top | item 34727772

(no title)

ompaLompa | 3 years ago

You can do quite a bit of tracking with CSS by conditionally loading third party resources. Tracking pixels, loading different images on hover, active, focus, etc can effectively track users

For example some controlled frameworks can even have CSS only keylogging https://css-tricks.com/css-keylogger/

The correct solution is enable a strict Content Security Policy (CSP) - so even when a user compromises your website with XSS/CSS they cannot extract any data they obtain. Note: this website has not configured a Content Security Policy :(

discuss

No comments yet.