@@ -717,3 +717,87 @@ it for transitions, so this feature was removed.
717717
718718The design space for triggering animations is still open. We welcome input
719719on this subject.
720+
721+ <h2 id="appendix-a-considerations-for-security-and-privacy">Appendix A. Considerations for Security and Privacy</h2>
722+
723+ This appendix is <em> informative</em> .
724+
725+ There are no known security or privacy impacts of this feature.
726+
727+ The W3C TAG is developing a
728+ <a href="https://www.w3.org/TR/security-privacy-questionnaire/">Self-Review Questionnaire: Security and Privacy</a>
729+ for editors of specifications to informatively answer.
730+
731+ Per the <a href="https://www.w3.org/TR/security-privacy-questionnaire/#questions">Questions to Consider</a>
732+
733+ <ol>
734+ <li> Does this specification deal with personally-identifiable information?
735+ <p> No.</p>
736+ </li>
737+
738+ <li> Does this specification deal with high-value data?
739+ <p> No.</p>
740+ </li>
741+
742+ <li> Does this specification introduce new state for an origin that persists across browsing sessions?
743+ <p> No.</p>
744+ </li>
745+
746+ <li> Does this specification expose persistent, cross-origin state to the web?
747+ <p> No.</p>
748+ </li>
749+
750+ <li> Does this specification expose any other data to an origin that it doesn’t currently have access to?
751+ <p> No.</p>
752+ </li>
753+
754+ <li> Does this specification enable new script execution/loading mechanisms?
755+ <p> No.</p>
756+ </li>
757+
758+ <li> Does this specification allow an origin access to a user’s location?
759+ <p> No.</p>
760+ </li>
761+
762+ <li> Does this specification allow an origin access to sensors on a user’s device?
763+ <p> No.</p>
764+ </li>
765+
766+ <li> Does this specification allow an origin access to aspects of a user’s local computing environment?
767+ <p> No.</p>
768+ </li>
769+
770+ <li> Does this specification allow an origin access to other devices?
771+ <p> No.</p>
772+ </li>
773+
774+ <li> Does this specification allow an origin some measure of control over a user agent’s native UI?
775+ <p> No.</p>
776+ </li>
777+
778+ <li> Does this specification expose temporary identifiers to the web?
779+ <p> No.</p>
780+ </li>
781+
782+ <li> Does this specification distinguish between behavior in first-party and third-party contexts?
783+ <p> No.</p>
784+ </li>
785+
786+ <li> How should this specification work in the context of a user agent’s "incognito" mode?
787+ <p> No differently. The website should not be able to determine that the user is
788+ in an "incognito" mode using scroll-linked animations.</p>
789+ </li>
790+
791+ <li> Does this specification persist data to a user’s local device?
792+ <p> No.</p>
793+ </li>
794+
795+ <li> Does this specification have a "Security Considerations" and "Privacy Considerations" section?
796+ <p> Yes.</p>
797+ </li>
798+
799+ <li> Does this specification allow downgrading default security characteristics?
800+ <p> No.</p>
801+ </li>
802+ </ol>
803+
0 commit comments