W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2018

Weekly github digest (WebAppSec specs)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 05 Mar 2018 17:00:14 +0000
To: public-webappsec@w3.org
Message-Id: <E1estTC-00068v-31@uranus.w3.org>



Issues
------
* w3c/webappsec-subresource-integrity (+1/-0/💬4)
  1 issues created:
  - A new IntegrityCheckFailure event (by ScottHelme)
    https://github.com/w3c/webappsec-subresource-integrity/issues/77 

  3 issues received 4 new comments:
  - #77 A new IntegrityCheckFailure event (2 by ScottHelme, mozfreddyb)
    https://github.com/w3c/webappsec-subresource-integrity/issues/77 
  - #20 Consider integrity check violation reporting (1 by ScottHelme)
    https://github.com/w3c/webappsec-subresource-integrity/issues/20 
  - #21 Consider integrity enforcement of iframe (1 by BigBlueHat)
    https://github.com/w3c/webappsec-subresource-integrity/issues/21 

* w3c/webappsec-csp (+1/-0/💬3)
  1 issues created:
  - Add directive similar to ‘X-Content-Type-Options: nosniff’? (by valtlai)
    https://github.com/w3c/webappsec-csp/issues/298 

  3 issues received 3 new comments:
  - #298 Add directive similar to ‘X-Content-Type-Options: nosniff’? (1 by jonathanKingston)
    https://github.com/w3c/webappsec-csp/issues/298 
  - #116 Allow nonce-source to be used in more directives. (1 by frederikbosch)
    https://github.com/w3c/webappsec-csp/issues/116 
  - #45 Further granularity of unsafe-inline styles (1 by arturjanc)
    https://github.com/w3c/webappsec-csp/issues/45 [CORE] 

* w3c/webappsec-credential-management (+0/-0/💬2)
  1 issues received 2 new comments:
  - #3 CREDENTIAL: Reconsider the top-level browsing context limitation. (2 by apowers313, mikewest)
    https://github.com/w3c/webappsec-credential-management/issues/3 [CREDENTIAL] 

* w3c/webappsec-secure-contexts (+2/-1/💬2)
  2 issues created:
  - "Is an environment settings object contextually secure?" does not work for worklets (by annevk)
    https://github.com/w3c/webappsec-secure-contexts/issues/57 
  - "Is an environment settings object contextually secure?" does not deal with nested workers (by annevk)
    https://github.com/w3c/webappsec-secure-contexts/issues/56 

  1 issues received 2 new comments:
  - #56 "Is an environment settings object contextually secure?" does not deal with nested workers (2 by bzbarsky)
    https://github.com/w3c/webappsec-secure-contexts/issues/56 

  1 issues closed:
  - Should secure iframes of insecure parents be considered secure?  Spec is self-contradictory. https://github.com/w3c/webappsec-secure-contexts/issues/54 



Pull requests
-------------
* w3c/webappsec-csp (+0/-0/💬1)
  1 pull requests received 1 new comments:
  - #287 Introduce 'webrtc-src'. (1 by patrickkettner)
    https://github.com/w3c/webappsec-csp/pull/287 

* w3c/webappsec-secure-contexts (+0/-1/💬4)
  1 pull requests received 4 new comments:
  - #55 Reintroduce the dependency on a parent's security. (4 by annevk, estark37, bzbarsky)
    https://github.com/w3c/webappsec-secure-contexts/pull/55 

  1 pull requests merged:
  - Reintroduce the dependency on a parent's security.
    https://github.com/w3c/webappsec-secure-contexts/pull/55 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
Received on Monday, 5 March 2018 17:00:26 UTC

This archive was generated by hypermail 2.3.1 : Monday, 5 March 2018 17:00:27 UTC