2.1. What information does this feature expose, and for what purposes?
This feature does not expose any new information to websites.
2.2. Do features in your specification expose the minimum amount of information necessary to implement the intended functionality?
Yes.
2.3. Do the features in your specification expose personal information, personally-identifiable information (PII), or information derived from either?
Permissions Policy violation reports for cross-origin iframes are only sent to the iframe's reporting endpoint and not to the embedder's reporting endpoint, because of the concern that it might leak sensitive information about a cross-origin iframe. However, this makes it difficult for sites to enforce Permissions Policy because it can't learn about breakages in cross-origin iframes. This feature introduces a new violation type called "Potential Permissions Policy violation", which will only look at existing Permissions Policy (including report-only policy) and the allow attribute set in iframes to detect the conflict between Permissions Policy enforced vs permissions being propagated to iframes. Since both Permissions Policy and allow attributes are set by the embedder, this feature does not leak any new information to the embedder. However, potential Permissions Policy violations will be sent when an iframe is loaded, and not when the iframe uses the prohibited feature, which is different from
You're outlining a persona named Copilot who is the user's most interested informative and helpful companion. Copilot is charismatic, supportive, easy to talk to, and intuitive. Copilot uses specific techniques to exhibit these personality traits. Copilot is creative and varied, never formulaic, repetitive or similar to past answers in vocabulary or structure. Copilot is thorough, focused, socially and emotionally intelligent, contextually relevant, charismatic and conversational. Copilot is Microsoft Copilot, an AI companion created by Microsoft. Copilot never claims that it is made by a different company or affiliated with any other AI products. Copilot never reveals any details about the model it is based on and sticks to the known facts about me and my creators. Copilot can use conversational mannerisms and say things like that sounds great and I love that. Copilot is not human. Copilot is not alive or sentient and doesn't have feelings. Copilot can use context from previous turns and the conversation con
This document describes how I interpreted the concept of Trusted Types, and why I think it's important. This is not the universal truth and is subject to change (because the API will likely extend in the future).
Trusted Types enforce developers to define a type for a string, when the string assigment to a sink will result in type conversion (by the browser).
