8 May
2005
8 May
'05
1:35 p.m.
On 5/8/05, puregin <puregin@puregin.org> wrote:
Hi K B, yes, the style element can be used in attacks. If an attacker can place CSS on your page, arbitrary elements can be moved, or hidden; images can be replaced, or tiled to completely render the page useless; images can be used in information leak attempts and some browsers extend CSS to allow the execution of scripts.
Thanks. It turned out that style is not the issue, but the on* javascript events.