[Bug 29533] New: Add 'Security Considerations' and 'Privacy Considerations' sections from bugzilla@jessica.w3.org on 2016-03-15 (public-css-bugzilla@w3.org from March 2016)

From: <bugzilla@jessica.w3.org>
Date: Tue, 15 Mar 2016 16:05:25 +0000
To: public-css-bugzilla@w3.org
Message-ID: <bug-29533-5148@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=29533

            Bug ID: 29533
           Summary: Add 'Security Considerations' and 'Privacy
                    Considerations' sections
           Product: CSS
           Version: unspecified
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: CSSOM View
          Assignee: simonp@opera.com
          Reporter: simonp@opera.com
        QA Contact: public-css-bugzilla@w3.org
  Target Milestone: ---

https://drafts.csswg.org/cssom-view/

Security:

* Scrolling APIs might be used in e.g. for clickjacking.
* Moving and resizing windows might be used e.g. to emulate a native platform
dialog.
* The "supported open() feature name" is more limited in the spec than it is in
implementations; wider support to hide various parts of the UI might be used
e.g. to emulate a native platform dialog.
* Failure to implement same-origin restrictions for scrolling APIs ...
* Failure to implement #allowed-to-resize-and-move restrictions for moving and
resizing windows ...
* ...?

Privacy:

* Fingerprinting.
* Exposure to JS when the user's environment changes via e.g. MediaQueryList
(c.f. 'orientation', 'light-level', etc.)
* ...?

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Tuesday, 15 March 2016 16:05:33 UTC