- From: Khushal Sagar via GitHub <sysbot+gh@w3.org>
- Date: Fri, 25 Nov 2022 12:46:50 +0000
- To: public-web-security@w3.org
khushalsagar has just labeled an issue for https://github.com/w3c/security-request as "REVIEW REQUESTED": == CSS View Transitions 2022-11-25 == - name of spec to be reviewed: CSS View Transitions - URL of spec: [[This must be a dated version in the TR namespace, not an editor's draft.]](https://www.w3.org/TR/css-view-transitions-1/) - Does your document have an in-line Security Considerations section, ideally one separate from the Privacy Considerations? If not, corrrect that before proceeding further: Yes - Do you need a reply by a particular date? No - Please point to the results of your own self-review (see https://w3ctag.github.io/security-questionnaire/): [self review](https://github.com/WICG/view-transitions/blob/main/security-privacy-questionnaire.md) - Where and how to file issues arising? https://github.com/w3c/csswg-drafts/issues tagged [css-view-transitions-1] - Pointer to any explainer for the spec? https://github.com/WICG/view-transitions/blob/main/explainer.md Other comments: This review is limited to transitions within the same Document. The feature involves generating snapshots of DOM sub-trees which can include cross-origin content or sensitive user information (like different rendering for visited links). The implementation must ensure that the pixel content of these snapshots is not accessible to script. See https://github.com/w3c/security-request/issues/43 -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 25 November 2022 12:46:52 UTC