Yoram Blumenberg

81 days ago

Third party CSS is not safe


Some folks called for browsers to 'fix' it. Some folks dug a bit deeper and saw that it only affected sites built in React-like frameworks, and pointed the finger at React. But the real problem is thinking that third party content is 'safe'. If I include the above, I'm trusting example.com.