Update spec to allow for the query algorithm to return "prompt" instead of "denied"

aselya · web-flow · commit df576394c371 · 2025-01-27T14:07:43.000-05:00
Allowing the query algorithm to return `prompt` or`denied` helps protect the user from exposing their available features and helps prevent retaliation against the user from developers.
diff --git a/index.html b/index.html
@@ -800,7 +800,14 @@ <h3 id="reading-current-states">
                 [=associated `Document`=].
                 </li>
                 <li>If <var>document</var> is not <a>allowed to use</a> |feature|, return
-                {{PermissionState/"denied"}}.
+                {{PermissionState/"denied"}} or {{PermissionState/"prompt"}}.
+
+                <p class="note">
+                  The {{PermissionState/"prompt"}} may be returned instead of
+                  {{PermissionState/"denied"}} to avoid exposing if the |feature| is
+                  <a>allowed to use</a> to developers. This is done to prevent retaliation against
+                  the user and repeated prompting to the detriment of the user experience.
+              </p>
                 </li>
               </ol>
             </li>
