Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2019-12-09 (public-webappsec@w3.org from December 2019)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 09 Dec 2019 17:00:20 +0000
To: public-webappsec@w3.org
Message-Id: <E1ieMOS-00046N-L1@uranus.w3.org>
Issues
------
* w3c/webappsec (+0/-0/💬1)
  1 issues received 1 new comments:
  - #520 Clarify CSP header recommendations for non-HTML pages (1 by Malvoz)
    https://github.com/w3c/webappsec/issues/520 

* w3c/webappsec-subresource-integrity (+0/-0/💬1)
  1 issues received 1 new comments:
  - #83 Relationship to Digest header (1 by LPardue)
    https://github.com/w3c/webappsec-subresource-integrity/issues/83 

* w3c/webappsec-mixed-content (+4/-0/💬7)
  4 issues created:
  - Level 2 story for <form> (by annevk)
    https://github.com/w3c/webappsec-mixed-content/issues/28 
  - WebSocket section needs updating (by annevk)
    https://github.com/w3c/webappsec-mixed-content/issues/27 
  - Mixed content in the Cache API (by annevk)
    https://github.com/w3c/webappsec-mixed-content/issues/26 
  - Move MIX2 to FPWD (by carlosjoan91)
    https://github.com/w3c/webappsec-mixed-content/issues/25 

  4 issues received 7 new comments:
  - #28 Level 2 story for <form> (1 by mikewest)
    https://github.com/w3c/webappsec-mixed-content/issues/28 
  - #27 WebSocket section needs updating (1 by mikewest)
    https://github.com/w3c/webappsec-mixed-content/issues/27 
  - #26 Mixed content in the Cache API (1 by mikewest)
    https://github.com/w3c/webappsec-mixed-content/issues/26 
  - #25 Move MIX2 to FPWD (4 by annevk, carlosjoan91)
    https://github.com/w3c/webappsec-mixed-content/issues/25 

* w3c/webappsec-upgrade-insecure-requests (+2/-0/💬1)
  2 issues created:
  - Response type (by annevk)
    https://github.com/w3c/webappsec-upgrade-insecure-requests/issues/20 
  - Testing (by annevk)
    https://github.com/w3c/webappsec-upgrade-insecure-requests/issues/19 

  1 issues received 1 new comments:
  - #19 Testing (1 by jgraham)
    https://github.com/w3c/webappsec-upgrade-insecure-requests/issues/19 

* w3c/permissions (+0/-0/💬1)
  1 issues received 1 new comments:
  - #194 Consider making `request-permission-to-use` aware of user activation (1 by mustaqahmed)
    https://github.com/w3c/permissions/issues/194 

* w3c/webappsec-feature-policy (+5/-0/💬16)
  5 issues created:
  - Renaming Feature Policy (by annevk)
    https://github.com/w3c/webappsec-feature-policy/issues/359 
  - Feature Policy shouldn't be overridable (by shhnjk)
    https://github.com/w3c/webappsec-feature-policy/issues/357 
  - Document Policy and Booleans (by mikewest)
    https://github.com/w3c/webappsec-feature-policy/issues/356 
  - Document Policy and Sandboxing (by mikewest)
    https://github.com/w3c/webappsec-feature-policy/issues/355 
  - Document Policy and CSP? (by mikewest)
    https://github.com/w3c/webappsec-feature-policy/issues/354 

  7 issues received 16 new comments:
  - #359 Renaming Feature Policy (4 by annevk, clelland)
    https://github.com/w3c/webappsec-feature-policy/issues/359 
  - #357 Feature Policy shouldn't be overridable (4 by bershanskiy, clelland, shhnjk)
    https://github.com/w3c/webappsec-feature-policy/issues/357 
  - #356 Document Policy and Booleans (3 by clelland, mikewest)
    https://github.com/w3c/webappsec-feature-policy/issues/356 [document-policy] 
  - #355 Document Policy and Sandboxing (1 by clelland)
    https://github.com/w3c/webappsec-feature-policy/issues/355 [document-policy] 
  - #354 Document Policy and CSP? (1 by clelland)
    https://github.com/w3c/webappsec-feature-policy/issues/354 [document-policy] 
  - #256 Possible race in feature policy in multiprocess implementations (1 by clelland)
    https://github.com/w3c/webappsec-feature-policy/issues/256 [architecture] 
  - #115 "ASCII serialization" (2 by clelland, hober)
    https://github.com/w3c/webappsec-feature-policy/issues/115 [eng task] 

* w3c/webappsec-fetch-metadata (+1/-0/💬5)
  1 issues created:
  - Header name "destination" may confuse developers (by jugglinmike)
    https://github.com/w3c/webappsec-fetch-metadata/issues/51 

  1 issues received 5 new comments:
  - #51 Header name "destination" may confuse developers (5 by annevk, jugglinmike, mikewest)
    https://github.com/w3c/webappsec-fetch-metadata/issues/51 

