[css-syntax] Add Privacy/Security section.

tabatkins · tabatkins · commit a6b3fdc8924a · 2016-01-13T10:31:04.000-08:00
diff --git a/css-syntax/Overview.bs b/css-syntax/Overview.bs
@@ -3426,6 +3426,19 @@ Serializing <var>&lt;an+b></var></h3>
 
 	Return <var>s</var>.
 
+<h2 id="priv-sec">
+Privacy and Security Considerations</h2>
+
+	This specification introduces no new privacy concerns.
+
+	This specification improves security, in that CSS parsing is now unambiguously defined for all inputs.
+
+	Insofar as old parsers, such as whitelists/filters, parse differently from this specification,
+	they are somewhat insecure,
+	but the previous parsing specification left a lot of ambiguous corner cases which browsers interpreted differently,
+	so those filters were potentially insecure already,
+	and this specification does not worsen the situation.
+
 <!--
  ██████  ██     ██    ███    ██    ██  ██████   ████████  ██████
 ██    ██ ██     ██   ██ ██   ███   ██ ██    ██  ██       ██    ██
