Add security/privacy considerations to View Transitions

khushalsagar · web-flow · commit bdbef68f71c2 · 2022-10-28T18:00:20.000-04:00
Also fix a typo in indentation.
diff --git a/css-view-transitions-1/Overview.bs b/css-view-transitions-1/Overview.bs
@@ -851,7 +851,7 @@ The {{ViewTransition/domUpdated}} [=getter steps=] are to return [=this's=] [=Vi
     1. Set |document|'s [=document/active DOM transition=] to null.
 
     1. If |transition|'s [=ViewTransition/ready promise=] has not yet been resolved, [=reject=] it with |reason|.
-       Note: The ready promise would've been resolved if skipTransition() is called after we start animating.
+          Note: The ready promise would've been resolved if skipTransition() is called after we start animating.
 
     1. [=Reject=] |transition|'s [=ViewTransition/finished promise=] with |reason|.
 </div>
@@ -1132,3 +1132,12 @@ The {{ViewTransition/domUpdated}} [=getter steps=] are to return [=this's=] [=Vi
         * If |callbackPromise| was rejected with reason |r|, then [=reject=] |transition|'s [=ViewTransition/DOM updated promise=] with |r|.
 
 </div>
+
+<h2 id="priv-sec">
+Privacy and Security Considerations</h2>
+
+The images generated using [=capture the image=] algorithm could contain cross-origin data if the Document is embedding cross-origin resources. The
+implementations must sure this data can not be accessed by the Document. This should be feasible since access to this data should already be prevented
+in the default rendering of the Document.
+
+This feature introduces no privacy considerations.
