[Bug 29533] Add 'Security Considerations' and 'Privacy Considerations' sections from bugzilla@jessica.w3.org on 2016-03-15 (public-css-bugzilla@w3.org from March 2016)

From: <bugzilla@jessica.w3.org>
Date: Tue, 15 Mar 2016 16:18:57 +0000
To: public-css-bugzilla@w3.org
Message-ID: <bug-29533-5148-145Jr8bQ2b@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=29533

Anne <annevk@annevk.nl> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |annevk@annevk.nl

--- Comment #1 from Anne <annevk@annevk.nl> ---
One thing you want to mention here is that APIs that allow observing things of
stylesheets, e.g., subresource loading (service workers, resource timing), need
to be aware that if a stylesheet itself was not loaded using "cors" and is
cross-origin, leaking data of those subresources is a same-origin policy
violation.

That's really a generic issue for CSS, but it seems CSSOM is the grab bag for
actually defining the model as to how CSS works.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Tuesday, 15 March 2016 16:18:59 UTC