mccDec 5

lolsob. Developer attempts to replicate liquid glass in CSS and in the process accidentally discovers a novel and rather serious browser vulnerability

https://lyra.horse/blog/2025/12/svg-clickjacking/

"CSS hack accidentally becomes regular hack"

( via @citrusui )

SVG Filters - Clickjacking 2.0

A novel and powerful twist on an old classic.

lyra's epic blog
Show threadTed LemonDec 5

@mcc @citrusui

So did I read it right that this class of exploits doesn't work in Safari?

Show threadRebaneDec 5

@abhayakara @mcc @citrusui it does work in safari, just the demos do not

the demos could be adjusted to work in safari, i just didn't want to bother because it would've made the examples a lot harder to follow along with

Show threadTed Lemon

@rebane2001 @mcc @citrusui

Good to know. Thanks!

Dec 5 at 5:23pmWeb