Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2019-12-16 (public-webappsec@w3.org from December 2019)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 16 Dec 2019 17:00:26 +0000
To: public-webappsec@w3.org
Message-Id: <E1igtjO-0002GZ-0k@uranus.w3.org>
Issues
------
* w3c/webappsec-subresource-integrity (+2/-0/💬6)
  2 issues created:
  - Consideration: Allow integrity-check based on signature instead of actual hash (by NL-William)
    https://github.com/w3c/webappsec-subresource-integrity/issues/85 
  - The algorithm for parsing metadata should be described in more detail (by baek9)
    https://github.com/w3c/webappsec-subresource-integrity/issues/84 

  3 issues received 6 new comments:
  - #84 The algorithm for parsing metadata should be described in more detail (3 by annevk, baek9)
    https://github.com/w3c/webappsec-subresource-integrity/issues/84 
  - #83 Relationship to Digest header (2 by LPardue, mikewest)
    https://github.com/w3c/webappsec-subresource-integrity/issues/83 
  - #44 Extend SRI to support integrity metadata on inline script/style blocks (1 by mikewest)
    https://github.com/w3c/webappsec-subresource-integrity/issues/44 [feature-request] 

* w3c/webappsec-csp (+1/-0/💬0)
  1 issues created:
  - Add version number and allow to set 'non-backwards compatible' mode (by NL-William)
    https://github.com/w3c/webappsec-csp/issues/416 

* w3c/permissions (+0/-0/💬2)
  1 issues received 2 new comments:
  - #194 Consider making `request-permission-to-use` aware of user activation (2 by beaufortfrancois, mustaqahmed)
    https://github.com/w3c/permissions/issues/194 

* w3c/webappsec-feature-policy (+0/-0/💬15)
  2 issues received 15 new comments:
  - #359 Renaming Feature Policy (14 by annevk, clelland, foolip, jan-ivar)
    https://github.com/w3c/webappsec-feature-policy/issues/359 
  - #183 Where is https://github.com/WICG/feature-policy/blob/gh-pages/features.md#sensor-features (1 by rajktariya)
    https://github.com/w3c/webappsec-feature-policy/issues/183 

* w3c/webappsec-fetch-metadata (+0/-0/💬6)
  1 issues received 6 new comments:
  - #51 Header name "destination" may confuse developers (6 by annevk, jugglinmike, zcorpan)
    https://github.com/w3c/webappsec-fetch-metadata/issues/51 

* WICG/trusted-types (+2/-1/💬14)
  2 issues created:
  - Set slot values when called directly by the parser (by koto)
    https://github.com/w3c/webappsec-trusted-types/issues/252 
  - Alternative Options for Default Policy. (by otherdaniel)
    https://github.com/w3c/webappsec-trusted-types/issues/248 

  4 issues received 14 new comments:
  - #248 Alternative Options for Default Policy. (11 by annevk, domenic, koto, mikewest, otherdaniel)
    https://github.com/w3c/webappsec-trusted-types/issues/248 
  - #246 "require-trusted-types-for Pre-Navigation check" versus "Get Trusted Type compliant string" (1 by koto)
    https://github.com/w3c/webappsec-trusted-types/issues/246 
  - #238 Possible trustedTypes bypass when assigning to script.innerHTML (1 by koto)
    https://github.com/w3c/webappsec-trusted-types/issues/238 
  - #234 Navigating to plugins (1 by koto)
    https://github.com/w3c/webappsec-trusted-types/issues/234 

  1 issues closed:
  - Consider adding TT.emptyScript https://github.com/w3c/webappsec-trusted-types/issues/218 [polyfill] [spec] 



Pull requests
-------------
* w3c/webappsec-subresource-integrity (+1/-0/💬0)
  1 pull requests submitted:
  - Apply integrity checks to inline script and style blocks. (by mikewest)
    https://github.com/w3c/webappsec-subresource-integrity/pull/86 

* w3c/permissions (+0/-0/💬3)
  1 pull requests received 3 new comments:
  - #202 Add periodic-background-sync enum and description. (3 by hober, marcoscaceres, mugdhalakhani)
    https://github.com/w3c/permissions/pull/202 [BLOCKED] 

* WICG/trusted-types (+3/-3/💬0)
  3 pull requests submitted:
  - Add trustedTypes.emptyScript. (by koto)
    https://github.com/w3c/webappsec-trusted-types/pull/251 
  - Editorial: Simplify the pre-navigation check algorithm. (by koto)
    https://github.com/w3c/webappsec-trusted-types/pull/250 
  - Bugifx: Allow all policies in the enforcing polyfill if trusted-types… (by koto)
    https://github.com/w3c/webappsec-trusted-types/pull/249 

  3 pull requests merged:
  - Add trustedTypes.emptyScript.
    https://github.com/w3c/webappsec-trusted-types/pull/251 
  - Editorial: Simplify the pre-navigation check algorithm.
    https://github.com/w3c/webappsec-trusted-types/pull/250 
  - Bugifx: Allow all policies in the enforcing polyfill if trusted-types…
    https://github.com/w3c/webappsec-trusted-types/pull/249 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-feature-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/WICG/trusted-types
* https://github.com/w3c/webappsec-unofficial-drafts
Received on Monday, 16 December 2019 17:00:29 UTC