Skip to content

Instantly share code, notes, and snippets.

@yoavweiss

yoavweiss/noopener_allow_popups_s&p_questions.md

Created June 5, 2024 08:55
Show Gist options
  • Save yoavweiss/3cb7283f56717f6dfe6da05009a27a65 to your computer and use it in GitHub Desktop.
Save yoavweiss/3cb7283f56717f6dfe6da05009a27a65 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
noopener_allow_popups_s&p_questions.md

Self-Review Questionnaire: Security and Privacy

This questionnaire has moved.

  1. What information does this feature expose, and for what purposes?

No Information is exposed.

  1. Do features in your specification expose the minimum amount of information necessary to implement the intended functionality?

Yes, zero information.

  1. Do the features in your specification expose personal information, personally-identifiable information (PII), or information derived from either?

No.

  1. How do the features in your specification deal with sensitive information?

They don't.

  1. Do the features in your specification introduce state that persists across browsing sessions?

No.

  1. Do the features in your specification expose information about the underlying platform to origins?

No.

  1. Does this specification allow an origin to send data to the underlying platform?

No.

  1. Do features in this specification enable access to device sensors?

No.

  1. Do features in this specification enable new script execution/loading mechanisms?

No.

  1. Do features in this specification allow an origin to access other devices?

No.

  1. Do features in this specification allow an origin some measure of control over a user agent's native UI?

No.

  1. What temporary identifiers do the features in this specification create or expose to the web?

None.

  1. How does this specification distinguish between behavior in first-party and third-party contexts?

It doesn't.

  1. How do the features in this specification work in the context of a browser’s Private Browsing or Incognito mode?

Similar to non-private mode.

  1. Does this specification have both "Security Considerations" and "Privacy Considerations" sections?

No. The specification is a pull request on the HTML spec.

  1. Do features in your specification enable origins to downgrade default security protections?

No.

  1. What happens when a document that uses your feature is kept alive in BFCache (instead of getting destroyed) after navigation, and potentially gets reused on future navigations back to the document?

Nothing much. The feature severs the opener relationship of the document, and that relationship will continue to be severed after a BFCache restore.

  1. What happens when a document that uses your feature gets disconnected?

Nothing much.

  1. What should this questionnaire have asked?

How was your weekend?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment