- From: Xiaocheng Hu <notifications@github.com>
- Date: Thu, 27 Mar 2025 02:04:49 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/1031/2757255776@github.com>
xiaochengh left a comment (w3ctag/design-reviews#1031) Hi @andruud, the TAG discussed it but didn't reach consensus. Feedbacks: 1. Regarding privacy and security: 1. Thank you for responding to the security & privacy questionnaire. In response to the question about "do you have a security & privacy" section, you've said "not yet". We'd like to encourage you to write that, even if it is minimal. 2. We suggest thinking about any possible security & privacy implications - especially if the proposal could increase potential for CSS-based fingerprinting or CSS injection. 3. If the answer to these questions is "no", it's still worth documenting. 4. If the answer is "maybe," then please specify mitigations. 2. Regarding the explainer: 1. We prefer the explainer to be put next to the relevant spec (like [this one](https://github.com/w3c/csswg-drafts/blob/main/resize-observer-1/explainer.md)) instead of in a personal repo 2. The explainer could be made clearer. It currently includes both functions and mixins, which is confusing, and the mixins part seems incomplete (though it's out of the scope of this review) 3. An interesting question: have you considered naming it "Custom Macros"? Since the entire CSS custom variable mechanism is built on top of token substitution, which is how macros work. This is even more explicit with `@function` -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/1031#issuecomment-2757255776 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/1031/2757255776@github.com>
Received on Thursday, 27 March 2025 09:04:53 UTC