Skip to content

Commit

Permalink
Add security-privacy-questionnaire.md
Browse files Browse the repository at this point in the history
  • Loading branch information
michaelwasserman authored Apr 29, 2024
1 parent b37f6d5 commit a612947
Showing 1 changed file with 75 additions and 0 deletions.
75 changes: 75 additions & 0 deletions security-privacy-questionnaire.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
# Security and Privacy Questionnaire

This document answers the [W3C Security and Privacy Questionnaire](https://www.w3.org/TR/security-privacy-questionnaire/) for HTML Fullscreen Without A Gesture.

**2.1 What information might this feature expose to Web sites or other parties, and for what purposes is that exposure necessary?**

The User Agent's configuration for the origin can be inferred through attempted use (i.e. whether `requestFullscreen()` succeeds when `navigator.userActivation.isActive` is false). The same information may eventually be exposed more concretely through Permission API querying for feature detection and site UI or behavioral customization purposes.

**2.2 Do features in your specification expose the minimum amount of information necessary to enable their intended uses?**

Yes.

**2.3 How do the features in your specification deal with personal information, personally-identifiable information (PII), or information derived from them?**

N/A; the feature does not deal with PII.

**2.4 How do the features in your specification deal with sensitive information?**

N/A; the feature does not deal with sensitive information.

**2.5 Do the features in your specification introduce new state for an origin that persists across browsing sessions?**

Yes; User Agents can persist their configuration across browsing sessions.

**2.6 Do the features in your specification expose information about the underlying platform to origins?**

No; excepting whether the feature is supported (e.g. available on desktop but not yet on mobile).

**2.7 Does this specification allow an origin to send data to the underlying platform?**

No.

**2.8 Do features in this specification enable access to device sensors?**

No.

**2.9 Do features in this specification enable new script execution/loading mechanisms?**

No.

**2.10 Do features in this specification allow an origin to access other devices?**

No.

**2.11 Do features in this specification allow an origin some measure of control over a User Agent’s native UI?**

Entering fullscreen hides User Agent UI; this feature enables fullscreen state control in additional circumstances.

**2.12 What temporary identifiers do the features in this specification create or expose to the web?**

None.

**2.13 How does this specification distinguish between behavior in first-party and third-party contexts?**

The preexisting `fullscreen` Permissions-Policy governs access to the Fullscreen API by third-party contexts. As such, User Agent configurations regarding gesture requirements for first-party contexts can apply to third-party contexts. (i.e. third-party iframes may only enter fullscreen without a gesture if (a) the User Agent is configured to permit fullscreen without a gesture in the first-party context and (b) the third-party context is granted the `fullscreen` Permissions-Policy).

**2.14 How do the features in this specification work in the context of a browser’s Private Browsing or Incognito mode?**

User Agents can respect this configuration in Private Browsing or Incognito mode, as they would outside those contexts.

**2.15 Does this specification have both "Security Considerations" and "Privacy Considerations" sections?**

Yes.

**2.16 Do features in your specification enable origins to downgrade default security protections?**

The Fullscreen API hides protective User Agent user interface elements, and the specification defines mitigations that are widely deployed in implementations. User Agents should explain new configuration options and adapt existing overlay mitigations to suit usage (e.g. advertise fullscreen state and exit instructions with user interactions after feature usage).

**2.17 How does your feature handle non-"fully active" documents?**

Handling is specified by the Fullscreen API itself. `requestFullscreen()` requests from non-"fully active" documents are rejected, and user agents fully exit fullscreen during unloading document cleanup steps.

**2.18 What should this questionnaire have asked?**

The current set of questions is appropriate.

0 comments on commit a612947

Please sign in to comment.