W3C home > Mailing lists > Public > public-webappsec@w3.org > April 2019

Weekly github digest (WebAppSec specs)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 29 Apr 2019 17:00:12 +0000
To: public-webappsec@w3.org
Message-Id: <E1hL9dU-000577-4M@uranus.w3.org>



Issues
------
* w3c/webappsec-csp (+1/-0/💬1)
  1 issues created:
  - Initializing a document's CSP list requires synchronous cross-process access (by bzbarsky)
    https://github.com/w3c/webappsec-csp/issues/389 

  1 issues received 1 new comments:
  - #389 Initializing a document's CSP list requires synchronous cross-process access (1 by annevk)
    https://github.com/w3c/webappsec-csp/issues/389 

* w3c/webappsec-feature-policy (+4/-4/💬19)
  4 issues created:
  - Architecture discussion: Sandbox policies (by clelland)
    https://github.com/w3c/webappsec-feature-policy/issues/300 
  - Architecture discussion: Document Policies (by clelland)
    https://github.com/w3c/webappsec-feature-policy/issues/299 
  - Architecture discussion: Permissions (by clelland)
    https://github.com/w3c/webappsec-feature-policy/issues/298 
  - Dividing features across different types of policies (by annevk)
    https://github.com/w3c/webappsec-feature-policy/issues/296 

  12 issues received 19 new comments:
  - #300 Architecture discussion: Sandbox policies (3 by ehsan-karamad, clelland)
    https://github.com/w3c/webappsec-feature-policy/issues/300 
  - #273 Prevent programmatic focus in iframe (3 by ehsan-karamad, marian-r, mustaqahmed)
    https://github.com/w3c/webappsec-feature-policy/issues/273 [proposed feature] 
  - #282 Proposal: Define new feature types (3 by annevk, triblondon)
    https://github.com/w3c/webappsec-feature-policy/issues/282 
  - #253 Should document.domain setter be considered different than 'self' ? (2 by zcorpan, annevk)
    https://github.com/w3c/webappsec-feature-policy/issues/253 
  - #256 Possible race in feature policy in multiprocess implementations (1 by annevk)
    https://github.com/w3c/webappsec-feature-policy/issues/256 
  - #193 Feature Policy: lazyload (1 by triblondon)
    https://github.com/w3c/webappsec-feature-policy/issues/193 [proposed feature] 
  - #296 Dividing features across different types of policies (1 by Malvoz)
    https://github.com/w3c/webappsec-feature-policy/issues/296 
  - #298 Architecture discussion: Permissions (1 by clelland)
    https://github.com/w3c/webappsec-feature-policy/issues/298 
  - #43 (Updated) Feature Policy v1 explainer (1 by annevk)
    https://github.com/w3c/webappsec-feature-policy/issues/43 
  - #50 Feature proposal: opener (1 by annevk)
    https://github.com/w3c/webappsec-feature-policy/issues/50 [proposed feature] 
  - #244 Maintain a registry (1 by Malvoz)
    https://github.com/w3c/webappsec-feature-policy/issues/244 
  - #20 Send feature policy in sub-resource request headers (1 by annevk)
    https://github.com/w3c/webappsec-feature-policy/issues/20 

  4 issues closed:
  - HTML calls Initialize document’s Feature Policy seems wrong https://github.com/w3c/webappsec-feature-policy/issues/284 
  - Feature proposal: opener https://github.com/w3c/webappsec-feature-policy/issues/50 [proposed feature] 
  - (Updated) Feature Policy v1 explainer https://github.com/w3c/webappsec-feature-policy/issues/43 
  - Send feature policy in sub-resource request headers https://github.com/w3c/webappsec-feature-policy/issues/20 



Pull requests
-------------
* w3c/webappsec-feature-policy (+2/-4/💬5)
  2 pull requests submitted:
  - move 'payment' from proposed to standard feature (by Malvoz)
    https://github.com/w3c/webappsec-feature-policy/pull/301 
  - Change 'lazyload' to 'loading-frame-default-eager' (by Malvoz)
    https://github.com/w3c/webappsec-feature-policy/pull/297 

  4 pull requests received 5 new comments:
  - #295 Create loading-image-default-eager.md (2 by ehsan-karamad, clelland)
    https://github.com/w3c/webappsec-feature-policy/pull/295 
  - #292 Update unoptimized images policy (1 by clelland)
    https://github.com/w3c/webappsec-feature-policy/pull/292 
  - #297 Change 'lazyload' to 'loading-frame-default-eager' (1 by clelland)
    https://github.com/w3c/webappsec-feature-policy/pull/297 
  - #286 Update image policies for OT (1 by loonybear)
    https://github.com/w3c/webappsec-feature-policy/pull/286 

  4 pull requests merged:
  - Update unoptimized images policy
    https://github.com/w3c/webappsec-feature-policy/pull/292 
  - Correct uses of the term 'nested browsing context'
    https://github.com/w3c/webappsec-feature-policy/pull/291 
  - Change 'lazyload' to 'loading-frame-default-eager'
    https://github.com/w3c/webappsec-feature-policy/pull/297 
  - Update and rename lazyload.md to loading-frame-default-eager.md
    https://github.com/w3c/webappsec-feature-policy/pull/293 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-feature-policy
Received on Monday, 29 April 2019 17:00:14 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 April 2019 17:00:15 UTC