Added security/privacy self review to the anchored queries explainer (w3c#12246)

lilles · web-flow · commit fd2689d3bbe4 · 2025-05-28T13:08:58.000+02:00
diff --git a/css-anchor-position-1/anchored_container_query.md b/css-anchor-position-1/anchored_container_query.md
@@ -181,3 +181,113 @@ Chrome Canary 138.0.7194.0 and later has an experimental implementation behind a
 index-based syntax. A simple demo can be found on
 [codepen](https://codepen.io/lilles/pen/VYLZZqj).
 
+## [Self-Review Questionnaire: Security and Privacy](https://w3c.github.io/security-questionnaire/)
+
+The full questionnaire is at https://w3c.github.io/security-questionnaire/.
+
+---
+
+01.  What information does this feature expose,
+     and for what purposes?
+
+     Only style and layout information which is currently exposed through existing APIs.
+
+02.  Do features in your specification expose the minimum amount of information
+     necessary to implement the intended functionality?
+
+     Yes
+
+03.  Do the features in your specification expose personal information,
+     personally-identifiable information (PII), or information derived from
+     either?
+
+     No
+
+04.  How do the features in your specification deal with sensitive information?
+
+     N/A
+
+05.  Does data exposed by your specification carry related but distinct
+     information that may not be obvious to users?
+
+     No
+
+06.  Do the features in your specification introduce state
+     that persists across browsing sessions?
+
+     No
+
+07.  Do the features in your specification expose information about the
+     underlying platform to origins?
+
+     No
+
+08.  Does this specification allow an origin to send data to the underlying
+     platform?
+
+     No
+
+09.  Do features in this specification enable access to device sensors?
+
+     No
+
+10.  Do features in this specification enable new script execution/loading
+     mechanisms?
+
+     No
+
+11.  Do features in this specification allow an origin to access other devices?
+
+     No
+
+12.  Do features in this specification allow an origin some measure of control over
+     a user agent's native UI?
+
+     No
+
+13.  What temporary identifiers do the features in this specification create or
+     expose to the web?
+
+     None
+
+14.  How does this specification distinguish between behavior in first-party and
+     third-party contexts?
+
+     N/A
+
+15.  How do the features in this specification work in the context of a browser’s
+     Private Browsing or Incognito mode?
+
+     Behavior in such contexts is the same as in a normal context.
+
+16.  Does this specification have both "Security Considerations" and "Privacy
+     Considerations" sections?
+
+     No, there is no specification yet, only this explainer.
+
+17.  Do features in your specification enable origins to downgrade default
+     security protections?
+
+     No
+
+18.  What happens when a document that uses your feature is kept alive in BFCache
+     (instead of getting destroyed) after navigation, and potentially gets reused
+     on future navigations back to the document?
+
+     This is a CSS and layout feature that is not observable in an inactive document.
+
+19.  What happens when a document that uses your feature gets disconnected?
+
+     This is a CSS and layout feature that is not observable in an inactive document.
+
+20.  Does your spec define when and how new kinds of errors should be raised?
+
+     No errors will be raised
+
+21.  Does your feature allow sites to learn about the user's use of assistive technology?
+
+     No
+
+22.  What should this questionnaire have asked?
+
+     --
