Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RangeInnerText] Security/Privacy questionnaire/self-review #566

Closed
dlibby- opened this issue Mar 23, 2022 · 0 comments
Closed

[RangeInnerText] Security/Privacy questionnaire/self-review #566

dlibby- opened this issue Mar 23, 2022 · 0 comments
Assignees
@dlibby-
Labels
RangeInnerText

Comments

@dlibby-
Copy link
Contributor

dlibby- commented Mar 23, 2022

  1. What information does this feature expose, and for what purposes?
    It exposes the user-visible text for a Range to web developers, and allows them to adjust the Range based on code units. This removes the need for web developers to provide the same functionality with error-prone heuristics.

  2. Do features in your specification expose the minimum amount of information necessary to implement the intended functionality?
    Yes.

  3. Do the features in your specification expose personal information, personally-identifiable information (PII), or information derived from either?
    No.

  4. How do the features in your specification deal with sensitive information?
    The feature does not operate on sensitive information.

  5. Do the features in your specification introduce state that persists across browsing sessions?
    No state is persisted across sessions.

  6. Do the features in your specification expose information about the underlying platform to origins?
    No platform information is exposed.

  7. Does this specification allow an origin to send data to the underlying platform?
    No.

  8. Do features in this specification enable access to device sensors?
    No.

  9. Do features in this specification enable new script execution/loading mechanisms?
    No.

  10. Do features in this specification allow an origin to access other devices?
    No.

  11. Do features in this specification allow an origin some measure of control over a user agent’s native UI?
    No.

  12. What temporary identifiers do the features in this specification create or expose to the web?
    None.

  13. How does this specification distinguish between behavior in first-party and third-party contexts?
    It relies on existing origin isolation so that only first-party access is possible.

  14. How do the features in this specification work in the context of a browser’s Private Browsing or Incognito mode?
    No changes as the feature operates on live pages (same as other DOM APIs).

  15. Does this specification have both "Security Considerations" and "Privacy Considerations" sections?
    No specification yet, but there's a section in the explainer.

  16. Do features in your specification enable origins to downgrade default security protections?
    No.

  17. How does your feature handle non-"fully active" documents?
    This aspect works the same as existing DOM APIs.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dlibby- dlibby-

Labels
RangeInnerText
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dlibby-