[mediaqueries-5] Security considerations for display-mode

frivoal · frivoal · commit 8d4a1c83528d · 2021-12-03T11:06:01.000+09:00
See w3c#6343
diff --git a/css-scrollbars-1/Overview.bs b/css-scrollbars-1/Overview.bs
@@ -285,7 +285,7 @@ or any animation thereof, such as fading or sliding in/out of view.
 
 <h2 class="no-num" id="acknowledgments">Appendix A. Acknowledgments</h2>
 
-This appendix is <em>informative</em>.
+This appendix is <em>non-normative</em>.
 
 <p>
 Thanks to the use-cases, prototyping, implementation, and feedback from
@@ -299,7 +299,7 @@ from
 
 <h2 class="no-num" id="changes">Appendix B. Changes</h2>
 
-This appendix is <em>informative</em>.
+This appendix is <em>non-normative</em>.
 
 <h3 class="no-num" id="changes-since-2021-08-05">
 Changes from the <a href="https://www.w3.org/TR/2021/WD-css-scrollbars-1-20210805/">2021-08-05 Working Draft</a></h3>
@@ -327,7 +327,7 @@ Changes from the <a href="https://www.w3.org/TR/2018/WD-css-scrollbars-1-2018092
 
 <h2 class="no-num" id="security-privacy-considerations">Appendix C. Considerations for Security and Privacy</h2>
 
-This appendix is <em>informative</em>.
+This appendix is <em>non-normative</em>.
 
 <h3 class="no-num" id="security-considerations">Considerations for Security</h3>
 
@@ -416,8 +416,9 @@ or on overflowing elements with scrollbars in the page.</p>
 
 <h2 class="no-num" id="accessibility-considerations">Appendix D. Considerations for accessibility</h2>
 
-This appendix is <em>informative</em>.
+This appendix is <em>non-normative</em>.
 
+<div class=informative>
 As noted [[#scrollbar-width|in the definition of the property]],
 authors need to be mindful of the accessibility implications
 of using ''scrollbar-width: thin''.
@@ -441,3 +442,4 @@ The CSS Working Group also acknowledges the needs of some users
 to have scrollbars that are wider than is typical.
 Operating systems and user agents can offer a means to let users express that preference,
 and in such cases, CSS will honor that choice.
+</div>
diff --git a/mediaqueries-5/Overview.bs b/mediaqueries-5/Overview.bs
@@ -3367,6 +3367,20 @@ device-aspect-ratio</h3>
 		</pre>
 	</div>
 
+<h2 id=priv-sec class=no-num>
+Appendix B: Privacy and Security Considerations</h2>
+
+	Issue: this section is incomplete
+
+	The 'display-mode' media feature allows an origin
+	access to aspects of a user’s local computing environment and,
+	particularly when used together with an [=application manifest=] [=manifest/display=] member [[APPMANIFEST]],
+	allows an origin some measure of control over a user agent’s native UI:
+	Through a CSS media query, a script can know the display mode of a web application.
+	An attacker could, in such a case,
+	exploit the fact that an application is being displayed in fullscreen
+	to mimic the user interface of another application.
+
 <h2 id="changes" class="no-num">
 Changes</h2>
 
