- From: Chris Lilley via GitHub <sysbot+gh@w3.org>
- Date: Mon, 30 May 2022 17:49:41 +0000
- To: public-css-archive@w3.org
This contains the answers to questions posed in [Self-Review Questionnaire: Security and Privacy](https://www.w3.org/TR/security-privacy-questionnaire/) as they relate to the current draft of [CSS Color 5](https://www.w3.org/TR/2022/WD-css-color-5-20220428/) which is used to set and modify the colors of various items on a Web page.. **What information might this feature expose to Web sites or other parties, and for what purposes is that exposure necessary?** None **Is this specification exposing the minimum amount of information necessary to power the feature?** Yes, we believe so. **How does this specification deal with personal information or personally-identifiable information or information derived thereof?** No personally-identifiable information. **How does this specification deal with sensitive information?** This specification does not deal with financial data, credentials, health information, location, or credentials. **Does this specification introduce new state for an origin that persists across browsing sessions?** No. **What information from the underlying platform, e.g. configuration data, is exposed by this specification to an origin?** None **Does this specification allow an origin access to sensors on a user’s device** No. **What data does this specification expose to an origin? Please also document what data is identical to data exposed by other features, in the same or different contexts.** None. **Does this specification enable new script execution/loading mechanisms?** No. It does allow linking to ICC profiles, but these are declarative and do not contain any scripting mechanism. **Does this specification allow an origin to access other devices?** No. **Does this specification allow an origin some measure of control over a user agent’s native UI?** No **What temporary identifiers might this this specification create or expose to the web?** None. **How does this specification distinguish between behavior in first-party and third-party contexts?** No difference. **How does this specification work in the context of a user agent’s Private Browsing or "incognito" mode?** No difference. **Does this specification have a "Security Considerations" and "Privacy Considerations" section?** Yes to both: [security](https://www.w3.org/TR/2022/WD-css-color-5-20220428/#security) [privacy](https://www.w3.org/TR/2022/WD-css-color-5-20220428/#privacy) **Does this specification allow downgrading default security characteristics?** No. **What should this questionnaire have asked?** nothing else springs to mind which would be relevant to this specification. -- GitHub Notification of comment by svgeesus Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/7297#issuecomment-1141379735 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 30 May 2022 17:49:42 UTC