Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2018-01-15 (public-webappsec@w3.org from January 2018)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 15 Jan 2018 17:00:10 +0000
To: public-webappsec@w3.org
Message-Id: <E1eb87G-00083r-3e@uranus.w3.org>
Issues
------
* w3c/webappsec-csp (+3/-5/💬40)
  3 issues created:
  - `Prerender` subresources and CSP (by yoavweiss)
    https://github.com/w3c/webappsec-csp/issues/284
  - Block dns-prefetch (by annevk)
    https://github.com/w3c/webappsec-csp/issues/282
  - bikeshed: LINK ERROR: No 'idl' refs found for 'nonce' with for='NoncedElement' (by sideshowbarker)
    https://github.com/w3c/webappsec-csp/issues/281

  10 issues received 40 new comments:
  - #284 `prerender` subresources and CSP (11 by annevk, mikewest, yoavweiss)
    https://github.com/w3c/webappsec-csp/issues/284
  - #92 WebRTC RTCDataChannel can be used for exfiltration (9 by murillo128, martinthomson, steely-glint)
    https://github.com/w3c/webappsec-csp/issues/92
  - #107 Specify behavior of prefetch requests (6 by igrigorik, ScottHelme, paulcalvano, yoavweiss, eligrey)
    https://github.com/w3c/webappsec-csp/issues/107
  - #282 Allow control over `dns-prefetch` and `preconnect` (4 by annevk, mikewest)
    https://github.com/w3c/webappsec-csp/issues/282
  - #261 Relax CSP source path matching when response is replaced by service worker e.g. redirects (3 by annevk, aliams, andypaicu)
    https://github.com/w3c/webappsec-csp/issues/261
  - #186 Add <base target="x" /> to CSP (3 by andypaicu, craigfrancis)
    https://github.com/w3c/webappsec-csp/issues/186
  - #203 worklet-src directive needed for worklets? (1 by andypaicu)
    https://github.com/w3c/webappsec-csp/issues/203
  - #232 Permission for browser extensions (1 by leodutra)
    https://github.com/w3c/webappsec-csp/issues/232
  - #125 Allow navigation to only whitelisted URLs via navigate-to (1 by eligrey)
    https://github.com/w3c/webappsec-csp/issues/125
  - #217 CSP3: Consider adding a 'no-console-log' directive (1 by Keisial)
    https://github.com/w3c/webappsec-csp/issues/217

  5 issues closed:
  - Specify behavior of prefetch requests https://github.com/w3c/webappsec-csp/issues/107
  - Relax CSP source path matching when response is replaced by service worker e.g. redirects https://github.com/w3c/webappsec-csp/issues/261
  - A kind of a nonce for a complete "zone" https://github.com/w3c/webappsec-csp/issues/245
  - Year of CSP3 is 2016 https://github.com/w3c/webappsec-csp/issues/244
  - Permission for browser extensions https://github.com/w3c/webappsec-csp/issues/232

* w3c/permissions (+1/-0/💬2)
  1 issues created:
  - The boolean permission query algorithm isn't Boolean (by martinthomson)
    https://github.com/w3c/permissions/issues/167

  1 issues received 2 new comments:
  - #167 The boolean permission query algorithm isn't Boolean (2 by jyasskin, martinthomson)
    https://github.com/w3c/permissions/issues/167



Pull requests
-------------
* w3c/webappsec-csp (+3/-2/💬14)
  3 pull requests submitted:
  - Fix for bikeshed linking error (by andypaicu)
    https://github.com/w3c/webappsec-csp/pull/285
  - Introduce 'prefetch-src'. Closes w3c/webappsec-csp#107. (by mikewest)
    https://github.com/w3c/webappsec-csp/pull/283
  - Fix a few typos (by sideshowbarker)
    https://github.com/w3c/webappsec-csp/pull/280

  1 pull requests received 14 new comments:
  - #283 Introduce 'prefetch-src'. Closes w3c/webappsec-csp#107. (14 by annevk, mikewest, yoavweiss)
    https://github.com/w3c/webappsec-csp/pull/283

  2 pull requests merged:
  - Fix a few typos
    https://github.com/w3c/webappsec-csp/pull/280
  - Introduce 'prefetch-src'. Closes w3c/webappsec-csp#107.
    https://github.com/w3c/webappsec-csp/pull/283

* w3c/permissions (+0/-0/💬1)
  1 pull requests received 1 new comments:
  - #166 Discuss how query() makes abuse harder to detect. (1 by npdoty)
    https://github.com/w3c/permissions/pull/166


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
Received on Monday, 15 January 2018 17:00:12 UTC