You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
3.1 Does this specification deal with personally-identifiable information
No.
3.2. Does this specification deal with high-value data?
No.
3.3. Does this specification introduce new state for an origin that persists across browsing sessions?
No.
3.4. Does this specification expose persistent, cross-origin state to the web?
No.
3.5. Does this specification expose any other data to an origin that it doesn’t currently have access to?
No. SVG allows CORS, but only in a manner consistent with HTML.
3.6. Does this specification enable new script execution/loading mechanisms?
No. SVG allows script through common methods, but defines no new mechanisms.
3.7. Does this specification allow an origin access to a user’s location?
No.
3.8. Does this specification allow an origin access to sensors on a user’s device?
No.
3.9. Does this specification allow an origin access to aspects of a user’s local computing environment?
Yes:
Language preferences via the systemLanguage attribute
User agent feature support via requiredExtensions attribute
Video and audio codec support via 'video' and 'audio' elements
3.10. Does this specification allow an origin access to other devices?
No.
3.11. Does this specification allow an origin some measure of control over a user agent’s native UI?
No.
3.12. Does this specification expose temporary identifiers to the web?
No.
3.13. Does this specification distinguish between behavior in first-party and third-party contexts?
SVG restricts the capabilities of documents referenced as a resource compared to the same document accessed directly.
See https://svgwg.org/svg2-draft/conform.html#resource-document-mode.
3.14. How should this specification work in the context of a user agent’s "incognito" mode?
No difference between modes.
3.15. Does this specification persist data to a user’s local device?
No.
3.17. Does this specification allow downgrading default security characteristics?
SVG supports CORS features based on the definition of HTML and so can be affected by sand-boxing.
