Thursday 1 March 2018

Third party CSS is not safe

...because third-party anything really isn't safe. Jake Archibald:

If you're worried about users tricking your site into loading third party resources, you can use CSP as a safety net, to limit where images, scripts and styles can be fetched from.

We've long discussed security considerations for using and managing third-party scripts, but the topic of security in third-party CSS was recently broached in response to a "trick" that employs keylogging via CSS.

Jake's post is a worthy read because it takes a high-level look at all third-party assets and the risks they pose.

Direct Link to ArticlePermalink


Third party CSS is not safe is a post from CSS-Tricks



from CSS-Tricks http://ift.tt/2EXG4as
via IFTTT

No comments:

Post a Comment

Passkeys: What the Heck and Why?

These things called  passkeys  sure are making the rounds these days. They were a main attraction at  W3C TPAC 2022 , gained support in  Saf...