Harden cosmetic filter validation

Question

Harden cosmetic filter validation

antonok-edm opened this issue 3 years ago · 1 comments

This article describes a CSS exfiltration attack discovered in uBlock Origin. adblock-rust already prevents url(...) from appearing in :style(...) directives, but this attack involves opening and closing comments within the CSS to evade that mitigation.

Answer 1 · 2021-12-06T20:30:59.000Z

Partially fixed by 04c435a