...because third-party anything really isn't safe. Jake Archibald:
If you're worried about users tricking your site into loading third party resources, you can use CSP as a safety net, to limit where images, scripts and styles can be fetched from.
We've long discussed security considerations for using and managing third-party scripts, but the topic of security in third-party CSS was recently broached in response to a "trick" that employs keylogging via CSS.
Jake's post is a worthy read because it takes a high-level look at all third-party assets and the risks they pose.
Direct Link to Article — Permalink
Third party CSS is not safe is a post from CSS-Tricks
from CSS-Tricks http://ift.tt/2EXG4as
via IFTTT
No comments:
Post a Comment