W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2018

Weekly github digest (WebAppSec specs)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 08 Oct 2018 17:00:11 +0000
To: public-webappsec@w3.org
Message-Id: <E1g9Yt9-0008TL-Cf@uranus.w3.org>



Issues
------
* w3c/webappsec-subresource-integrity (+0/-0/💬1)
  1 issues received 1 new comments:
  - #22 Consider shared caching (1 by ArneBab)
    https://github.com/w3c/webappsec-subresource-integrity/issues/22 

* w3c/webappsec-csp (+0/-9/💬5)
  3 issues received 5 new comments:
  - #110 "Whitelisting external JavaScript with hashes" incorrectly assumes encoding of sources (2 by annevk, andypaicu)
    https://github.com/w3c/webappsec-csp/issues/110 [bug] 
  - #275 Wrap up CSP 3, Move to CSP 4  (2 by andypaicu)
    https://github.com/w3c/webappsec-csp/issues/275 
  - #109 Hash encodings should be converted to UTF-8 (1 by andypaicu)
    https://github.com/w3c/webappsec-csp/issues/109 [bug] 

  9 issues closed:
  - Case-sensitivity resulting in divergent browser behavior https://github.com/w3c/webappsec-csp/issues/236 
  - Wrap up CSP 3, Move to CSP 4  https://github.com/w3c/webappsec-csp/issues/275 
  - bikeshed: LINK ERROR: No 'idl' refs found for 'nonce' with for='NoncedElement' https://github.com/w3c/webappsec-csp/issues/281 
  - Incorrect form-action pre-navigation check text? https://github.com/w3c/webappsec-csp/issues/257 
  - "Whitelisting external JavaScript with hashes" incorrectly assumes encoding of sources https://github.com/w3c/webappsec-csp/issues/110 [bug] 
  - CSP: clarify whitespace characters https://github.com/w3c/webappsec-csp/issues/5 
  - Update comment of directive value parsing https://github.com/w3c/webappsec-csp/issues/307 
  - Hash encodings should be converted to UTF-8 https://github.com/w3c/webappsec-csp/issues/109 [bug] 
  - The effective directive for violations is incorrect https://github.com/w3c/webappsec-csp/issues/324 

* w3c/webappsec-credential-management (+0/-0/💬2)
  1 issues received 2 new comments:
  - #128 copy (aka snapshot) any buffersources in options before going async (2 by equalsJeffH)
    https://github.com/w3c/webappsec-credential-management/issues/128 

* w3c/webappsec-secure-contexts (+0/-0/💬1)
  1 issues received 1 new comments:
  - #28 Consider whether sandboxed content should automatically be a secure context (1 by bzbarsky)
    https://github.com/w3c/webappsec-secure-contexts/issues/28 



Pull requests
-------------
* w3c/webappsec-csp (+3/-6/💬5)
  3 pull requests submitted:
  - Directive names should be lowercased (basically case-insensitive) (by andypaicu)
    https://github.com/w3c/webappsec-csp/pull/346 
  - Fixed text for form-action prenavigate (by andypaicu)
    https://github.com/w3c/webappsec-csp/pull/345 
  - Adding note explaining difference between SRI and CSP hashes (by andypaicu)
    https://github.com/w3c/webappsec-csp/pull/344 

  3 pull requests received 5 new comments:
  - #342 Convert string to UTF-8 before applying hash algorithms (2 by andypaicu)
    https://github.com/w3c/webappsec-csp/pull/342 
  - #346 Directive names should be lowercased (basically case-insensitive) (2 by andypaicu, mikewest)
    https://github.com/w3c/webappsec-csp/pull/346 
  - #340 Fixing whitespace issues and 2 comments in the area (1 by andypaicu)
    https://github.com/w3c/webappsec-csp/pull/340 

  6 pull requests merged:
  - Directive names should be lowercased (basically case-insensitive)
    https://github.com/w3c/webappsec-csp/pull/346 
  - Fixed text for form-action prenavigate
    https://github.com/w3c/webappsec-csp/pull/345 
  - Adding note explaining difference between SRI and CSP hashes
    https://github.com/w3c/webappsec-csp/pull/344 
  - Fixing whitespace issues and 2 comments in the area
    https://github.com/w3c/webappsec-csp/pull/340 
  - Convert string to UTF-8 before applying hash algorithms
    https://github.com/w3c/webappsec-csp/pull/342 
  - Using the correct directive name when reporting violations
    https://github.com/w3c/webappsec-csp/pull/337 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
Received on Monday, 8 October 2018 17:00:13 UTC

This archive was generated by hypermail 2.3.1 : Monday, 8 October 2018 17:00:13 UTC