- From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
- Date: Mon, 22 Jan 2018 17:00:15 +0000
- To: public-webappsec@w3.org
- Message-Id: <E1edfSB-00050f-7d@uranus.w3.org>
Issues
------
* w3c/webappsec-csp (+2/-0/💬5)
2 issues created:
- CSP vulnerability enabling cross-origin session data exfiltration (by eligrey)
https://github.com/w3c/webappsec-csp/issues/289
- Wrong url on example 6 (by murillo128)
https://github.com/w3c/webappsec-csp/issues/286
3 issues received 5 new comments:
- #92 WebRTC RTCDataChannel can be used for exfiltration (3 by mikewest, alvestrand)
https://github.com/w3c/webappsec-csp/issues/92
- #125 Allow navigation to only whitelisted URLs via navigate-to (1 by eligrey)
https://github.com/w3c/webappsec-csp/issues/125
- #277 Allow CSP-Report-Only in meta tags. (1 by arturjanc)
https://github.com/w3c/webappsec-csp/issues/277
* w3c/webappsec-credential-management (+1/-0/💬1)
1 issues created:
- Shouldn't be touching settings objects in parallel (by bzbarsky)
https://github.com/w3c/webappsec-credential-management/issues/118
1 issues received 1 new comments:
- #99 Extensibility via "Credential Handlers" (1 by dlongley)
https://github.com/w3c/webappsec-credential-management/issues/99
* w3c/webappsec-secure-contexts (+1/-0/💬3)
1 issues created:
- Should secure iframes of insecure parents be considered secure? Spec is self-contradictory. (by bzbarsky)
https://github.com/w3c/webappsec-secure-contexts/issues/54
1 issues received 3 new comments:
- #54 Should secure iframes of insecure parents be considered secure? Spec is self-contradictory. (3 by travisleithead, mikewest, bzbarsky)
https://github.com/w3c/webappsec-secure-contexts/issues/54
Pull requests
-------------
* w3c/webappsec-csp (+2/-1/💬7)
2 pull requests submitted:
- Fix a typo and grammatical error in prefetch-src (by april)
https://github.com/w3c/webappsec-csp/pull/288
- Introduce 'webrtc-src'. (by mikewest)
https://github.com/w3c/webappsec-csp/pull/287
2 pull requests received 7 new comments:
- #287 Introduce 'webrtc-src'. (6 by murillo128, martinthomson, mikewest, alvestrand, michaelficarra)
https://github.com/w3c/webappsec-csp/pull/287
- #288 Fix a typo and grammatical error in prefetch-src (1 by mikewest)
https://github.com/w3c/webappsec-csp/pull/288
1 pull requests merged:
- Fix a typo and grammatical error in prefetch-src
https://github.com/w3c/webappsec-csp/pull/288
* w3c/permissions (+1/-0/💬0)
1 pull requests submitted:
- Automation: simplify URI template (by jugglinmike)
https://github.com/w3c/permissions/pull/168
* w3c/webappsec-secure-contexts (+1/-0/💬1)
1 pull requests submitted:
- Reintroduce the dependency on a parent's security. (by mikewest)
https://github.com/w3c/webappsec-secure-contexts/pull/55
1 pull requests received 1 new comments:
- #55 Reintroduce the dependency on a parent's security. (1 by mikewest)
https://github.com/w3c/webappsec-secure-contexts/pull/55
Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
Received on Monday, 22 January 2018 17:00:58 UTC