-
Notifications
You must be signed in to change notification settings - Fork 48
Open
Description
Self-Review Questionnaire: Security and Privacy
The full questionnaire is at https://w3c.github.io/security-questionnaire/.
For your convenience, a copy of the questionnaire's questions is included here in Markdown, so you can easily include your answers in an explainer.
- What information does this feature expose,
and for what purposes? - Do features in your specification expose the minimum amount of information
necessary to implement the intended functionality? - Do the features in your specification expose personal information,
personally-identifiable information (PII), or information derived from
either? - How do the features in your specification deal with sensitive information?
- Does data exposed by your specification carry related but distinct
information that may not be obvious to users? - Do the features in your specification introduce state
that persists across browsing sessions? - Do the features in your specification expose information about the
underlying platform to origins? - Does this specification allow an origin to send data to the underlying
platform? - Do features in this specification enable access to device sensors?
- Do features in this specification enable new script execution/loading
mechanisms? - Do features in this specification allow an origin to access other devices?
- Do features in this specification allow an origin some measure of control over
a user agent's native UI? - What temporary identifiers do the features in this specification create or
expose to the web? - How does this specification distinguish between behavior in first-party and
third-party contexts? - How do the features in this specification work in the context of a browser’s
Private Browsing or Incognito mode? - Does this specification have both "Security Considerations" and "Privacy
Considerations" sections? - Do features in your specification enable origins to downgrade default
security protections? - What happens when a document that uses your feature is kept alive in BFCache
(instead of getting destroyed) after navigation, and potentially gets reused
on future navigations back to the document? - What happens when a document that uses your feature gets disconnected?
- Does your spec define when and how new kinds of errors should be raised?
- Does your feature allow sites to learn about the user's use of assistive technology?
- What should this questionnaire have asked?
Metadata
Metadata
Assignees
Labels
No labels