Injecting a JavaScript Attack Vector using CSS Custom Properties As the syntax for CSS Custom Properties is overly permissive it’s possible to store a JavaScript attack vector in them … Read Post →