W3C home > Mailing lists > Public > public-css-archive@w3.org > October 2020

Re: [csswg-drafts] [css-conditional-3] Security review answers (#5567)

From: arturjanc via GitHub <sysbot+gh@w3.org>
Date: Sun, 18 Oct 2020 09:05:17 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-711138652-1603011916-sysbot+gh@w3.org>
I took some time to read through the spec with an eye out for any additional security considerations, but overall these features seem low-risk from a security point of view. Specifically, there's no change to the threat model due to the addition of conditional group rules, and the information revealed directly via `@supports` is something that was easily observable to websites via side effects even without an explicit at-rule.

Looks good to me overall.

-- 
GitHub Notification of comment by arturjanc
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5567#issuecomment-711138652 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Sunday, 18 October 2020 09:05:19 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 06:42:20 UTC