Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2019-08-12 (public-webappsec@w3.org from August 2019)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 12 Aug 2019 17:00:20 +0000
To: public-webappsec@w3.org
Message-Id: <E1hxDgC-0007cO-3N@uranus.w3.org>
Issues
------
* w3c/webappsec-csp (+0/-2/💬9)
  4 issues received 9 new comments:
  - #316 I want all links on my website to be rel=noopener (6 by annevk, kdzwinel, Malvoz)
    https://github.com/w3c/webappsec-csp/issues/316 
  - #404 CSP HTTP headers not registered with IANA (1 by clelland)
    https://github.com/w3c/webappsec-csp/issues/404 
  - #194 The `disown-opener` directive is not the right model (1 by annevk)
    https://github.com/w3c/webappsec-csp/issues/194 
  - #405 Resolving 'self' within srcdoc iframe (1 by annevk)
    https://github.com/w3c/webappsec-csp/issues/405 

  2 issues closed:
  - The `disown-opener` directive is not the right model https://github.com/w3c/webappsec-csp/issues/194 
  - I want all links on my website to be rel=noopener https://github.com/w3c/webappsec-csp/issues/316 

* w3c/webappsec-credential-management (+0/-0/💬1)
  1 issues received 1 new comments:
  - #135 feature policy for the various credential types: per-credential?  all-included? (1 by equalsJeffH)
    https://github.com/w3c/webappsec-credential-management/issues/135 [enhancement] 

* w3c/permissions (+0/-0/💬6)
  1 issues received 6 new comments:
  - #185 Allow Feature Policy-based permission models (6 by jyasskin, raymeskhoury, jan-ivar)
    https://github.com/w3c/permissions/issues/185 

* w3c/webappsec-feature-policy (+1/-0/💬5)
  1 issues created:
  - HTTP headers not registered with IANA (by clelland)
    https://github.com/w3c/webappsec-feature-policy/issues/331 

  2 issues received 5 new comments:
  - #230 Need to define how 'src' works with sandboxed frames (4 by annevk, clelland, bzbarsky)
    https://github.com/w3c/webappsec-feature-policy/issues/230 [definition] 
  - #331 HTTP headers not registered with IANA (1 by annevk)
    https://github.com/w3c/webappsec-feature-policy/issues/331 

* w3c/webappsec-fetch-metadata (+0/-0/💬3)
  1 issues received 3 new comments:
  - #37 Handling iframing via <embed> / <object> (3 by annevk, mikewest)
    https://github.com/w3c/webappsec-fetch-metadata/issues/37 

* WICG/trusted-types (+1/-6/💬11)
  1 issues created:
  - Finalize the integrations that guard eval & Function.constructor (by koto)
    https://github.com/WICG/trusted-types/issues/207 [tc39] 

  10 issues received 11 new comments:
  - #120 Polyfilling HostEnsureCanCompileStrings (2 by koto, mikesamuel)
    https://github.com/WICG/trusted-types/issues/120 [polyfill] 
  - #96 Facilitate creating trusted types from string literals (1 by koto)
    https://github.com/WICG/trusted-types/issues/96 
  - #176 Putting guards at primitives instead of sinks (1 by koto)
    https://github.com/WICG/trusted-types/issues/176 [spec] 
  - #49 Consider implicit node / subtree adoption (1 by koto)
    https://github.com/WICG/trusted-types/issues/49 [security] [spec] 
  - #6 Handling of dependent types (1 by koto)
    https://github.com/WICG/trusted-types/issues/6 [security] [spec] 
  - #177 Rename the factory as available on window to window.trustedTypes. (1 by koto)
    https://github.com/WICG/trusted-types/issues/177 [polyfill] [spec] 
  - #47 Cross context node copies (1 by koto)
    https://github.com/WICG/trusted-types/issues/47 [security] [spec] 
  - #144 adjustments to HostEnsureCanCompileStrings discard value (1 by koto)
    https://github.com/WICG/trusted-types/issues/144 [spec] 
  - #152 Allow for limiting the sinks that a type can be used for (1 by koto)
    https://github.com/WICG/trusted-types/issues/152 [spec] 
  - #117 Should we guard module imports? (1 by koto)
    https://github.com/WICG/trusted-types/issues/117 [spec] 

