What specifically does Google Docs do that requires it?

> And the attack in OP does not require iframes

How do you frame the victim site without iframes?

Google wants documents to be embeddable on external sites.

> How do you frame the victim site without iframes?

You don't, you use it in a different scenario. For example if you have HTML injection, but its fairly limited due to strict CSP.

I'm so lost, or at least, struggling. Why is modern HTML/CSS like this?

So there's apparently a hidden <checkbox>, and then a <label> "for" the checkbox that contains no text, but takes up space due to CSS properties. And also apparently clicking on the label toggles the checkbox because, it just works that way by default? And then the CSS properties can vary depending on the checkbox state, without JavaScript, because that's just built into CSS for some reason? And then in the second box, it's using another label for the same checkbox, so it shares that state.

Then the actual SVG... just defines filters, and doesn't actually draw anything. But the various demos get to pull filter definitions out of the SVG?

And two separate <feTile> tags define a filter in conjunction, one describing the region to take as a tile and the second describing where to tile it? Whereas all the other filters are just transforms on a common region? Why is it like that (as opposed to, say, having separate source and destination coordinates in the attributes for a single <feTile> tag)?

And what even are these <fake-frame> and <art-frame> elements?

I think it's pretty neat. It allows me to build cool interactive stuff such as the post in question without having to use JavaScript.

> And also apparently clicking on the label toggles the checkbox because, it just works that way by default?

Yes, that's how semantic HTML forms work.

> And then the CSS properties can vary depending on the checkbox state, without JavaScript, because that's just built into CSS for some reason?

Yes, it makes sense to be able to style an unchecked checkbox differently from a checked one. And I'm just using CSS's `:has()` to check for the state: html:has(#foo:checked) label[for=foo] { ... }

> And two separate <feTile> tags define a filter in conjunction, one describing the region to take as a tile and the second describing where to tile it?

<feTile> is a single element filter just like all the other ones. It just tiles the current image to the desired size. If the input is bigger than the output, it functions as a crop instead. So I use two of them to achieve a crop + tile.

> And what even are these <fake-frame> and <art-frame> elements?

They're autonomous custom elements, you can just make them up instead of using div-soup.

I touched on it in this post: https://lyra.horse/blog/2025/08/you-dont-need-js/

Aha.

> I touched on it in this post: https://lyra.horse/blog/2025/08/you-dont-need-js/

I coincidentally was given that link elsewhere since posting and have been reading it and clarified much of the rest as well. Amazing work on the blog overall.

Most of the things you mention are not "modern"

> And also apparently clicking on the label toggles the checkbox because, it just works that way by default?

This goes back to the 90s. Clicking on a form widget label causes the widget to be focused.

I believe the original rationale is that is how desktop UIs do it. Also for checkboxes and radio buttons the hitbox would otherwise be quite small.

> And then the CSS properties can vary depending on the checkbox state, without JavaScript, because that's just built into CSS for some reason?

Well yes, if you want to customize the way checkboxes look you need to apply different styles depending on their state. Support for this literally goes back to version 1 of firefox.

> But the various demos get to pull filter definitions out of the SVG?

That's kind of a natural consequence of being able to embed SVG namespace elements directly in html. CSS supports it via the filter property, but i think even before that property existed you could probably do it via direct embedding svg in html or vice versa.

Anyways, my point is this isn't a situation of, what has modern html wrought. Most of this is very old features. I bet you probably could have done the same attack a decade ago.

It doesn't surprise me that this is possible for the checkbox, but it does surprise me that the label responds to the corresponding checkbox's state. (I take it that the styling is being applied to the labels, simply so that multiple labels can share state by all being "for" the same hidden checkbox.)

> That's kind of a natural consequence of being able to embed SVG namespace elements directly in html. CSS supports it via the filter property, but i think even before that property existed you could probably do it via direct embedding svg in html or vice versa.

I've only ever used SVG for... scalable vector graphics. I don't understand why CSS needs access. I get that SVG uses tags so that individual elements of the drawing can be in the DOM and then e.g. get animated by JavaScript. But I would have expected that to require JavaScript.

I dont really think css filter is neccesary here though. I suspect the exploit could be implemented without that part just by embedding svg on the page.

> You are within your rights to say no

Given that you don't have a right to enter, if you say no (which you are within your rights to do), and you are denied entry, then nothing wrong has happened.

