[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Malicious CSS

From: Yuchen Guo
Subject: Re: Malicious CSS
Date: Fri, 13 Oct 2023 21:25:17 +0000

Michael McMahon <> writes:

> Do you know if the CSS on this page is intentionally malicious or are
> the system requirements for the visuals greater than these old
> machines?

I think that depends on whether we share the same definition for the
phrase "intentionally malicious".

Perhaps the website author did not intend anyone viewing their page. In
that case, it would be safe to assume it was not intentional.  I found
the link while viewing AUTHORS file from a popular piece of Free
Software, namely Xournal++.

About "maliciousness".  When an unsuspecting user visits the page,

with a web browser which understands CSS, their computer will be
occupied with rendering the animation, that even moving the mouse cursor
is difficult.  All with JS disabled.  For reference, I am using a
reasonably specced Kaby Lake laptop computer from the year 2017.

> An example of malicious CSS would be using complex queries to
> fingerprint users that did not want to be fingerprinted. Examples of
> this can be found at the CSS tracking [1] page. 
> [1]

This is certainly eye-opening.  Thanks for the link.

> but it essentially breaks the Internet when you do not view media
> files or CSS.

This is debatable.  The term "Internet" encompasses many different kind
of technologies.  Also, on many occasions I found websites "unbreaked"
when viewed in Emacs Web Wowser or W3M.  A design with small fonts, or
huge Cookie banners, for example.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]