Hacker News new | past | comments | ask | show | jobs | submit
I have no idea how naive this question is... but here goes.

Some privacy-conscious users disable JS, or use NoScript to selectively enable JS. My understanding is that this is (1) because JS engines are often themselves a source of vulnerabilities, (2) untrusted code execution might be risky in the face of speculation execution/access attacks.

Do such users need to worry about either, or both, with such advanced, compute-y CSS primitives?

loading story #41452925
loading story #41452817
loading story #41453372
loading story #41453912