Allow enabling CSS minifier for improved privacy

[h-h-h-h]

I use Stylus in Firefox on Windows 10.

When I check the DOM with the developer tools, I see, Stylus embeds my original style text into it:

<style id="stylus-2" type="text/css" class="stylus">
/* My brilliant style revealing business secrets. */
...
</style>

Similar to other types of fingerprinting, 3rd parties can send the innerHTML back to the server and inspect your original CSS text.

It would obviously be best to style a webpage without providing the CSS text to 3rd parties. Because it is not done this way, I suspect, it's impossible.

To improve the situation, there could be an option to enable minifying the CSS, thus striping out all comments.

Here's a benchmark of different CSS minifiers written in JavaScript. CSSO and Crass are the fastest.

---

At the very least, there should be a note, that others may get hold of your CSS text by sending it from the webpage back to the server.

[tophf]

We can strip the comments, but it's really weird to put business secrets there so I'm not sure we should add this feature even as an option. There are almost always weird ways to shoot yourself in the leg, but that doesn't mean we should account for all of that.

We'll switch to tabs.insertCSS in the future (see #248) which makes the styles totally inaccessible from the web page.

[h-h-h-h]

That's great! Thanks.

I guess, we can close this issue, then.