March 1, 2018 10:40 pm GMT
Original Link: https://jakearchibald.com/2018/third-party-css-is-not-safe/
Third party CSS is not safe
...because third-party anything really isn't safe. Jake Archibald:
If you're worried about users tricking your site into loading third party resources, you can use CSP as a safety net, to limit where images, scripts and styles can be fetched from.
We've long discussed security considerations for using and managing third-party scripts, but the topic of security in third-party CSS was recently broached in response to a "trick" that employs keylogging via CSS.
Jake's post is a worthy read because …
Third party CSS is not safe is a post from CSS-Tricks
Original Link: https://jakearchibald.com/2018/third-party-css-is-not-safe/
Share this article:
Tweet
View Full Article