[mediaqueries-5][editorial] Separate Security and Privacy sections

svgeesus · svgeesus · commit e59fec81afdd · 2024-11-15T16:04:43.000-05:00
diff --git a/mediaqueries-5/Overview.bs b/mediaqueries-5/Overview.bs
@@ -3683,23 +3683,14 @@ device-aspect-ratio</h3>
 		</pre>
 	</div>
 
-<h2 id=priv-sec class=no-num>
-Appendix B: Privacy and Security Considerations</h2>
+<h2 id=privacy class=no-num>
+Appendix B: Privacy Considerations</h2>
 
 	<em>This section is not normative.</em>
 
 <div class="non-normative">
 
-	Issue: this section is incomplete
-
-	The 'display-mode' media feature allows an origin
-	access to aspects of a user’s local computing environment and,
-	particularly when used together with an [=application manifest=] [=manifest/display=] member [[APPMANIFEST]],
-	allows an origin some measure of control over a user agent’s native UI.
-	Through a CSS media query, a script can know the display mode of a web application.
-	An attacker could, in such a case,
-	exploit the fact that an application is being displayed in fullscreen
-	to mimic the user interface of another application.
+	Issue: this section is <a href="https://github.com/w3c/csswg-drafts/issues?q=is%3Aopen+is%3Aissue+label%3Amediaqueries-5+label%3Aprivacy-tracker">incomplete</a> 
 
 	The 'prefers-reduced-data' media feature
 	may be an undesired source of fingerprinting,
@@ -3715,6 +3706,26 @@ Appendix B: Privacy and Security Considerations</h2>
 
 </div>
 
+<h2 id=security class=no-num>
+	Appendix C: Security Considerations</h2>
+	
+		<em>This section is not normative.</em>
+	
+	<div class="non-normative">
+
+	Issue: this section is <a href="https://github.com/w3c/csswg-drafts/issues?q=is%3Aopen+is%3Aissue+label%3Amediaqueries-5+label%3Asecurity-tracker+">incomplete</a>
+
+	The 'display-mode' media feature allows an origin
+	access to aspects of a user’s local computing environment and,
+	particularly when used together with an [=application manifest=] [=manifest/display=] member [[APPMANIFEST]],
+	allows an origin some measure of control over a user agent’s native UI.
+	Through a CSS media query, a script can know the display mode of a web application.
+	An attacker could, in such a case,
+	exploit the fact that an application is being displayed in fullscreen
+	to mimic the user interface of another application.
+
+	</div>
+
 <h2 id="changes" class="no-num">
 Changes</h2>
 
