- Rated 1 out of 5by Rodny D`arman, 3 years agoAbsolutely weird and unnecessary web extension. There is only one test site and it belongs to the author of the extension. If showing silly pictures you are vulnerable. If it doesn’t show, then you are not vulnerable. Great test! Too suspicious. No one even bothers with this problem that the author of the extension describes. As if problem didn’t exist. Conflicts with other extensions which directly or indirectly work with CSS (Ublock Origin one of them). Disrupts the whole CSS. Most review empty placebo.You aren't forced to use the extension, so if you don't need its protection then don't install.
On your points:
* You are free to create your own test site if you don't trust the page I developed to demonstrate the issue. The page on my site exists for people to use to test that their plugin is working.
* The plugin is 100% open source, so you can view the code yourself to verify that it's doing what is claimed. I've also written a comprehensive technical write up on the issue with proof of concept code that demonstrates how the issue can be abused.
* I know of two cases where bug bounties were paid out by companies to independent researchers (not me) who exploited this issue on a website and used it to gain further access.
* I personally use my extension and uBlock together and do not have any problem. There's a chance there is a conflict and my setup doesn't replicate it, so if you do find a bug, please open a bug report on GitHub with a test case.
* CSS is not disrupted. You should not notice it's running in the background as it scans through the CSS rules quickly and quietly and without disruption.
- Rated 4 out of 5by mik3, 3 years agonice, but needs whitelistning.
Does "CSS Exfil Protection" conflict with uBlock?It doesn't conflict with uBlock as far as I can tell. A user recently opened a bug report about it potentially conflicting. I did testing and could not replicate. The issue could be caused by multiple extensions being combined together, but I'm unsure what that combination might be. If you have a test case that shows the issue let me know so I can investigate! FYI - I use both my extension and uBlock on some of my devices and have not had issue.
- Rated 5 out of 5by CStark, 3 years agoDisregard unless you're U.S. age 62+ Social Security. Could NOT login for weeks to the Soc Sec site (FF 67.0.1) ("Cannot process - Try later" --- https://secure.ssa.gov/RIL/SiView.action - WITH the App in use/ Worse, the "Is it Up-Down" site at websiteplanet.com said Site Down & I wrongly believed it/ finally tested Ext's On/Off to discover this one is cause. Couldn't see a Whitelist mod so stopped use. Probably a Great App.
Thanks for the Follow-up and I'll Re-install when appropriate. I always believed the Up-Dn site was Independent of your Ext; The incorrect Down status report just delayed testing Extensions to get me on the road to a solution. 5 Stars, regardless, because of your commitment!
6-18-19 Re- Installed and working as advertised. All the Best!My apologies for the inconvenience! You uncovered a bug that I haven't encountered thus far. I am working on a fix and will edit this comment once a new version is released. The bug for this issue is tracked at this issue on GitHub: https://github.com/mlgualtieri/CSS-Exfil-Protection/issues/14
Edit 1: I have a fix that appears to be fully working in testing now. If all goes well a release will come soon. FYI - I also looked into that up/down site at websiteplanet.com and the issue with that site is not related to the plugin. My guess is that the SSA website is blocking checks from that site that would be used to determine if a website is up/down. Same result with the plugin and in a clean profile with no plugins.
Edit 2: I just released version 1.0.14. I've tested the fixes for several days now and everything seems to be working properly. It will fix your issue with the SSA website. Thank you again for bringing attention to the bug!