Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2018-04-09 (public-webappsec@w3.org from April 2018)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 09 Apr 2018 17:00:10 +0000
To: public-webappsec@w3.org
Message-Id: <E1f5a9K-0007Jt-Ss@uranus.w3.org>

Issues
------
* w3c/webappsec-subresource-integrity (+0/-0/💬1)
  1 issues received 1 new comments:
  - #68 integrity for downloads (1 by annevk)
    https://github.com/w3c/webappsec-subresource-integrity/issues/68 [SRI-next] 

* w3c/webappsec-csp (+2/-1/💬4)
  2 issues created:
  - CSP 4 feature request: cookie policy (by AliceWonderMiscreations)
    https://github.com/w3c/webappsec-csp/issues/301 
  - Directive to disallow external entities in SVG/XML? (by Malvoz)
    https://github.com/w3c/webappsec-csp/issues/300 

  4 issues received 4 new comments:
  - #299 frame-src, worker-src, child-src confusion (1 by Malvoz)
    https://github.com/w3c/webappsec-csp/issues/299 
  - #300 Directive to disallow external entities in SVG/XML? (1 by annevk)
    https://github.com/w3c/webappsec-csp/issues/300 
  - #13 Inline event handlers not whitelisted by hashes? (1 by andypaicu)
    https://github.com/w3c/webappsec-csp/issues/13 [CSP] 
  - #45 Further granularity of unsafe-inline styles (1 by andypaicu)
    https://github.com/w3c/webappsec-csp/issues/45 [CORE] 

  1 issues closed:
  - Add note about the importance of preventing nonce exfiltration/reuse https://github.com/w3c/webappsec-csp/issues/258 

* w3c/permissions (+0/-1/💬3)
  1 issues received 3 new comments:
  - #172 autoplay permission (3 by mounirlamouri, travisleithead, cpearce)
    https://github.com/w3c/permissions/issues/172 

  1 issues closed:
  - autoplay permission https://github.com/w3c/permissions/issues/172 

* w3c/webappsec-secure-contexts (+1/-0/💬1)
  1 issues created:
  - Using secure-context gated features with local devices (by daurnimator)
    https://github.com/w3c/webappsec-secure-contexts/issues/60 

  1 issues received 1 new comments:
  - #60 Using secure-context gated features with local devices (1 by pinobatch)
    https://github.com/w3c/webappsec-secure-contexts/issues/60 



Pull requests
-------------
* w3c/webappsec-csp (+0/-0/💬2)
  2 pull requests received 2 new comments:
  - #247 Add extra note for 'unsafe-hashed-attributes' to address backwards co… (1 by andypaicu)
    https://github.com/w3c/webappsec-csp/pull/247 
  - #287 Introduce 'webrtc-src'. (1 by alvestrand)
    https://github.com/w3c/webappsec-csp/pull/287 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins

Received on Monday, 9 April 2018 17:00:21 UTC