- by Rodny D`arman, 2 years agoRated 1 out of 5Absolutely weird and unnecessary web extension. There is only one test site and it belongs to the author of the extension. If showing silly pictures you are vulnerable. If it doesn’t show, then you are not vulnerable. Great test! Too suspicious. No one even bothers with this problem that the author of the extension describes. As if problem didn’t exist. Conflicts with other extensions which directly or indirectly work with CSS (Ublock Origin one of them). Disrupts the whole CSS. Most review empty placebo.
Developer responseposted 2 years agoYou aren't forced to use the extension, so if you don't need its protection then don't install.
On your points:
* You are free to create your own test site if you don't trust the page I developed to demonstrate the issue. The page on my site exists for people to use to test that their plugin is working.
* The plugin is 100% open source, so you can view the code yourself to verify that it's doing what is claimed. I've also written a comprehensive technical write up on the issue with proof of concept code that demonstrates how the issue can be abused.
* I know of two cases where bug bounties were paid out by companies to independent researchers (not me) who exploited this issue on a website and used it to gain further access.
* I personally use my extension and uBlock together and do not have any problem. There's a chance there is a conflict and my setup doesn't replicate it, so if you do find a bug, please open a bug report on GitHub with a test case.
* CSS is not disrupted. You should not notice it's running in the background as it scans through the CSS rules quickly and quietly and without disruption.