CSS keylogger to monitor counters

[ffoodd]

By using a CSS-only keylogger thing, we could do something pretty fun: monitor a11y.css results for a defined page.

Thsi trick has been unveiled as a security exploit doable with CSS only, as a keylogger: pinging a custom URL based on the last character added to an input value — making you able to get passwords, for example.

But here comes my mind: we could also use this trick to send a ping for each test in a11y.css, with a specific referrer — which, with a little help for a monitoring page and some scripting, could lead us to monitor a11y.css' results for a specific URL.

It could even be added to the webextension, keeping a trace of results for any URL.

Some resources:

• CSS Keylogger on CSS-Tricks
• Max Chehab original keylogger (even if I fuirst saw a reference to this in a Mathias Bynens' talk a few years ago)
• CSS only chat