What information does this feature expose,
and for what purposes?
This is a passive feature (markup) which only allows an origin to convey text to a user, as would other HTML Text-level elements.
No information about or from the user nor their environment is exposed to any party.
Do features in your specification expose the minimum amount of information
necessary to implement the intended functionality?
They do not expose any information to anyone, other than conveying text from an origin to a user, as would other HTML Text-level elements.
Do the features in your specification expose personal information,
personally-identifiable information (PII), or information derived from
either?
No.
How do the features in your specification deal with sensitive information?
This is a passive feature (markup) which only allows an origin to convey text to a user, as would other HTML Text-level elements. It is not exposed to sensitive information, and therefore do not need to do anything about it.
Do the features in your specification introduce state
that persists across browsing sessions?
No.
Do the features in your specification expose information about the
underlying platform to origins?
No.
Does this specification allow an origin to send data to the underlying
platform?
No.
Do features in this specification enable access to device sensors?
No.
Do features in this specification enable new script execution/loading
mechanisms?
No.
Do features in this specification allow an origin to access other devices?
No.
Do features in this specification allow an origin some measure of control over
a user agent's native UI?
No.
What temporary identifiers do the features in this specification create or
expose to the web?
None.
How does this specification distinguish between behavior in first-party and
third-party contexts?
No difference is made, and none seems appropriate or necessary.
How do the features in this specification work in the context of a browser’s
Private Browsing or Incognito mode?
No difference is made, and none seems appropriate or necessary.
Does this specification have both "Security Considerations" and "Privacy
Considerations" sections?
yes.
Do features in your specification enable origins to downgrade default
security protections?
No.
What happens when a document that uses your feature is kept alive in BFCache
(instead of getting destroyed) after navigation, and potentially gets reused
on future navigations back to the document?
Nothing special. This is just marked up text.
What happens when a document that uses your feature gets disconnected?
Nothing special. This is just marked up text.
What should this questionnaire have asked?
Nothing additional seems needed. This is not a security of privacy sensitive feature.
Responses to the Self-Review Questionnaire: Security and Privacy, filed against the 23 May 2024 Working Draft.
This is a passive feature (markup) which only allows an origin to convey text to a user, as would other HTML Text-level elements.
No information about or from the user nor their environment is exposed to any party.
They do not expose any information to anyone, other than conveying text from an origin to a user, as would other HTML Text-level elements.
No.
This is a passive feature (markup) which only allows an origin to convey text to a user, as would other HTML Text-level elements. It is not exposed to sensitive information, and therefore do not need to do anything about it.
No.
No.
No.
No.
No.
No.
No.
None.
No difference is made, and none seems appropriate or necessary.
No difference is made, and none seems appropriate or necessary.
yes.
No.
Nothing special. This is just marked up text.
Nothing special. This is just marked up text.
Nothing additional seems needed. This is not a security of privacy sensitive feature.