If you believe that they shouldn't make entry conditional on something, then you are asserting a right to enter. That's what "right" means.

Your analogy does seem workable, though - let's examine:

> If someone comes up to me and asks for food, I am not obliged to give it to them.

Yes! 100% agree. They probably have a right to ask for food in countries that protect free speech, but they have no right to have requests fulfilled.

> If I say to them, "I will give you food, on the condition that I can punch you in the face", and they decline to be punched in the face,

Sounds great. You have the right to say no. You did say no basically, but you did make a counteroffer. (This is arguably also especially true due to free speech, though that's unrelated to our points.) Your exact counteroffer doesn't seem relevant to me, it could also just be that you'll give it for $50, or $1,000,000 and nothing changes.

He thinks it's a bad offer and gets none of your food.

> "nothing wrong has happened"?

I do think nothing wrong has happened! Is it only because you used food, which a necessity, that you think it's wrong? What if it's a PS5? Would this be ok if the asker is seeking a free PS5? Visiting a foreign country is much more like a PS5 than it is a potato.

> If someone else says "You must not make punching someone in the face a precondition of giving them food", does that create a "right to food"? Of course not.

That is the worst policy I could imagine since it's vague and undefined. Can one ask for a kick to the groin? An elbow to the funny bone? If you did the policymaker's job correctly you'd need to make the policy like "No one may deny a request for food/PS5s" -- that exactly creates a right to food/PS5s. Or you could make the policy "No one may deny a request for food/PS5s but one may require compensation, which may only be less than $50 in US Currency. Compensation in the form of a service or a trade may not be required."

That creates a right to pay $50 or less for food/PS5s.

Every ethical problem is vague and undefined. If you can't find an infinitely precise specification of the ethical problem, that doesn't make it invalid.

However, even at the level of policy, your analysis does not go through. It is routine and unproblematic for laws to exist that prohibit "you can't enter this bar if you're black" or "I won't hire you because you're a woman". It simply does not follow that employers are "forced to hire people". They are forced to apply consistent, legitimate rules when hiring people. Whether a rule is consistent and legitimate is usually decided by a judge. This is not an unusual thing.

P.S. are you writing this with an LLM? If you aren't, I'm sorry. But it really sounds like you are. If you are, please stop.

The whole reason we have those types of employment and public accommodation laws is a special case though. In terms of employment, we prefer this to a world where black people or women can't get jobs, because jobs are necessary, or can't enter half the establishments because people witnessed that Jim Crow was a shitty and shameful situation. And I do stipulate that that doesn't mean the same as "all women have the right to a job at my company upon demand."

But why don't we also have laws criminalizing things like refusing to be friends with $SKIN_COLOR people? I think it's because it's only in those specific realms like employment and public accommodation where we have created rights. The right to shop in a place that is open to the general public is a right Black people got from a law. And the right of people to be considered for a job without regard to their membership in certain protected classes is something the Equal Employment Opportunity Act of 1972 created. There is no right of foreigners without a green card to enter in the first place - CBP can completely legally say no to anyone, so no 'counteroffer' of conditional admittance could be inappropriate. The only exception I can think of is misconduct of the officer, e.g. 'I'll admit you if you give me $10,000' or a more unsavory favor. But with that already being illegal, I don't think it is too relevant here.

Not just that, at least in my understanding of American political theory. It's because of the existing right to freedom of association. If it is criminal to refuse association, that association becomes compulsory, and thus not free.

Yes, of course nothing wrong has happened. The other party decided that the food was not worth a punch in the face. The other party is no worse off than if you had made no offer. The other party is no worse off than if you had responded to "may I have some food please" with "no".

Downthread:

> It is routine and unproblematic for laws to exist that prohibit "you can't enter this bar if you're black" or "I won't hire you because you're a woman".

This is completely irrelevant. "I will give you food, on the condition that you change your immutable characteristics" is incoherent. "You can't enter the country because you didn't submit to this violation of your privacy" is a) targeted at someone who definitionally doesn't have those constitutional protections in the US and b) not an expression of any kind of identity-group prejudice.

