- From: andruud via GitHub <noreply@w3.org>
- Date: Sat, 28 Jun 2025 10:16:37 +0000
- To: public-css-archive@w3.org
While this could possibly _execute_ in logarithmic time, we can't really "create" the steps dynamically in CSS, so all possibilities would still need to be specified in full, I guess? E.g.: ``` /* Find a number in the range [0, 7] */ @container style(attr(uid <number>) < 4) { @container style(attr(uid <number>) < 2) { @container style(attr(uid <number>) = 0) { /* 0 */ } @else { /* 1 */ } } @else { @container style(attr(uid <number>) = 2) { /* 2 */ } @else { /* 3 */ } } } @else { @container style(attr(uid <number>) < 6) { @container style(attr(uid <number>) = 4) { /* 4 */ } @else { /* 5 */ } } @else { @container style(attr(uid <number>) = 6) { /* 6 */ } @else { /* 7 */ } } } ``` (Using https://drafts.csswg.org/css-conditional-5/#else-rule). > The weakness then is not in CSS, though, but in the system that chose to use numeric identifiers, which are a big no-no for any of the examples mentioned. Sure. Though even if it's a wont-fix, it's still worth thinking about possible new data exfiltration methods for new CSS features. ... but is it actually _new_? You could for example use `width:attr(uid px)` on a CQ container, and then use the same trick with _size_ queries. (There is probably a more obvious case I'm not thinking of.) -- GitHub Notification of comment by andruud Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/12410#issuecomment-3015163665 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Saturday, 28 June 2025 10:16:38 UTC