- by Firefox user 14416076, 3 years agoRated 4 out of 5Is there a way to disable this on certain domains? It breaks certain sites styling (4chan.org/g/).
Developer responseposted 3 years agoNot at the moment, but it's planned. I checked 4chan and styling works OK in Chrome, but not Firefox so there must be something specific in Firefox that's causing an issue. I'll look into why this may be happening.
Edit 11/19/2018: FYI - A new version of the plugin has been released today (1.0.10) that should fix the issue you were experiencing.
- by jawz101, 3 years agoRated 4 out of 5Have you considered submitting something to the Firefox bug tracker to see if something can be resolved in the browser itself?
Developer responseposted 3 years agoI did not, but maybe I should. I've thought about reaching out to a project like Brave that includes privacy protections in the default configuration. Either way, I would want to review the Firefox source first and determine how such an implementation would be handled. There are advantages to including such protections within the browser itself; but, the negative is that it breaks compatibility with the CSS specification standard. The flaw isn't necessarily within the browser, but in CSS itself.
- by Langoliers, 4 years agoRated 5 out of 5I had no idea this was an issue until reading about it recently. Thanks so much for this extension, appears to be working based on the test page. Hopefully I'll never find a website compromised and using CSS in this manner, however, at least I will have a number sign to show how many and also protection against it.
Thanks for that!
Also, I haven't found the compiled version for Chrome, is it on the chrome store? My friend uses chrome, thanks.Thanks for the review! You should be able to find it on the Chrome store by searching 'CSS Exfil Protection'. I also have a direct link from the vulnerability tester page: https://www.mike-gualtieri.com/css-exfil-vulnerability-tester
- by Firefox user 13262486, 4 years agoRated 4 out of 5Thanks for this. But when I disable JS on a website having this addon makes the website send 2 requests for each css request - one as CSS and tries to send one as a XHR request (even though JS is disabled for the website). Why is this?
- by Firefox user 12793954, 4 years agoRated 4 out of 5Hello, could you make it enable/disable on icon click instead of opening the popup?Thanks for the suggestion! I plan to add a few new features into the popup area so for the time being I need to keep the icon click for opening the popup. If you need to disable the plugin because it's not working on a site, please let me know what site is causing problems and I'll get a fix out asap!
- by Donald Reed, 4 years agoRated 5 out of 5Thanks for this interesting project! Unfortunately it causes issues on some sites so it would be nice to have a whitelist per site instead of disabling it everywhere.Thanks for the comment and review! A whitelist is a great idea I'll work into a future release. In the meantime, could you leave a comment on my website with the site(s) that are causing issue? I'd like to see if this is due to a bug / false positive, or if it is legitimately blocking styles which would cause issue.