How to Use CSS to Abuse the Media Query Caveat

There was a way to abuse the media query caveat and the CSS, um, block comments to actually prove that you could run arbitrary CSS. I would generate all this CSS and then the user would go to that page and they would input a credit card number. So when that happens, it triggers a class which loads an external font on my server. The parent tab reaches out to my server, it loads up that character that it had submitted to it all,. All the time, there's like a 10 millisecond lag with font. It does that every single time. This is how the actual attack work, right? "It just looks to the user like they're typing with like maybe like