This is a very strange failure of reading comprehension. I think you're trying to write "I will only give you food if you're white." Are you trying to say this sentence is incoherent? I admit that if you say this sentence to a black person, it is logically equivalent to "I will give you food if you change your immutable characteristics". But they are not logically equivalent in general, so your gotcha doesn't apply to my argument.

About your actual argument: a) it is obvious they don't have constitutional protections, I am not arguing about the law, this is an ethical point; b) identity-group prejudice is not the only kind of unethical behaviour. Since you mention prejudice, I think you proved my point - if the ethical standard was "nobody is materially worse off" then this kind of prejudice would just be irrelevant. If the US had a "whites only" immigration policy that would be A-OK with you, they have no obligation to let people in. If that's your ethical standard, I have nothing more to say.

The system described still requires action by the webmaster. Their options are: deny the entire site to those sending an RTA header; evaluate the content themselves; or trust the uploader. (Or a combination: have uploaders opt-in to evaluation for a fee, with the content denied to kids by default.)

It is up to the client what to do with the header which right now is nothing. A law would be required to get the snippet of code added to user agents. I estimate it would take an intern one afternoon to get it into the clients they support not counting dev/qa, management approval, etc...

Challenge to FAANG: Show off your interns! There is no harm in adding the code required to detect this header. Example header to detect sent from NGinx. If you detect this header activate nanny controls. To be safe do a separate parental_build to get manager approval.

     add_header Rating 'RTA-5042-1996-1400-1577-RTA' always;

For fun, search for this on Shodan.

The website owners and operators have to decide which URLs get the header. If the categorization is "either adult or user-generated content", then I already covered that for the case of YouTube: i.e., the entire site is denied to kids (whose parents opt in).

I also covered that here [1]. Indeed if parents do not enable all of Youtube or Youtube does not move most adult content into a unique URL or their server does not send the header for anything flagged as adult the kids will not be advertised to. They would have to go to a kid friendly site that moderates before a video is viewable or Youtube would have to change moderation tactics. Kids need not visit Youtube. There are kid friendly sites.

[1] - https://news.ycombinator.com/item?id=46152727

Oh, come on. Surely the scale wasn't that precise.

They deserve strict regulation because the carrier is actively choosing who sees them, and because there are explicit fiscal incentives in play. The entire point of Section 230 is that carriers can claim to be just the messenger; the only way to make sense of absolving them of responsibility for the content is to make the argument that their conveyance of the content does not constitute expression.

Once you have auctions for ads, and "algorithmic feeds", that becomes a lot harder to accept.

Incorrect, and it's honestly kinda fascinating how this meme shows up so often. What you're describing is "common carrier" status, like an ISP (or Fedex/UPS/post office) would have. The point of Section 230 was specifically to enable not being "just the messenger", it was part of the overall Communications Decency Act intended to aid in stopping bad content. Congress added Section 230 in direct reaction to two court cases (against Prodigy and CompuServe) which made service providers liable for their user's content when they didn't act as pure common carriers but rather tried to moderate it but, obviously and naturally, could not perfectly get everything. The specific fear was that this left only two options: either ban all user content, which would brutalize the Internet even back then, or cease all moderation, turning everything into a total cesspit. Liability protection was precisely one of the rare genuine "think of the children!" wins, by enabling a 3rd path where everyone could do their best to moderate their platforms without becoming the publisher. Not being a common carrier is the whole point!

I know that. I spoke imprecisely; my framing is that this imperfect moderation doesn't take away their immunity — i.e. they are still treated as if they were "just the messenger" (per the previous rules). I didn't use the actual "common carrier" phrasing, for a reason.

It doesn't change the argument. Failing to apply a content policy consistently is not, logically speaking, an act of expression; choosing to show content preferentially is.

... And so is setting a content policy. For example, if a forum explicitly for hateful people set a content policy explicitly banning statements inclusive or supportive of the target group, I don't see why the admin should be held harmless (even if they don't also post). Importantly, though, the setting (and attempt at enforcing) the policy is only expressing the view of the policy, not that of any permitted content; in US law it would be hard to imagine a content policy expressing anything illegal.

But my view is that if they act deliberately to show something, based on knowing and evaluating what it is that they're showing, to someone who hasn't requested it (as a recommendation), then they really should be liable. The point of not punishing platforms for failing at moderation is to let them claim plausible ignorance of what they're showing, because they can't observe and evaluate everything.