W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2018

Weekly github digest (WebAppSec specs)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 22 Jan 2018 17:00:15 +0000
To: public-webappsec@w3.org
Message-Id: <E1edfSB-00050f-7d@uranus.w3.org>



Issues
------
* w3c/webappsec-csp (+2/-0/💬5)
  2 issues created:
  - CSP vulnerability enabling cross-origin session data exfiltration (by eligrey)
    https://github.com/w3c/webappsec-csp/issues/289
  - Wrong url on example 6 (by murillo128)
    https://github.com/w3c/webappsec-csp/issues/286

  3 issues received 5 new comments:
  - #92 WebRTC RTCDataChannel can be used for exfiltration (3 by mikewest, alvestrand)
    https://github.com/w3c/webappsec-csp/issues/92
  - #125 Allow navigation to only whitelisted URLs via navigate-to (1 by eligrey)
    https://github.com/w3c/webappsec-csp/issues/125
  - #277 Allow CSP-Report-Only in meta tags. (1 by arturjanc)
    https://github.com/w3c/webappsec-csp/issues/277

* w3c/webappsec-credential-management (+1/-0/💬1)
  1 issues created:
  - Shouldn't be touching settings objects in parallel (by bzbarsky)
    https://github.com/w3c/webappsec-credential-management/issues/118

  1 issues received 1 new comments:
  - #99 Extensibility via "Credential Handlers" (1 by dlongley)
    https://github.com/w3c/webappsec-credential-management/issues/99

* w3c/webappsec-secure-contexts (+1/-0/💬3)
  1 issues created:
  - Should secure iframes of insecure parents be considered secure?  Spec is self-contradictory. (by bzbarsky)
    https://github.com/w3c/webappsec-secure-contexts/issues/54

  1 issues received 3 new comments:
  - #54 Should secure iframes of insecure parents be considered secure?  Spec is self-contradictory. (3 by travisleithead, mikewest, bzbarsky)
    https://github.com/w3c/webappsec-secure-contexts/issues/54



Pull requests
-------------
* w3c/webappsec-csp (+2/-1/💬7)
  2 pull requests submitted:
  - Fix a typo and grammatical error in prefetch-src (by april)
    https://github.com/w3c/webappsec-csp/pull/288
  - Introduce 'webrtc-src'. (by mikewest)
    https://github.com/w3c/webappsec-csp/pull/287

  2 pull requests received 7 new comments:
  - #287 Introduce 'webrtc-src'. (6 by murillo128, martinthomson, mikewest, alvestrand, michaelficarra)
    https://github.com/w3c/webappsec-csp/pull/287
  - #288 Fix a typo and grammatical error in prefetch-src (1 by mikewest)
    https://github.com/w3c/webappsec-csp/pull/288

  1 pull requests merged:
  - Fix a typo and grammatical error in prefetch-src
    https://github.com/w3c/webappsec-csp/pull/288

* w3c/permissions (+1/-0/💬0)
  1 pull requests submitted:
  - Automation: simplify URI template (by jugglinmike)
    https://github.com/w3c/permissions/pull/168

* w3c/webappsec-secure-contexts (+1/-0/💬1)
  1 pull requests submitted:
  - Reintroduce the dependency on a parent's security. (by mikewest)
    https://github.com/w3c/webappsec-secure-contexts/pull/55

  1 pull requests received 1 new comments:
  - #55 Reintroduce the dependency on a parent's security. (1 by mikewest)
    https://github.com/w3c/webappsec-secure-contexts/pull/55


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
Received on Monday, 22 January 2018 17:00:58 UTC

This archive was generated by hypermail 2.3.1 : Monday, 22 January 2018 17:00:59 UTC