27 reviews
  • does what it says on the tin and does it transparently
  • Thank you.
  • Is there a way to disable this on certain domains? It breaks certain sites styling (4chan.org/g/).
    Not at the moment, but it's planned. I checked 4chan and styling works OK in Chrome, but not Firefox so there must be something specific in Firefox that's causing an issue. I'll look into why this may be happening.

    Edit 11/19/2018: FYI - A new version of the plugin has been released today (1.0.10) that should fix the issue you were experiencing.
  • Have you considered submitting something to the Firefox bug tracker to see if something can be resolved in the browser itself?
    I did not, but maybe I should. I've thought about reaching out to a project like Brave that includes privacy protections in the default configuration. Either way, I would want to review the Firefox source first and determine how such an implementation would be handled. There are advantages to including such protections within the browser itself; but, the negative is that it breaks compatibility with the CSS specification standard. The flaw isn't necessarily within the browser, but in CSS itself.
  • Much thanks for writing this add-on!
  • I had no idea this was an issue until reading about it recently. Thanks so much for this extension, appears to be working based on the test page. Hopefully I'll never find a website compromised and using CSS in this manner, however, at least I will have a number sign to show how many and also protection against it.

    Thanks for that!

    Also, I haven't found the compiled version for Chrome, is it on the chrome store? My friend uses chrome, thanks.
    Thanks for the review! You should be able to find it on the Chrome store by searching 'CSS Exfil Protection'. I also have a direct link from the vulnerability tester page: https://www.mike-gualtieri.com/css-exfil-vulnerability-tester
  • Thanks for this. But when I disable JS on a website having this addon makes the website send 2 requests for each css request - one as CSS and tries to send one as a XHR request (even though JS is disabled for the website). Why is this?
  • Hello, could you make it enable/disable on icon click instead of opening the popup?
    Thanks for the suggestion! I plan to add a few new features into the popup area so for the time being I need to keep the icon click for opening the popup. If you need to disable the plugin because it's not working on a site, please let me know what site is causing problems and I'll get a fix out asap!
Page 1 of 2