Re: [csswg-drafts] [css-conditional-3] Security review answers (#5567) from arturjanc via GitHub on 2020-10-18 (public-css-archive@w3.org from October 2020)

From: arturjanc via GitHub <sysbot+gh@w3.org>
Date: Sun, 18 Oct 2020 09:05:17 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-711138652-1603011916-sysbot+gh@w3.org>

I took some time to read through the spec with an eye out for any additional security considerations, but overall these features seem low-risk from a security point of view. Specifically, there's no change to the threat model due to the addition of conditional group rules, and the information revealed directly via `@supports` is something that was easily observable to websites via side effects even without an explicit at-rule.

Looks good to me overall.

-- 
GitHub Notification of comment by arturjanc
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5567#issuecomment-711138652 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Sunday, 18 October 2020 09:05:19 UTC