W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2018

Weekly github digest (WebAppSec specs)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 03 Dec 2018 17:00:13 +0000
To: public-webappsec@w3.org
Message-Id: <E1gTrZt-00021q-Cc@uranus.w3.org>



Issues
------
* w3c/webappsec-subresource-integrity (+0/-0/💬7)
  1 issues received 7 new comments:
  - #20 Consider integrity check violation reporting (7 by ScottHelme, annevk, mikewest, ericlaw1979, devd)
    https://github.com/w3c/webappsec-subresource-integrity/issues/20 

* w3c/webappsec-csp (+0/-6/💬2)
  2 issues received 2 new comments:
  - #368 Make CSP inheritance for javascript: more explicit (1 by bzbarsky)
    https://github.com/w3c/webappsec-csp/issues/368 
  - #248 Handling of 'self' is unclear when inheriting CSP to local scheme (1 by andypaicu)
    https://github.com/w3c/webappsec-csp/issues/248 

  6 issues closed:
  - Make CSP inheritance for javascript: more explicit https://github.com/w3c/webappsec-csp/issues/368 
  - Initialize document CSP in html needs to be updated https://github.com/w3c/webappsec-csp/issues/364 
  - Handling of 'self' is unclear when inheriting CSP to local scheme https://github.com/w3c/webappsec-csp/issues/248 
  - What is the 'self' of sandboxed page? https://github.com/w3c/webappsec-csp/issues/260 
  - Is inheritance of 'self' to local-scheme appropriate? https://github.com/w3c/webappsec-csp/issues/259 
  - Handling of javascript: navigations is not interoperable, spec doesn't match most implementations https://github.com/w3c/webappsec-csp/issues/322 

* w3c/webappsec-credential-management (+0/-2/💬0)
  2 issues closed:
  - add [=in parallel=] to credential internal methods https://github.com/w3c/webappsec-credential-management/issues/105 
  - #credential-internal-methods section is sort of confusing https://github.com/w3c/webappsec-credential-management/issues/103 

* w3c/permissions (+1/-0/💬0)
  1 issues created:
  - Automation: Need two more steps to handle closed browsing context and user prompts (by Honry)
    https://github.com/w3c/permissions/issues/186 



Pull requests
-------------
* w3c/webappsec-csp (+3/-4/💬2)
  3 pull requests submitted:
  - Allow plugin-types to be empty (by andypaicu)
    https://github.com/w3c/webappsec-csp/pull/374 
  - Removed w3c/html related issues (by andypaicu)
    https://github.com/w3c/webappsec-csp/pull/373 
  - Handle a null request in init document csp algorithm (by andypaicu)
    https://github.com/w3c/webappsec-csp/pull/372 

  1 pull requests received 2 new comments:
  - #372 Handle a null request in init document csp algorithm (2 by andypaicu)
    https://github.com/w3c/webappsec-csp/pull/372 

  4 pull requests merged:
  - Added javascript: scheme specifically and fixed a small comment
    https://github.com/w3c/webappsec-csp/pull/370 
  - Handle a null request in init document csp algorithm
    https://github.com/w3c/webappsec-csp/pull/372 
  - Removed w3c/html related issues
    https://github.com/w3c/webappsec-csp/pull/373 
  - Add a `self-origin` member to policy to facilitate opaque origin contexts that inherit their policies
    https://github.com/w3c/webappsec-csp/pull/362 

* w3c/webappsec-credential-management (+1/-1/💬0)
  1 pull requests submitted:
  - Drop 'origin' from public interfaces after #100. (by mikewest)
    https://github.com/w3c/webappsec-credential-management/pull/131 

  1 pull requests merged:
  - issue 92 accessing settings object: add passing global and queue task invoke algorithm
    https://github.com/w3c/webappsec-credential-management/pull/100 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
Received on Monday, 3 December 2018 17:00:14 UTC

This archive was generated by hypermail 2.3.1 : Monday, 3 December 2018 17:00:15 UTC