Re: [csswg-drafts] [css-values-5][css-conditional-5] Security Concern: Accelerated Data Exfiltration with attr() and Style Query Ranges (#12410) from Christoph Päper via GitHub on 2025-06-28 (public-css-archive@w3.org from June 2025)

From: Christoph Päper via GitHub <noreply@w3.org>
Date: Sat, 28 Jun 2025 08:32:52 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-3015106209-1751099570-noreply@w3.org>

> This poses a significant security risk if those numeric attributes contain sensitive or privacy-compromising information (e.g., user IDs, financial data, internal identifiers, session tokens, or other personally identifiable numeric data).

The weakness then is not in CSS, though, but in the system that chose to use numeric identifiers, which are a big no-no for any of the examples mentioned. 

-- 
GitHub Notification of comment by Crissov
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/12410#issuecomment-3015106209 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Saturday, 28 June 2025 08:32:53 UTC