css – Page 5 – WindowsTechs.com

XSS in custom, user-supplied CSS

Posted on November 23, 2018 by Ondrej Vrabel

Users of our web app would like to use custom CSS to customize parts of UI. I’ve came up with some kind of blacklist for CSS “bad words” and I’m curious whether it is sufficient or if I need to improve it.
Basically, if the C… Continue reading XSS in custom, user-supplied CSS→

How to break Content Scramble System at complexity of 2^16? [migrated]

Posted on October 19, 2018 by Anh Đức Lương

It’s about Content Scramble System (CSS). The key size is 240 but it is possible to break CSS at complexity of 216. So how does it work?

Continue reading How to break Content Scramble System at complexity of 2^16? [migrated]→

What are the dangers of "style-src: ‘unsafe-inline’"? [duplicate]

Posted on October 18, 2018 by Anders

This question already has an answer here:

Style attribute XSS without quotes

1 answer

This is a common sight in content s… Continue reading What are the dangers of "style-src: ‘unsafe-inline’"? [duplicate]→

Hide backdoor inside CSS background-image

Posted on October 2, 2018 by Aiden

is it possible to create backdoor with css background-image ?
here i have a sample of backdoored file called css.php, and there is script to execute backdoor background-image : url(“http://localheart/riset_backdoor/gambar.ph… Continue reading Hide backdoor inside CSS background-image→

Dangers on Safari

Posted on September 17, 2018 by David Harley

The Safari Reaper attack, and URL spoofing
The post Dangers on Safari appeared first on Security Boulevard.
Continue reading Dangers on Safari→

Watch Out! This New Web Exploit Can Crash and Restart Your iPhone

Posted on September 17, 2018 by Wang Wei

It’s 2018, and just a few lines of code can crash and restart any iPhone or iPad and can cause a Mac computer to freeze.

Sabri Haddouche, a security researcher at encrypted instant messaging app Wire, revealed a proof-of-concept (PoC) web page contain… Continue reading Watch Out! This New Web Exploit Can Crash and Restart Your iPhone→

How to crash and restart an iPhone with a CSS-based web attack

Posted on September 17, 2018 by Graham Cluley

A security researcher has revealed a method of crashing and restarting iPhones and iPads, with just a few lines of code that could be added to any webpage.
Read more in my article on the Hot for Security blog.
Continue reading How to crash and restart an iPhone with a CSS-based web attack→

Firefox Gets Variable Fonts, Automatic Dark Theme on macOS

Posted on September 5, 2018 by Mehedi Hassan

Mozilla’s web browser joins Microsoft Edge and Google Chrome in supporting CSS Variable Fonts.
The post Firefox Gets Variable Fonts, Automatic Dark Theme on macOS appeared first on Thurrott.com.
Continue reading Firefox Gets Variable Fonts, Automatic Dark Theme on macOS→

CSS vulnerabilities [closed]

Posted on August 6, 2018 by user183535

How to detect CSS vulnerabilities (not XSS)?
We use /’ or ‘ to detect Sqli. Are there any methods for detecting CSS vulnerabilities?

Continue reading CSS vulnerabilities [closed]→

How can i block tag style?

Posted on August 5, 2018 by Yusuf HR

How can i block tag style inside iframe?

I have an iframe website when it is starting the document iframe append it.

How can i change the display property to intital?

Continue reading How can i block tag style?→