Skip to content

Commit 98010d7

Browse files
authored
Merge pull request #105 from WICG/progers-update-security-privacy
Update security-privacy-questionnaire.md
2 parents 9ee9d6c + c55c1dc commit 98010d7

1 file changed

Lines changed: 3 additions & 3 deletions

File tree

security-privacy-questionnaire.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
01. What information might this feature expose to Web sites or other parties,
22
and for what purposes is that exposure necessary?
33

4-
A design requirement is to not expose any new security information, and to limit the amount of new privacy information (see: [Privacy-preserving painting](https://github.com/WICG/html-in-canvas?tab=readme-ov-file#privacy-preserving-painting). Form control rendering is already exposed to javascript, but this new API will expose some additional information to enable interactivity, such as the caret blink rate.
4+
A design requirement is to not expose any new security information, and to limit the amount of new privacy information (see: [Privacy-preserving painting](https://github.com/WICG/html-in-canvas?tab=readme-ov-file#privacy-preserving-painting)). For the purpose of enabling interactivity, this API will reveal form control rendering, scrollbar rendering, text selection, find-in-page selection, and the caret blink rate (all without revealing OS theme colors).
55

66
02. Do features in your specification expose the minimum amount of information
77
necessary to enable their intended uses?
@@ -12,11 +12,11 @@
1212
personally-identifiable information (PII), or information derived from
1313
them?
1414

15-
Since the feature renders pixels from DOM elements into canvas, those pixels can now be accessed by script. This requires ensuring that no PII is present in those pixels, for example different styles for visited links, spell check etc. Disabling painting of this information also prevents revealing invalidation information via the `paint` event. See [privacy-preserving-painting](https://github.com/WICG/html-in-canvas/tree/main?tab=readme-ov-file#privacy-preserving-painting) for additional details.
15+
Since the feature renders pixels from DOM elements into canvas, those pixels can now be accessed by script, so it is important that no PII is present in those pixels. Cross-origin information, visited link information, spellcheck information, and autofill previews must not be painted. Disabling painting of this information also prevents revealing invalidation information via the `paint` event. See [privacy-preserving-painting](https://github.com/WICG/html-in-canvas/tree/main?tab=readme-ov-file#privacy-preserving-painting) for additional details.
1616

1717
04. How do the features in your specification deal with sensitive information?
1818

19-
See answer above, the feature ensures no new security information is revealed, and limits new privacy-sensitive information.
19+
See answer above, the feature ensures no new security information is revealed, and limits new privacy information.
2020

2121
05. Do the features in your specification introduce new state for an origin
2222
that persists across browsing sessions?

0 commit comments

Comments
 (0)