Two-phase VT: Add Security & Privacy Questionnaire section

noamr · web-flow · commit 6d6b4154cdfc · 2025-12-09T10:56:54.000Z
diff --git a/css-view-transitions-2/two-phase-transition-explainer.md b/css-view-transitions-2/two-phase-transition-explainer.md
@@ -94,3 +94,110 @@ The likely use case to let an animation continue till the end, so we can perhaps
 }
 ```
 
+## Security & Privacy Questionnaire
+
+01.  What information does this feature expose,
+     and for what purposes?
+
+It may expose some information about timing of a navigation, including whether a prerendered page is ready.
+It is limited to same-origin navigations.
+     
+2.  Do features in your specification expose the minimum amount of information
+     necessary to implement the intended functionality?
+
+Yes
+
+3.  Do the features in your specification expose personal information,
+     personally-identifiable information (PII), or information derived from
+     either?
+
+No
+    
+4.  How do the features in your specification deal with sensitive information?
+
+N/A
+
+5.  Does data exposed by your specification carry related but distinct
+     information that may not be obvious to users?
+
+No
+
+6.  Do the features in your specification introduce state
+     that persists across browsing sessions?
+
+No
+    
+7.  Do the features in your specification expose information about the
+     underlying platform to origins?
+
+No.
+    
+8.  Does this specification allow an origin to send data to the underlying platform?
+
+No
+
+9.  Do features in this specification enable access to device sensors?
+
+No
+
+10.  Do features in this specification enable new script execution/loading
+     mechanisms?
+No
+     
+11.  Do features in this specification allow an origin to access other devices?
+
+No
+
+12.  Do features in this specification allow an origin some measure of control over
+     a user agent's native UI?
+
+Possibly as it changes the timing of a cross-document navigation. However this is
+already possible in various other ways, such as intercepting navigations or delaying
+them with a service worker.
+
+13.  What temporary identifiers do the features in this specification create or
+     expose to the web?
+
+None
+
+14.  How does this specification distinguish between behavior in first-party and
+     third-party contexts?
+
+It is only available for same-origin navigations.
+     
+15.  How do the features in this specification work in the context of a browser’s
+     Private Browsing or Incognito mode?
+
+N/A
+     
+16.  Does this specification have both "Security Considerations" and "Privacy
+     Considerations" sections?
+
+Yes
+     
+17.  Do features in your specification enable origins to downgrade default
+     security protections?
+
+No
+     
+18.  What happens when a document that uses your feature is kept alive in BFCache
+     (instead of getting destroyed) after navigation, and potentially gets reused
+     on future navigations back to the document?
+
+This is handled specifically with the `addRestoreCallback` method.
+     
+19.  What happens when a document that uses your feature gets disconnected?
+
+The navigation gets aborted anyway.
+
+20.  Does your spec define when and how new kinds of errors should be raised?
+
+Absolutely. It's a big part of the spec.
+
+21.  Does your feature allow sites to learn about the user's use of assistive technology?
+
+No
+
+22.  What should this questionnaire have asked?
+
+Nothing in particular.
