Reviews for CSS Exfil Protection
CSS Exfil Protection by Mike Gualtieri
Response by Mike Gualtieri
Developer response
posted 5 years agoYou aren't forced to use the extension, so if you don't need its protection then don't install.
On your points:
* You are free to create your own test site if you don't trust the page I developed to demonstrate the issue. The page on my site exists for people to use to test that their plugin is working.
* The plugin is 100% open source, so you can view the code yourself to verify that it's doing what is claimed. I've also written a comprehensive technical write up on the issue with proof of concept code that demonstrates how the issue can be abused.
* I know of two cases where bug bounties were paid out by companies to independent researchers (not me) who exploited this issue on a website and used it to gain further access.
* I personally use my extension and uBlock together and do not have any problem. There's a chance there is a conflict and my setup doesn't replicate it, so if you do find a bug, please open a bug report on GitHub with a test case.
* CSS is not disrupted. You should not notice it's running in the background as it scans through the CSS rules quickly and quietly and without disruption.
On your points:
* You are free to create your own test site if you don't trust the page I developed to demonstrate the issue. The page on my site exists for people to use to test that their plugin is working.
* The plugin is 100% open source, so you can view the code yourself to verify that it's doing what is claimed. I've also written a comprehensive technical write up on the issue with proof of concept code that demonstrates how the issue can be abused.
* I know of two cases where bug bounties were paid out by companies to independent researchers (not me) who exploited this issue on a website and used it to gain further access.
* I personally use my extension and uBlock together and do not have any problem. There's a chance there is a conflict and my setup doesn't replicate it, so if you do find a bug, please open a bug report on GitHub with a test case.
* CSS is not disrupted. You should not notice it's running in the background as it scans through the CSS rules quickly and quietly and without disruption.