[css-fonts-4] split security & privacy as required by new wide review

svgeesus · svgeesus · commit a6befdc62e75 · 2021-10-23T20:34:02.000+03:00
diff --git a/css-fonts-4/Overview.bs b/css-fonts-4/Overview.bs
@@ -7040,8 +7040,14 @@ Appendix A: Mapping platform font properties to CSS properties</h2>
  ██████  ████████  ██████   ███████  ██     ██ ████    ██       ██
 -->
 
-<h2 id="priv-sec">
-Security and Privacy Considerations
+<h2 id="security">
+Security Considerations
+</h2>
+
+See items <a href="#sp209">9</a>, <a href="#sp216">16</a> and <a href="#sp217">17</a> in the self-review questionnaire below.
+
+<h2 id="privacy">
+Privacy Considerations
 </h2>
 
 Following <a href="https://www.w3.org/TR/security-privacy-questionnaire/#questions">Self-Review Questionnaire: Security and Privacy</a>,
@@ -7219,21 +7225,21 @@ and set the origin to the URL of the containing document.
 Thus, fonts will typically not be loaded cross-origin
 unless authors specifically takes steps to permit cross-origin loads.
 
-<h3 id="sps214">How does this specification work in the context of a user agent’s Private Browsing or "incognito" mode? </h3>
+<h3 id="sp214">How does this specification work in the context of a user agent’s Private Browsing or "incognito" mode? </h3>
 
 The specification makes no distinction.
 
 Some user agents may expose a more restricted set of Installed Fonts in these modes.
 
 <h3 id="sp215"> Does this specification have a "Security Considerations" and "Privacy Considerations" section?</h3>
 
-Yes, you are reading it.
+Yes.
 
-<h3 id="216"> Does this specification allow downgrading default security characteristics?</h3>
+<h3 id="sp216"> Does this specification allow downgrading default security characteristics?</h3>
 
 No.
 
-<h3 id="217">What should this questionnaire have asked? </h3>
+<h3 id="sp217">What should this questionnaire have asked? </h3>
 
 It should have asked whether a malicious payload could crash the application,
 or indeed the entire Operating System,
