CSK CSS Scripting Kit

Monday, 27 August 2007

I’m currently in the process of developing a CSS Scripting Kit called “CSK”, this kit will allow you to perform scripting actions that normally would be reserved for Javascript. I believe the standards that browser manufacturers are adopting create major security holes and if they don’t either create new security policies to adapt to this or remove the features altogether we are going to have a major problem in future.

I hope creating this kit will demonstrate to them that they need to take their security policies seriously and hopefully show them that even simple features can be used to create security holes. Stay tuned to this blog for future updates of CSK and I shall be releasing my research soon.

The entry 'CSK CSS Scripting Kit' was posted on August 27th, 2007 at 2:13 pm and is filed under Cascading Style Sheets, php, Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

10 Responses to “CSK CSS Scripting Kit”

  1. Dennison Uy writes:
    No. 1 — August 27th, 2007 at 3:11 pm

    It would be nice if you tell us what these “scripting” actions are (mouseovers? lightboxes? buttons?). I’m looking forward to seeing what CSK can do though.

  2. Gareth Heyes writes:
    No. 2 — August 27th, 2007 at 4:03 pm

    Yeah mouseover,storage,history reading,network scanning,positioning etc I will be expanding it and it will use PHP + CSS, I shall of course keep the code as simple as possible as always.

  3. Dennison Uy writes:
    No. 3 — August 29th, 2007 at 9:08 am

    Awesome! Can’t wait to see it. Cheers.

  4. Gareth Heyes writes:
    No. 4 — August 29th, 2007 at 9:12 am

    I’m currently working on the storage side now, I can send data with CSS, I’m just trying to figure out a way to receive it without refreshing the page.

  5. Dennison Uy writes:
    No. 5 — August 29th, 2007 at 9:15 am

    Wow you can actually do that with CSS? Is this a standard across all browsers?

  6. Gareth Heyes writes:
    No. 6 — August 29th, 2007 at 9:22 am

    Not sure yet, it looks like there might be a way. The kit will be released as Firefox only to start with but I imagine there will be plenty of potential for other browsers as they adopt more CSS 3 standards.

  7. mars writes:
    No. 7 — February 15th, 2008 at 2:33 pm

    Is there a way to have a proper look at your CSK code? (The Kit itself)

  8. mars writes:
    No. 8 — February 15th, 2008 at 2:34 pm

    What I am asking is… have you released it? If so where because I’d love to play around with it.

  9. Gareth Heyes writes:
    No. 9 — February 15th, 2008 at 2:44 pm

    @mars

    It’s not released yet because it isn’t very polished but I’ll provide you with the source if you like:-

    http://www.businessinfo.co.uk/labs/css_scripting_kit/csk.zip

    Enjoy :)

  10. mars writes:
    No. 10 — February 18th, 2008 at 6:36 am

    Much appreciated! You are a prince amongst men!

«
»