Wednesday, May 8, 2019

burn it with fire: css hacks for a js-free messaging client

Oh dear. css-only-chat is a bizarre project that creates a crude, click-each-letter asynch chat client without JS - just CSS.

The README explains the trick - CSS won't load, say, an imag for the active state of a button until the button is active. So we have an easy way of alerting a server a button has been clicked. Combine that with old-school "comet"-like never-really-finish-loading-the-page, keep-the-connection-open tricks and then we can update the page as well- both to see the other person's chat and to reset the buttons since they would otherwise be one-click-only wonders.

Similar CSS-lazy-loading techniques can be used for a crude keylogger or to track mouse movements even when js is disabled.

No comments:

Post a Comment