|
|
|
|
|
|
by Freak_NL
3703 days ago
|
|
|
Complexity in CSS itself does not significantly increase the attack surface if the complexity is contained to rendering and layout. There are potential privacy issues in CSS (such as the loading of assets from external URLs, e.g., fonts with @font-face), and I expect there are extensions that block any attempt to perform HTTP requests from CSS to prevent browser fingerprinting. But JavaScript can do a lot more, even if you disallow it to make HTTP requests; it has access to all of the modern APIs included in the browser. CSS on the other hand is still mostly a declarative language that does not allow for much dynamic cleverness. |
|
|