[css-env-1][editorial] bikeshed fixes

tabatkins · tabatkins · commit 44891c4b0e8a · 2025-03-18T14:44:43.000-07:00
diff --git a/css-env-1/Overview.bs b/css-env-1/Overview.bs
@@ -84,7 +84,7 @@ Note that mixing CSS rules and JS-defined stuff can easily get messy,
 as demonstrated by CSSFontFaceRule vs FontFace...
 
 The following UA-defined [=environment variables=] are officially defined and must be supported.
-Additional UA-defined [=environment variables=] *must not* be supported
+Additional UA-defined [=environment variables=] <em>must not</em> be supported
 unless/until they are added to this list.
 
 <index type=value for=env()></index>
@@ -279,8 +279,8 @@ It is only syntax-checked after ''env()'' functions have been [=substituted=].
 
 	1. If the name provided by the first argument of the ''env()'' function
 		is a recognized [=environment variable=] name, the number of supplied integers
-        matches the number of dimensions of the [=environment variable=] referenced
-        by that name, and values of the indices correspond to a known sub-value,
+		matches the number of dimensions of the [=environment variable=] referenced
+		by that name, and values of the indices correspond to a known sub-value,
 		replace the ''env()'' function by the value of the named [=environment variable=].
 
 	2. Otherwise, if the ''env()'' function has a fallback value as its second argument,
@@ -314,3 +314,27 @@ as the ''var()'' function does.
 When an ''env()'' is used in a [=shorthand property=],
 then,
 it has the same effects as defined in [[css-variables-1#variables-in-shorthands]].
+
+<h2 id=priv>
+Privacy Considerations</h2>
+
+The [=environment variables=] defined by this specification
+are <em>potentially</em> privacy-sensitive,
+since they represent additional information
+potentially not already avaialble to the page.
+In particular, they potentially represent a fingerprinting vector,
+by exposing additional information
+about the device a user is viewing the page with.
+
+So far, the [=environment variables=] defined by this specifcation
+have been reviewed and deemed acceptable to expose
+by the CSSWG.
+
+<h2 id=sec>
+Security Considerations</h2>
+
+This specification provides read-only access
+to some new types of information about the device.
+
+The [=environment variables=] defined by this specification
+do not expose any security-sensitive information.
