like this.

I don't think we necessarily need to protect against injected styles/scripts from browser extensions, since those generally have local access to the console. However, maybe we can block _outside_ style-injection attacks like that under the same umbrella of XSS security.

-- 
GitHub Notification of comment by brandonmcconnell
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/7869#issuecomment-1276070958 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 12 October 2022 12:19:48 UTC