You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: security-privacy.md
+18-5Lines changed: 18 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -6,6 +6,8 @@ Questions from https://www.w3.org/TR/security-privacy-questionnaire/
6
6
7
7
Just like the existing UI key events, EditContext exposes text that has been typed by the user. This data helps text input services to perform operations such as suggestions, IME compositions, VK shape-writing etc.
8
8
9
+
This is the same data that is exposed when an origin has a `contenteditable=""` DOM element or another type of editable field.
10
+
9
11
## 2.2. Is this specification exposing the minimum amount of information necessary to power the feature?
10
12
11
13
Yes.
@@ -26,15 +28,17 @@ No.
26
28
27
29
EditContext does not expose any data related to the underlying platform.
28
30
29
-
## 2.7. Does this specification allow an origin access to sensors on a user’s device
31
+
## 2.7. Does this specification allow an origin to send data to the underlying platform?
30
32
31
-
No.
33
+
EditContext allows pages to provide coordinates at which text input related UI should be displayed.
34
+
This offers a similar level of control compared to what the author can do by positioning an input element in the page.
35
+
No new data is exposed, only new APIs to communicate the coordinates in a more direct way.
32
36
33
-
## 2.8. What data does this specification expose to an origin? Please also document what data is identical to data exposed by other features, in the same or different contexts.
37
+
## 2.8. Does this specification allow an origin access to sensors on a user’s device?
34
38
35
-
EditContext exposes text that has been typed by the user. This data is not exposed to another origin nor does it allow to access data from other origins.
39
+
No.
36
40
37
-
## 2.9. Does this specification enable new script execution/loading mechanisms?
41
+
## 2.9. Do features in this specification enable new script execution/loading mechanisms?
38
42
39
43
No.
40
44
@@ -66,6 +70,15 @@ No. A security or privacy section doesn't currently seem warranted given the ans
66
70
67
71
No.
68
72
73
+
## 2.17. How does your feature handle non-"fully active" documents?
74
+
75
+
EditContext cannot receive input in non-"fully active" documents. No explicit state change
76
+
is needed for EditContext when a document becomes not "fully active".
77
+
78
+
## 2.18. What should this questionnaire have asked?
0 commit comments