Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Are there security concerns related to enabling CSS?


Absolutely! The styling could be entirely offensive, cause blindness, or unpleasant reactions.


I am not about now but there were a few. Google css xss.

There was/is(?) the background-image on visited links "hack". Put simply, you could specify a background-image on a link to, let's say, facebook.com and you would know if the user has visited facebook because they would have loaded the image.

I'm pretty sure today's browsers don't let you specify background images on visited links because of this.





Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: