Hacker Read

minitech · 2019-03-28 07:05:30

I think CSS is probably good enough that we can live without UA sniffing for this.

bzbarsky | karma 8095 | avg karma 3.01 · | 2012-07-19 12:26:15

Half the time the UA sniffing has nothing to do with capabilities and just has to do with people only wanting to test in one browser and use only one set of prefixed CSS properties...

atatatat | karma 431 | avg karma 0.41 · | 2021-05-18 00:55:18+00:00

Right, but maybe later versions of CSS won't be indistinguishable from malware for basic web browsing purposes.

ignoramous | karma 17311 | avg karma 3.91 · | 2022-12-12 15:01:51

If they're rewriting html, I guess sanitizing css won't be beyond them.

bobwaycott | karma 3438 | avg karma 1.8 · | 2016-04-19 21:23:37+00:00

I'll happily agree. I was only pointing out that obfuscation of CSS was not happening.

kazinator | karma 30751 | avg karma 1.78 · | 2014-11-15 00:24:37

Yes, if CSS starts becoming powerful enough to do become a security hole, it will become imperative to selectively disable it, or at least its new, unsafe features.

MatthewPhillips | karma 10535 | avg karma 3.19 · | 2012-08-06 11:02:17

Many people have that concern. What we don't want is to take away CSS maintenance from non-developer designers.

dfcarpenter | karma 31 | avg karma 4.43 · | 2015-08-19 19:27:42

I hope it’s a sign that more designers / front-end people are adopting good development practices! CSS is already a nightmare to maintain so using source control can only be a good thing.

d--b | karma 8973 | avg karma 3.74 · | 2022-02-03 07:12:54

At some point we need to ask who's asking for these CSS features?

Unless it's coming from the NSA who just wants more attack surface, I don't see the point...

reply

aphextron | karma 13989 | avg karma 5.79 · | 2021-03-16 10:56:24+00:00

The thought of a backend technology knowing about my site's CSS theme makes me shudder.

boubiyeah | karma 717 | avg karma 2.6 · | 2016-10-12 08:32:15+00:00

You might also not need CSS.

Doesn't mean you should bruteforce everything with just one tech. CSS is hard to maintain.

reply

benatkin | karma 7495 | avg karma 1.83 · | 2021-03-12 01:07:23+00:00

It's better to reject a 3MB boilerplate CSS file out of hand. Some things are better left untried.

SquareWheel | karma 5258 | avg karma 2.74 · | 2019-06-02 05:04:49+00:00

If a user turns off CSS then virtually no websites will render correctly for them. Adding a specific detection for that fail state is really just unnecessary bloat.

0des | karma 4899 | avg karma 2.46 · | 2021-06-18 14:40:56+00:00

The cohort concerned about tracking, one would think, would not be deterred by broken CSS considering they already live in a JS-free world and might be used to some visual-compromise when browsing.

mcav | karma 5415 | avg karma 5.85 · | 2018-05-31 17:23:56+00:00

Building a powerful sandbox that maintains anonymity is a difficult problem. The statement that CSS is overpowered is clickbait for a different argument.

theandrewbailey | karma 10214 | avg karma 2.28 · | 2014-05-02 03:33:36+00:00

I really hope that's sarcasm. Otherwise we will have people ripping out CSS, like how some people don't optimize because premature optimization is evil. I also don't want to go back to font tags.

jeroen | karma 1803 | avg karma 2.84 · | 2009-07-25 18:56:13

Validating css (or html, rss for that matter) is a bit more than idealistic bullshit. It is testability and professionalism.

adamnemecek | karma 57571 | avg karma 6.54 · | 2022-05-21 12:09:26

Right because dealing with CSS hacks transpilation to target older browser versions is both simple & pleasant.

wizzard | karma 536 | avg karma 2.3 · | 2014-03-25 19:07:26

If you're desperate for new features, you might not care if the CSS is a little wonky.

anoncake | karma 1589 | avg karma 0.5 · | 2019-03-01 11:25:42

Does it? I don't think you can reliably identify whether something is visible if the other site, which controls the CSS, does not want you to. It's a classical arms race situation.