* WICG/trusted-types (+2/-2/💬4)
  2 issues created:
  - How to bless asset references (by mikesamuel)
    https://github.com/w3c/webappsec-trusted-types/issues/247 
  - "require-trusted-types-for Pre-Navigation check" versus "Get Trusted Type compliant string" (by otherdaniel)
    https://github.com/w3c/webappsec-trusted-types/issues/246 

  3 issues received 4 new comments:
  - #247 How to bless asset references (1 by bmeck)
    https://github.com/w3c/webappsec-trusted-types/issues/247 
  - #234 Navigating to plugins (2 by annevk, koto)
    https://github.com/w3c/webappsec-trusted-types/issues/234 
  - #222 How does this work when you have a dependency included twice? (1 by koto)
    https://github.com/w3c/webappsec-trusted-types/issues/222 

  2 issues closed:
  - How does this work when you have a dependency included twice? https://github.com/w3c/webappsec-trusted-types/issues/222 
  - Allow future extensions to the API without breaking compatibility https://github.com/w3c/webappsec-trusted-types/issues/241 



Pull requests
-------------
* w3c/webappsec (+1/-0/💬0)
  1 pull requests submitted:
  - Make redirect for SRI spec include fragment ID (by sideshowbarker)
    https://github.com/w3c/webappsec/pull/559 

* w3c/webappsec-mixed-content (+1/-0/💬4)
  1 pull requests submitted:
  - Add FPWD document for MIX2 (by carlosjoan91)
    https://github.com/w3c/webappsec-mixed-content/pull/24 

  1 pull requests received 4 new comments:
  - #24 Add FPWD document for MIX2 (4 by carlosjoan91, mikewest)
    https://github.com/w3c/webappsec-mixed-content/pull/24 

* w3c/webappsec-referrer-policy (+1/-0/💬2)
  1 pull requests submitted:
  - Add Dominic Farolino as an editor (by domfarolino)
    https://github.com/w3c/webappsec-referrer-policy/pull/130 

  1 pull requests received 2 new comments:
  - #129 Stop using environment and request's origin in referrer calculation (2 by domfarolino, yutakahirano)
    https://github.com/w3c/webappsec-referrer-policy/pull/129 

* w3c/webappsec-feature-policy (+2/-5/💬3)
  2 pull requests submitted:
  - Fix navigation race (by clelland)
    https://github.com/w3c/webappsec-feature-policy/pull/358 
  - Add document policy (by clelland)
    https://github.com/w3c/webappsec-feature-policy/pull/353 

  3 pull requests received 3 new comments:
  - #351 Add `document-access` to proposed features (1 by clelland)
    https://github.com/w3c/webappsec-feature-policy/pull/351 
  - #332 Create decoding-image-default-sync.md (1 by clelland)
    https://github.com/w3c/webappsec-feature-policy/pull/332 
  - #259 Support propagating feature policy in popups. (1 by clelland)
    https://github.com/w3c/webappsec-feature-policy/pull/259 

  5 pull requests merged:
  - Create decoding-image-default-sync.md
    https://github.com/w3c/webappsec-feature-policy/pull/332 
  - Add `navigation-override` to standardized features
    https://github.com/w3c/webappsec-feature-policy/pull/347 
  - Move `encrypted-media` to standardized features
    https://github.com/w3c/webappsec-feature-policy/pull/350 
  - Add `focus-without-user-activation` to experimental features
    https://github.com/w3c/webappsec-feature-policy/pull/346 
  - Add document policy
    https://github.com/w3c/webappsec-feature-policy/pull/353 

* w3c/webappsec-fetch-metadata (+1/-2/💬0)
  1 pull requests submitted:
  - Add reference for term "break" (by jugglinmike)
    https://github.com/w3c/webappsec-fetch-metadata/pull/52 

  2 pull requests merged:
  - Add reference for term "break"
    https://github.com/w3c/webappsec-fetch-metadata/pull/52 
  - Use HTML's same site
    https://github.com/w3c/webappsec-fetch-metadata/pull/50 

* WICG/trusted-types (+1/-3/💬0)
  1 pull requests submitted:
  - Added support for 'allow-duplicates' keyword. (by koto)
    https://github.com/w3c/webappsec-trusted-types/pull/245 

  3 pull requests merged:
  - Added support for 'allow-duplicates' keyword.
    https://github.com/w3c/webappsec-trusted-types/pull/245 
  - Added require-trusted-types-for directive.
    https://github.com/w3c/webappsec-trusted-types/pull/244 
  - Fix #240. Attributes, by default, are not namespaced.
    https://github.com/w3c/webappsec-trusted-types/pull/243 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-feature-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/WICG/trusted-types
* https://github.com/w3c/webappsec-unofficial-drafts
Received on Monday, 9 December 2019 17:00:26 UTC