|
| 1 | +## Summary |
| 2 | + |
| 3 | +Scroll Boundary Behavior introduces a new method to control over the behavior of a scroll container |
| 4 | +element when its scrollport reaches the boundary of its scroll box. It allows the content author to |
| 5 | +specify that a scroll container element must prevent scroll chaining and/or overscroll affordances. |
| 6 | + |
| 7 | +To our knowledge it poses no known security or privacy risks. |
| 8 | + |
| 9 | +## Questionnaire |
| 10 | + |
| 11 | +Source: https://www.w3.org/TR/security-privacy-questionnaire/ |
| 12 | + |
| 13 | + |
| 14 | +|Question | Answer| |
| 15 | +|---------|-------| |
| 16 | +|3.1 Does this specification deal with personally-identifiable information?| NO | |
| 17 | +|3.2 Does this specification deal with high-value data?| NO | |
| 18 | +|3.3 Does this specification introduce new state for an origin that persists across browsing sessions?| NO | |
| 19 | +|3.4 Does this specification expose persistent, cross-origin state to the web?| NO | |
| 20 | +|3.5 Does this specification expose any other data to an origin that it doesn’t currently have access to?| NO | |
| 21 | +|3.6 Does this specification enable new script execution/loading mechanisms?| NO | |
| 22 | +|3.7 Does this specification allow an origin access to a user’s location?| NO | |
| 23 | +|3.8 Does this specification allow an origin access to sensors on a user’s device?| NO | |
| 24 | +|3.9 Does this specification allow an origin access to aspects of a user’s local computing environment?| NO | |
| 25 | +|3.10 Does this specification allow an origin access to other devices?| NO | |
| 26 | +|3.11 Does this specification allow an origin some measure of control over a user agent’s native UI?| YES| |
| 27 | +|3.12 Does this specification expose temporary identifiers to the web?| NO | |
| 28 | +|3.13 Does this specification distinguish between behavior in first-party and third-party contexts?| NO | |
| 29 | +|3.14 How should this specification work in the context of a user agent’s "incognito" mode?| SAME| |
| 30 | +|3.15 Does this specification persist data to a user’s local device?| NO | |
| 31 | +|3.16 Does this specification have a "Security Considerations" and "Privacy Considerations" section?| NO | |
| 32 | +|3.17 Does this specification allow downgrading default security characteristics?| NO | |
| 33 | + |
| 34 | +## Additional Clarifications |
| 35 | + |
| 36 | +3.11 Does this specification allow an origin some measure of control over a user agent’s native UI? |
| 37 | + |
| 38 | +Yes. The feature may be used to prevent overscroll affordances and overscroll navigations (pull-to-refresh, swipe navigations). |
| 39 | +However this power is not new and may be achieve by prevent defaulting the event that causes the scroll to begin with. |
| 40 | + |
0 commit comments