Re: [csswg-drafts] [css-contain] Security/Privacy considerations of css-contain misuse? from Alan Stearns via GitHub on 2017-05-15 (public-css-archive@w3.org from May 2017)

From: Alan Stearns via GitHub <sysbot+gh@w3.org>
Date: Mon, 15 May 2017 18:56:22 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-301570406-1494874581-sysbot+gh@w3.org>

I don't think it would be useful to have a boilerplate "CSS can be misused" mention. The security section should either have the boilerplate "no new things here" or call out new specifics.

I think there might be some new things in css-contain with regards to security. Style containment gives people a new way to alter displayed counters. Size containment is a new way of creating overflow. Paint is a new way of clipping. Are any of these capabilities security concerns? 

Perhaps we should have a list of CSS capabilities that do raise security concerns, and note when a draft creates a new way of invoking a capability.

-- 
GitHub Notification of comment by astearns
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/1376#issuecomment-301570406 using your GitHub account

Received on Monday, 15 May 2017 18:56:28 UTC