Security Icon

Third party CSS is not safe

logged by @adamstac 2018-02-27T22:25:54.376661Z permalink #security #css

Jake Archibald goes much deeper on our previous report of CSS key logging.

Some folks called for browsers to 'fix' it. Some folks dug a bit deeper and saw that it only affected sites built in React-like frameworks, and pointed the finger at React. But the real problem is thinking that third party content is 'safe'.

Jake shared many examples as well as ways to mitigate these types of attacks.

0:00 / 0:00