Re: [csswg-drafts] [css-values-5][css-conditional-5] Security Concern: Accelerated Data Exfiltration with attr() and Style Query Ranges (#12410) from sb3nder via GitHub on 2026-01-28 (public-css-archive@w3.org from January 2026)

From: sb3nder via GitHub <noreply@w3.org>
Date: Wed, 28 Jan 2026 20:36:25 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-3813811400-1769632582-noreply@w3.org>

Note that, contrary to what was reported above, `attr()` introduces new security issues. For example, it can be used to exfiltrate numeric values in $O(log_{10}(n))$ or less(potentially $O(1)$ in the near future).

If you need it, remember that the [`integrity`](https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/link#integrity) attribute exists. Stay safe.

-- 
GitHub Notification of comment by sb3nder
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/12410#issuecomment-3813811400 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 28 January 2026 20:36:26 UTC