|
|
|
|
|
|
by grardb
614 days ago
|
|
|
Just to make sure I'm not missing anything: All of that essentially only applies to user/untrusted input, right? i.e. if I have a static website with inline CSS (or JS), there's no security concern. In that case, I'm not sure I'd consider inline CSS "unsafe." But it's interesting to see how CSS can be exploited in the same way that JS can be. |
|
|