- From: fantasai <fantasai.lists@inkedblade.net>
- Date: Wed, 19 Oct 2022 15:43:41 -0400
- To: W3C style mailing list <www-style@w3.org>
> 2.1 What information does this feature expose, and for what purposes? * User's window size * Metrics of user's default font and any other font the page is able to load * In conjunction with other features, whether or not the user has access to certain URLs * In conjunction with other features, information about the resources at other URLs > 2.2 Do features in your specification expose the minimum amount of information necessary to implement the intended functionality? As far as we can tell. > 2.3 Do the features in your specification expose personal information, personally-identifiable information (PII), or information derived from either? No > 2.4 How do the features in your specification deal with sensitive information? N/A > 2.5 Do the features in your specification introduce state that persists across browsing sessions? No > 2.6 Do the features in your specification expose information about the underlying platform to origins? Yes, via window size and font metrics. > 2.7 Does this specification allow an origin to send data to the underlying platform? Not by itself, no. > 2.8 Do features in this specification enable access to device sensors? No > 2.9 Do features in this specification enable new script execution/loading mechanisms? No > 2.10 Do features in this specification allow an origin to access other devices? No > 2.11 Do features in this specification allow an origin some measure of control over a user agent’s native UI? No > 2.12 What temporary identifiers do the features in this specification create or expose to the web? None > 2.13 How does this specification distinguish between behavior in first-party and third-party contexts? No differences except (potentially, depending on the feature in which it's used) in how url()s are loaded, see https://www.w3.org/TR/css-values-4/#url-processing > 2.14 How do the features in this specification work in the context of a browser’s Private Browsing or Incognito mode? Same as usual > 2.15 Does this specification have both "Security Considerations" and "Privacy Considerations" sections? Yes, with a lot of duplicated text. :( > 2.16 Do features in your specification enable origins to downgrade default security protections? No > 2.17 How does your feature handle non-"fully active" documents? No special handling > 2.18 What should this questionnaire have asked? It might ask itself whether its copy on w3.org/TR is up to date. ;) ~fantasai
Received on Wednesday, 19 October 2022 19:44:07 UTC