Overview
Explore a fascinating 42-minute conference talk from CSSConf.Asia 2015 that delves into lesser-known aspects of CSS. Discover syntax gimmicks, quirks, and unexpected tricks involving CSS, as well as potential security vulnerabilities arising from its unconventional use. Learn about font family names, unquoted attribute values, CSS comments, valid HTML, using CSS without HTML, classes and IDs in HTML, escaping CSS selectors, injection contexts, data leakage from the DOM, IE's legacy document modes, CSS expressions in IE, avoiding CSS expression vulnerabilities, and more. Gain insights from Mathias Bynens, a Belgian web standards enthusiast and member of Opera Software's Developer Relations team, as he shares his expertise on HTML, CSS, JavaScript, Unicode, performance, and security.
Syllabus
Intro
Font family names in CSS
Unquoted attribute values
CSS comments
Valid HTML
CSS without HTML
Classes and IDs in HTML
Escaping CSS selectors
Injection contexts
Leaking an attribute value
Stealing data from the DOM
Leaking unique symbols from a text node
IE's legacy document modes
CSS Expressions in IE s 10
How to avoid CSS expression vulnerabilities?
Freezing Firefox
What band is this?
What song is this?
Taught by
JSConf