Closed terjanq closed 2 years ago
Even though CSS injections in general are not considered XS-Leaks directly, there are some cross-site techniques to smuggle data outside via CSS only.
Maybe it would make sense to create a one section called CSS Injection and bring all the known techniques there. We have mentioned about CSS injection in execution timing: https://xsleaks.dev/docs/attacks/timing-attacks/execution-timing/#css-injections
Some research into that: https://x-c3ll.github.io/posts/CSS-Injection-Primitives/
https://github.com/xsleaks/wiki/pull/123
Even though CSS injections in general are not considered XS-Leaks directly, there are some cross-site techniques to smuggle data outside via CSS only.
Maybe it would make sense to create a one section called CSS Injection and bring all the known techniques there. We have mentioned about CSS injection in execution timing: https://xsleaks.dev/docs/attacks/timing-attacks/execution-timing/#css-injections