2.1. What information might this feature expose to Web sites or other parties, and for what purposes is that exposure necessary?
Given a website A that has used pre-existing means (getDisplayMedia()``) to capture another tab B, and that therefore has access to all of B's pixels, this feature exposes to A`:
B's zoom-level (without a user prompt).- Potentially, additional pixels in
B, if the user granted permission through a prompt.
2.2. Do features in your specification expose the minimum amount of information necessary to enable their intended uses?
Yes.
2.3. How do the features in your specification deal with personal information, personally-identifiable information (PII), or information derived from them?
Not applicable.
Not applicable.
2.5. Do the features in your specification introduce new state for an origin that persists across browsing sessions?
No.
2.6. Do the features in your specification expose information about the underlying platform to origins?
The answer is probably "no", but it's worth mentioning that getSupportedZoomLevels() exposes the supported zoom-levels on the platform. User agents are encouraged to ensure the result is not dependent on the OS or the user's configuration of the user agent; that is, for a given browser version, the result should be the same for all users on any machine.
The answer is probably "no", but it's worth mentioning that setZoomLevel() allows applications to request that the user agent change zoom levels on specific tabs.
No.
No.
No.
2.11. Do features in this specification allow an origin some measure of control over a user agent’s native UI?
Yes, in a limited way - the zoom-level of captured tabs can be changed. Naturally, this is reflected in the user agent's native UX that informs the user of a tab's zoom-level.
2.13. How does this specification distinguish between behavior in first-party and third-party contexts?
This feature does not distinguish first-party and third-party contexts.
2.14. How do the features in this specification work in the context of a browser’s Private Browsing or Incognito mode?
Not applicable.
2.Does this specification have both "Security Considerations" and "Privacy Considerations" sections?
No, but that's because the specification has still not been written. However, the explainer has a combined "Security and Privacy Considerations" section.
No.
This feature only works for documents which use pre-existing mechanisms to initiate tab-capture. A non-"fully active" document will have this capture-session interrupted, thereby also terminating the use of this feature.
N/A