You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: css-contain/Overview.bs
+62Lines changed: 62 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -328,6 +328,68 @@ Privacy and Security Considerations {#privsec}
328
328
329
329
This specification introduces no new privacy or security considerations.
330
330
331
+
Like any other CSS specification, it affects the rendering of the document,
332
+
but does not introduce any special ability to present content in a misleading way
333
+
that was not previously available through other CSS modules
334
+
and that isn't inherent to the act of formatting the document.
335
+
336
+
The <a href="http://www.w3.org/2001/tag/">TAG</a> has developed a <a href="https://www.w3.org/TR/security-privacy-questionnaire/">self-review questionaire</a>
337
+
to help editors and Working Groups evaluate the risks introduced by their specifications.
338
+
Answers are provided below.
339
+
340
+
<dl>
341
+
<dt>Does this specification deal with personally-identifiable information?
342
+
<dd>No.
343
+
344
+
<dt>Does this specification deal with high-value data?
345
+
<dd>No.
346
+
347
+
<dt>Does this specification introduce new state for an origin that persists across browsing sessions?
348
+
<dd>No.
349
+
350
+
<dt>Does this specification expose persistent, cross-origin state to the web?
351
+
<dd>No.
352
+
353
+
<dt>Does this specification expose any other data to an origin that it doesn’t currently have access to?
354
+
<dd>No.
355
+
356
+
<dt>Does this specification enable new script execution/loading mechanisms?
357
+
<dd>No.
358
+
359
+
<dt>Does this specification allow an origin access to a user’s location?
360
+
<dd>No.
361
+
362
+
<dt>Does this specification allow an origin access to sensors on a user’s device?
363
+
<dd>No.
364
+
365
+
<dt>Does this specification allow an origin access to aspects of a user’s local computing environment?
366
+
<dd>No.
367
+
368
+
<dt>Does this specification allow an origin access to other devices?
369
+
<dd>No.
370
+
371
+
<dt>Does this specification allow an origin some measure of control over a user agent’s native UI?
372
+
<dd>No.
373
+
374
+
<dt>Does this specification expose temporary identifiers to the web?
375
+
<dd>No.
376
+
377
+
<dt>Does this specification distinguish between behavior in first-party and third-party contexts?
378
+
<dd>No.
379
+
380
+
<dt>How should this specification work in the context of a user agent’s "incognito" mode?
381
+
<dd>No difference in behavior is needed.
382
+
383
+
<dt>Does this specification persist data to a user’s local device?
384
+
<dd>No.
385
+
386
+
<dt>Does this specification have a "Security Considerations" and "Privacy Considerations" section?
387
+
<dd>Yes, this is the section you are currently reading.
388
+
389
+
<dt>Does this specification allow downgrading default security characteristics?
390
+
<dd>No.
391
+
</dl>
392
+
331
393
<h2 class="no-num" id="changes">Appendix A. Changes</h2>
0 commit comments