As the syntax for CSS Custom Properties is overly permissive it’s possible to store a JavaScript attack vector in them …
Injecting a JavaScript Attack Vector using CSS Custom Properties
Tag Archives: attack
A rather geeky/technical weblog, est. 2001, by Bramus