[w3c/FileAPI] Self-Review Questionnaire for FileAPI: Security and Privacy (Issue #214) from Xiaoqian Wu on 2025-11-11 (public-webapps-github@w3.org from November 2025)

From: Xiaoqian Wu <notifications@github.com>
Date: Mon, 10 Nov 2025 17:48:12 -0800
To: w3c/FileAPI <FileAPI@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/FileAPI/issues/214@github.com>

siusin created an issue (w3c/FileAPI#214)

# [Self-Review Questionnaire: Security and Privacy](https://w3c.github.io/security-questionnaire/)

The full questionnaire is at https://w3c.github.io/security-questionnaire/.

For your convenience, a copy of the questionnaire's questions is included here in Markdown, so you can easily include your answers in an [explainer](https://w3ctag.github.io/explainer-explainer/).

---

01. What information does this feature expose,
and for what purposes?
02. Do features in your specification expose the minimum amount of information
necessary to implement the intended functionality?
03. Do the features in your specification expose personal information,
personally-identifiable information (PII), or information derived from
either?
04. How do the features in your specification deal with sensitive information?
05. Does data exposed by your specification carry related but distinct
information that may not be obvious to users?
06. Do the features in your specification introduce state
that persists across browsing sessions?
07. Do the features in your specification expose information about the
underlying platform to origins?
08. Does this specification allow an origin to send data to the underlying
platform?
09. Do features in this specification enable access to device sensors?
10. Do features in this specification enable new script execution/loading
mechanisms?
11. Do features in this specification allow an origin to access other devices?
12. Do features in this specification allow an origin some measure of control over
a user agent's native UI?
13. What temporary identifiers do the features in this specification create or
expose to the web?
14. How does this specification distinguish between behavior in first-party and
third-party contexts?
15. How do the features in this specification work in the context of a browser’s
Private Browsing or Incognito mode?
16. Does this specification have both "Security Considerations" and "Privacy
Considerations" sections?
17. Do features in your specification enable origins to downgrade default
security protections?
18. What happens when a document that uses your feature is kept alive in BFCache
(instead of getting destroyed) after navigation, and potentially gets reused
on future navigations back to the document?
19. What happens when a document that uses your feature gets disconnected?
20. Does your spec define when and how new kinds of errors should be raised?
21. Does your feature allow sites to learn about the user's use of assistive technology?
22. What should this questionnaire have asked?

--
Reply to this email directly or view it on GitHub:
https://github.com/w3c/FileAPI/issues/214
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/FileAPI/issues/214@github.com>

Received on Tuesday, 11 November 2025 01:48:15 UTC