Skip to content

Commit 0e47605

Browse files
tantektantek
authored
add Security & Privacy appendix per issue w3c#1988 
1 parent e036379 commit 0e47605

File tree

1 file changed

+79
-0
lines changed

1 file changed

+79
-0
lines changed

css-scrollbars-1/Overview.bs

Lines changed: 79 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -170,3 +170,82 @@ This appendix is <em>informative</em>.
170170
This is the First Public Working Draft, no previous draft to describe changes from.
171171
<!-- This appendix describes changes from the
172172
<a href="https://www.w3.org/TR/2018/WD-scrollbars-1-2018MMDD/">First Public Working Draft (FPWD) of DD Month 2018</a>.-->
173+
174+
<h2 class="no-num" id="security-privacy-considerations">Appendix C. Considerations for Security and Privacy</h2>
175+
176+
This appendix is <em>informative</em>.
177+
178+
Per the <a href="https://www.w3.org/TR/security-privacy-questionnaire/#questions">
179+
Self-Review Questionnaire: Security and Privacy: Questions to Consider</a>
180+
181+
<ol>
182+
<li>Does this specification deal with personally-identifiable information?
183+
<p>No.</p>
184+
</li>
185+
186+
<li>Does this specification deal with high-value data?
187+
<p>No.</p>
188+
</li>
189+
190+
<li>Does this specification introduce new state for an origin that persists across browsing sessions?
191+
<p>No.</p>
192+
</li>
193+
194+
<li>Does this specification expose persistent, cross-origin state to the web?
195+
<p>No.</p>
196+
</li>
197+
198+
<li>Does this specification expose any other data to an origin that it doesn’t currently have access to?
199+
<p>No.</p>
200+
</li>
201+
202+
<li>Does this specification enable new script execution/loading mechanisms?
203+
<p>No.</p>
204+
</li>
205+
206+
<li>Does this specification allow an origin access to a user’s location?
207+
<p>No.</p>
208+
</li>
209+
210+
<li>Does this specification allow an origin access to sensors on a user’s device?
211+
<p>No.</p>
212+
</li>
213+
214+
<li>Does this specification allow an origin access to aspects of a user’s local computing environment?
215+
<p>No.</p>
216+
</li>
217+
218+
<li>Does this specification allow an origin access to other devices?
219+
<p>No.</p>
220+
</li>
221+
222+
<li>Does this specification allow an origin some measure of control over a user agent’s native UI?
223+
<p>Yes. The 'scrollbar-*' properties enable the page to change the color and width of the scrollbar
224+
of the user agent’s native UI, e.g. scrollbars on the page’s window, on framed content embedded in the page,
225+
or on overflowing elements with scrollbars in the page.</p>
226+
</li>
227+
228+
<li>Does this specification expose temporary identifiers to the web?
229+
<p>No.</p>
230+
</li>
231+
232+
<li>Does this specification distinguish between behavior in first-party and third-party contexts?
233+
<p>No.</p>
234+
</li>
235+
236+
<li>How should this specification work in the context of a user agent’s "incognito" mode?
237+
<p>No differently.</p>
238+
</li>
239+
240+
<li>Does this specification persist data to a user’s local device?
241+
<p>No.</p>
242+
</li>
243+
244+
<li>Does this specification have a "Security Considerations" and "Privacy Considerations" section?
245+
<p>Yes.</p>
246+
</li>
247+
248+
<li>Does this specification allow downgrading default security characteristics?
249+
<p>No.</p>
250+
</li>
251+
</ol>

0 commit comments

Comments
 (0)