Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

__css_exfil_protection_filtered_styles #3

Open
earthlng opened this issue Mar 1, 2018 · 4 comments
Open

__css_exfil_protection_filtered_styles #3

earthlng opened this issue Mar 1, 2018 · 4 comments

Comments

@earthlng
Copy link
Contributor

earthlng commented Mar 1, 2018

https://github.com/mlgualtieri/CSS-Exfil-Protection/search?q=__css_exfil_protection_filtered_styles

this doesn't seem to be used in the Firefox version but it makes it easy for a site to detect that the addon is used. Can this be removed, at least from the FF version?

@mlgualtieri
Copy link
Owner

That sheet is used for both FF and Chrome... it's the sheet that contains all the filtered styles. I didn't think about how it could be potentially used to detect the plugin though. I'm utilizing that class for a bigger modification I'm working on, but it may be possible to edit it to a randomly generated string on each load. Will do some thinking / experimentation on this.

BTW - I just rolled out 1.0.7 of the plugin which included your patch. Thanks!

@earthlng
Copy link
Contributor Author

earthlng commented Mar 2, 2018

Oh okay if it's for something you're still working on then it makes sense. It's just that I noticed the node was always empty and seemingly unused when I inspected the page on both your own test site and the keylogger demo. And in the Firefox version you're not accessing it via the class name anywhere.

@mlgualtieri
Copy link
Owner

It's strange, I've also noticed that the node in both Chrome and Firefox appears empty in the inspector, but it is indeed the node that contains all the filtered styles (if there are any). You can't see this unless you look at one of the elements whose style has been blocked. Once you do you will see that node referenced with the new CSS override.

I like the idea about randomizing the class on load... So I'll integrate that in with the next release -- assuming I don't run into major issues doing so.

@earthlng
Copy link
Contributor Author

earthlng commented Mar 2, 2018

Thanks for explaining. Strange indeed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants