Re: [csswg-drafts] [css-forms-1] control-value() security and handling (#11860) from sb3nder via GitHub on 2026-01-27 (public-css-archive@w3.org from January 2026)

From: sb3nder via GitHub <noreply@w3.org>
Date: Tue, 27 Jan 2026 23:32:22 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-3808111265-1769556740-noreply@w3.org>

Just my 2 cents:  
- Any numeric value can be un-tainted and exfiltrated.  
- Strings are probably un-tainted by `if()` functions or `style()` queries, and maybe a hack could be built to compare the previous string to the user’s next pressed character, allowing any string to be exfiltrated.

-- 
GitHub Notification of comment by sb3nder
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/11860#issuecomment-3808111265 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 27 January 2026 23:32:23 UTC