search

w3ctag / security-questionnaire

A security/privacy review questionnaire for W3C specs
https://w3ctag.github.io/security-questionnaire/
Creative Commons Zero v1.0 Universal
25 stars 34 forks source link

The current questionnaire is very browser-centric #116

Closed atanassov closed 4 months ago

atanassov commented 3 years ago

The examples, questions and overall content in the current version are mostly browser oriented. This makes the barrier for entry very high for anyone coming to it from the non-browser world.

Consider adding an entry level split that guides users to browser vs non-browser scenarios, features and/or users of the doc.

dauwhe commented 3 years ago

I'm just starting these questions for EPUB 3.3, and am facing exactly this problem. How do I reason about security when HTML content is being presented in a web view in an Android app, after I paid for the content with my credit card information?

hober commented 2 years ago

Hi all,

@pes10k, @plinss, and I talked about this today in our San Diego F2F. I wonder if we could do something similar to the HTML spec's web developer edition. That is, could have some kind of toggle at the top of the questionnaire like "does your spec/feature/whatever rely on the same-origin policy / the web's fundamental privacy and security model?" If no, we display: none a bunch of questions that are apparently irrelevant, and maybe display: block an additional question or two along the lines of "if you're thing isn't built on the web's privacy and security model, what is the privacy and security model it's built on?"

pes10k commented 4 months ago

this seems stale, though if folks are still interested please reopen or create a new issue