  6 issues closed:
  - adjustments to HostEnsureCanCompileStrings discard value https://github.com/WICG/trusted-types/issues/144 [spec] 
  - Allow for limiting the sinks that a type can be used for https://github.com/WICG/trusted-types/issues/152 [spec] 
  - Handling of dependent types https://github.com/WICG/trusted-types/issues/6 [security] [spec] 
  - Make default policy available to tools https://github.com/WICG/trusted-types/issues/185 [polyfill] [spec] 
  - Rename the factory as available on window to window.trustedTypes. https://github.com/WICG/trusted-types/issues/177 [polyfill] [spec] 
  - Consider implicit node / subtree adoption https://github.com/WICG/trusted-types/issues/49 [security] [spec] 



Pull requests
-------------
* w3c/webappsec-feature-policy (+2/-3/💬1)
  2 pull requests submitted:
  - Add `webauthn` feature (fix #306) (by Malvoz)
    https://github.com/w3c/webappsec-feature-policy/pull/330 
  - Fix broken link to Page Lifecycle's feature-policies (by Malvoz)
    https://github.com/w3c/webappsec-feature-policy/pull/329 

  1 pull requests received 1 new comments:
  - #329 Fix broken link to Page Lifecycle's feature-policies (1 by clelland)
    https://github.com/w3c/webappsec-feature-policy/pull/329 

  3 pull requests merged:
  - Create document-policy-explainer.md
    https://github.com/w3c/webappsec-feature-policy/pull/328 
  - Add `webauthn` feature (fix #306)
    https://github.com/w3c/webappsec-feature-policy/pull/330 
  - Fix broken link to Page Lifecycle's feature-policies
    https://github.com/w3c/webappsec-feature-policy/pull/329 

* WICG/trusted-types (+5/-4/💬5)
  5 pull requests submitted:
  - Small changes to the spec. (by koto)
    https://github.com/WICG/trusted-types/pull/208 
  - Add trustedTypes.defaultPolicy getter. Fixes #184. (by koto)
    https://github.com/WICG/trusted-types/pull/206 
  - Renamed window.TrustedTypes to window.trustedTypes (by koto)
    https://github.com/WICG/trusted-types/pull/205 
  - Replace TrustedURL with calling a default policy on navigation to javascript: URLs. (by koto)
    https://github.com/WICG/trusted-types/pull/204 
  - Added the sink parameter to default policy call. (by koto)
    https://github.com/WICG/trusted-types/pull/203 

  5 pull requests received 5 new comments:
  - #171 Removed getExposedPolicy() and the exposed flag from createPolicy(). (1 by koto)
    https://github.com/WICG/trusted-types/pull/171 
  - #199 Added enforcement for SVG sinks. (1 by koto)
    https://github.com/WICG/trusted-types/pull/199 
  - #200 Trimming the violating value to 40 characters, not the whole sample. (1 by koto)
    https://github.com/WICG/trusted-types/pull/200 
  - #203 Added the sink parameter to default policy call. (1 by koto)
    https://github.com/WICG/trusted-types/pull/203 
  - #206 Add trustedTypes.defaultPolicy getter. Fixes #185. (1 by koto)
    https://github.com/WICG/trusted-types/pull/206 

  4 pull requests merged:
  - Small changes to the spec.
    https://github.com/WICG/trusted-types/pull/208 
  - Add trustedTypes.defaultPolicy getter. Fixes #185.
    https://github.com/WICG/trusted-types/pull/206 
  - Renamed window.TrustedTypes to window.trustedTypes
    https://github.com/WICG/trusted-types/pull/205 
  - Added the sink parameter to default policy call.
    https://github.com/WICG/trusted-types/pull/203 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-feature-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/WICG/trusted-types
Received on Monday, 12 August 2019 17:00:22 UTC