[css-display-3][editorial] Add security questionaire

tabatkins · tabatkins · commit 551a9678fac6 · 2021-09-03T12:47:19.000-07:00
diff --git a/css-display-3/Overview.bs b/css-display-3/Overview.bs
@@ -241,8 +241,7 @@ Box Layout Modes: the 'display' property</h2>
 	Animation type:	not animatable
 	</pre>
 
-	<p class=all-media>User agents are expected to support this property on all media, including non-visual ones.</p>
-
+	<p class=all-media>User agents are expected to support this property on all media, including non-visual ones.
 	The 'display' property defines an element's <dfn export>display type</dfn>,
 	which consists of the two basic qualities of how an element generates boxes:
 
@@ -889,8 +888,7 @@ Toggling Box Generation: the 'display-or-not' property</h2>
 	Computed value: as specified
 	</pre>
 
-	<p class=all-media>User agents are expected to support this property on all media, including non-visual ones.</p>
-
+	<p class=all-media>User agents are expected to support this property on all media, including non-visual ones.
 	The ''display: none'' value was historically used as a "toggle"
 	to switch between showing and hiding an element.
 	Making this reversible requires either setting up the CSS <a>cascade</a> carefully,
@@ -1950,12 +1948,10 @@ Changes Since 2020 Candidate Recommendation</h3>
 						<del>Behaves as</del> <ins>Computes to</ins> ''inline &hellip;''.
 				</dl>
 				<p class="note"><ins>Note: Although these keywords and their equivalents compute to the same value,
-				their [=specified values=] remain distinct.</ins></p>
-				<p class="note"><ins>Note: The {{Window/getComputedStyle()}} serialization rules
+				their [=specified values=] remain distinct.</ins>				<p class="note"><ins>Note: The {{Window/getComputedStyle()}} serialization rules
 				will always output these precomposed keywords
 				rather than the equivalent two-keyword pairs
-				due to the [[cssom#serializing-css-values|shortest, most backwards-compatible serialization principle]].</ins></p>
-			</blockquote>
+				due to the [[cssom#serializing-css-values|shortest, most backwards-compatible serialization principle]].</ins>			</blockquote>
 		<li id="change-blockification-computed">
 			Clarified that [=blockification=] and [=inlinification=] are [=computed value=] changes.
 			(<a href="https://github.com/w3c/csswg-drafts/issues/6251">Issue 6251</a>)
@@ -2151,4 +2147,63 @@ This specification introduces no new privacy considerations.
 <h3 id="sec" class="no-num">
 Security Considerations</h2>
 
-This specification introduces no new security considerations.
+This specification introduces no new security considerations.
+
+<h3 class="no-num" id="security-privacy-self-review">
+Self-Review Questionaire</h3>
+
+Per the <a href="https://www.w3.org/TR/security-privacy-questionnaire/#questions">
+Self-Review Questionnaire: Security and Privacy: Questions to Consider</a>
+
+<ol>
+	<li>Does this specification deal with personally-identifiable information?
+	<p>No.
+
+	<li>Does this specification deal with high-value data?
+	<p>No.
+
+	<li>Does this specification introduce new state for an origin that persists across browsing sessions?
+	<p>No.
+
+	<li>Does this specification expose persistent, cross-origin state to the web?
+	<p>No.
+
+	<li>Does this specification expose any other data to an origin that it doesn’t currently have access to?
+	<p>No.
+
+	<li>Does this specification enable new script execution/loading mechanisms?
+	<p>No.
+
+	<li>Does this specification allow an origin access to a user’s location?
+	<p>No.
+
+	<li>Does this specification allow an origin access to sensors on a user’s device?
+	<p>No.
+
+	<li>Does this specification allow an origin access to aspects of a user’s local computing environment?
+	<p>No.
+
+	<li>Does this specification allow an origin access to other devices?
+	<p>No.
+
+	<li>Does this specification allow an origin some measure of control over a user agent’s native UI?
+	<p>No.
+
+	<li>Does this specification expose temporary identifiers to the web?
+	<p>No.
+
+	<li>Does this specification distinguish between behavior in first-party and third-party contexts?
+	<p>No.
+
+	<li>How should this specification work in the context of a user agent’s "incognito" mode?
+	<p>No differently.
+
+	<li>Does this specification persist data to a user’s local device?
+	<p>No.
+
+	<li>Does this specification have a "Security Considerations" and "Privacy Considerations" section?
+	<p>Yes.
+
+	<li>Does this specification allow downgrading default security characteristics?
+	<p>No.
+</ol>
