- From: Florian Rivoal via GitHub <sysbot+gh@w3.org>
- Date: Fri, 02 Oct 2020 06:02:10 +0000
- To: public-css-archive@w3.org
frivoal has just created a new issue for https://github.com/w3c/csswg-drafts: == [css-text-3] Security review answers == This issue contains the answers to the [Self-Review Questionnaire: Security and Privacy](https://www.w3.org/TR/security-privacy-questionnaire/) for [CSS Text 3](https://drafts.csswg.org/css-text-3/) **2.1 What information might this feature expose to Web sites or other parties, and for what purposes is that exposure necessary?** In order to support correct typography, this specification relies on language-specific hyphenation dictionaries and line-breaking dictionaries. As these can vary across browser and browser version, they contribute to fingerprinting. They are nonetheless necessary to display various languages correctly. **2.2 Is this specification exposing the minimum amount of information necessary to power the feature?** Yes **2.3 How does this specification deal with personal information or personally-identifiable information or information derived thereof?** Not applicable **2.4 How does this specification deal with sensitive information?** Not applicable **2.5 Does this specification introduce new state for an origin that persists across browsing sessions?** No **2.6 What information from the underlying platform, e.g. configuration data, is exposed by this specification to an origin?** Same asnwer as 2.1. **2.7 Does this specification allow an origin access to sensors on a user’s device** No **2.8 What data does this specification expose to an origin? Please also document what data is identical to data exposed by other features, in the same or different contexts.** None **2.9 Does this specification enable new script execution/loading mechanisms?** No **2.10 Does this specification allow an origin to access other devices?** No **2.11 Does this specification allow an origin some measure of control over a user agent’s native UI?** No **2.12 What temporary identifiers might this this specification create or expose to the web?** None **2.13 How does this specification distinguish between behavior in first-party and third-party contexts?** Not applicable **2.14 How does this specification work in the context of a user agent’s Private Browsing or "incognito" mode?** No difference **2.15 Does this specification have a "Security Considerations" and "Privacy Considerations" section?** [Yes](https://drafts.csswg.org/css-text-3/#priv-sec) **2.16 Does this specification allow downgrading default security characteristics?** No **2.17 What should this questionnaire have asked?** Nothing springs to mind. Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5574 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 2 October 2020 06:02:13 UTC