Re: [csswg-drafts] [css-cascade-3] Add Security & Privacy appendix from Chris Lilley via GitHub on 2018-08-08 (public-css-archive@w3.org from August 2018)

From: Chris Lilley via GitHub <sysbot+gh@w3.org>
Date: Wed, 08 Aug 2018 16:25:18 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-411467457-1533745518-sysbot+gh@w3.org>

In general the text there looks good to me; I haven't checked much for things which should be there but are not.

Although, _perhaps_ [Script Execution](https://www.w3.org/TR/security-privacy-questionnaire/#string-to-script) could apply, if a externally imported stylesheet causes some custom code or Houdini APIs to be called? Although I think CORS would apply to that script.

-- 
GitHub Notification of comment by svgeesus
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/620#issuecomment-411467457 using your GitHub account

Received on Wednesday, 8 August 2018 16:25:25 UTC