> 2. Attacker distributes the link (either directly to a victim or publicly)<p>Since .css was given in the example, is this something that could be used within any given web page's set of HTML link elements (calling stylesheets) so it doesn't have to be clicked? I want to think "no" but also I'm not 100% sure.