- From: andruud via GitHub <noreply@w3.org>
- Date: Sat, 28 Jun 2025 10:16:37 +0000
- To: public-css-archive@w3.org
While this could possibly _execute_ in logarithmic time, we can't really "create" the steps dynamically in CSS, so all possibilities would still need to be specified in full, I guess? E.g.:
```
/* Find a number in the range [0, 7] */
@container style(attr(uid <number>) < 4) {
@container style(attr(uid <number>) < 2) {
@container style(attr(uid <number>) = 0) {
/* 0 */
} @else {
/* 1 */
}
} @else {
@container style(attr(uid <number>) = 2) {
/* 2 */
} @else {
/* 3 */
}
}
} @else {
@container style(attr(uid <number>) < 6) {
@container style(attr(uid <number>) = 4) {
/* 4 */
} @else {
/* 5 */
}
} @else {
@container style(attr(uid <number>) = 6) {
/* 6 */
} @else {
/* 7 */
}
}
}
```
(Using https://drafts.csswg.org/css-conditional-5/#else-rule).
> The weakness then is not in CSS, though, but in the system that chose to use numeric identifiers, which are a big no-no for any of the examples mentioned.
Sure. Though even if it's a wont-fix, it's still worth thinking about possible new data exfiltration methods for new CSS features.
... but is it actually _new_? You could for example use `width:attr(uid px)` on a CQ container, and then use the same trick with _size_ queries. (There is probably a more obvious case I'm not thinking of.)
--
GitHub Notification of comment by andruud
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/12410#issuecomment-3015163665 using your GitHub account
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 28 June 2025 10:16:38 UTC