Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2019-02-04 (public-webappsec@w3.org from February 2019)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 04 Feb 2019 17:00:22 +0000
To: public-webappsec@w3.org
Message-Id: <E1gqhba-0007CC-8q@uranus.w3.org>
Issues
------
* w3c/webappsec (+0/-0/💬10)
  1 issues received 10 new comments:
  - #543 Prevent programmatic focus in iframe (10 by annevk, dveditz, clelland, Malvoz, marian-r)
    https://github.com/w3c/webappsec/issues/543 

* w3c/webappsec-subresource-integrity (+0/-1/💬2)
  1 issues received 2 new comments:
  - #59 <script type=module> (2 by annevk, dveditz)
    https://github.com/w3c/webappsec-subresource-integrity/issues/59 

  1 issues closed:
  - <script type=module> https://github.com/w3c/webappsec-subresource-integrity/issues/59 

* w3c/webappsec-csp (+2/-2/💬4)
  2 issues created:
  - Effective directive routes non-script-like request through script-src-elem (by notriddle)
    https://github.com/w3c/webappsec-csp/issues/382 
  - get fetch directive fallback list: image-src should be img-src (by notriddle)
    https://github.com/w3c/webappsec-csp/issues/381 

  3 issues received 4 new comments:
  - #381 get fetch directive fallback list: image-src should be img-src (2 by notriddle, gapple)
    https://github.com/w3c/webappsec-csp/issues/381 
  - #243 Any protection against dynamic module import? (1 by koto)
    https://github.com/w3c/webappsec-csp/issues/243 
  - #382 Effective directive routes non-script-like request through script-src-elem (1 by notriddle)
    https://github.com/w3c/webappsec-csp/issues/382 

  2 issues closed:
  - get fetch directive fallback list: image-src should be img-src https://github.com/w3c/webappsec-csp/issues/381 
  - Effective directive routes non-script-like request through script-src-elem https://github.com/w3c/webappsec-csp/issues/382 

* w3c/webappsec-mixed-content (+1/-0/💬2)
  1 issues created:
  - Clarify mixed content behavior for access to origins in CIDR 127.0.0.0/8 or ::1/128  (by seemant)
    https://github.com/w3c/webappsec-mixed-content/issues/17 

  1 issues received 2 new comments:
  - #17 Clarify mixed content behavior for access to origins in CIDR 127.0.0.0/8 or ::1/128  (2 by annevk, seemant)
    https://github.com/w3c/webappsec-mixed-content/issues/17 

* w3c/webappsec-credential-management (+1/-0/💬0)
  1 issues created:
  - FormData creation in "Create a PasswordCredential from an HTMLFormElement" (by tkent-google)
    https://github.com/w3c/webappsec-credential-management/issues/132 

* w3c/webappsec-referrer-policy (+0/-0/💬1)
  1 issues received 1 new comments:
  - #95 what should the referer header be for a fetch() from a blob: URL worker script? (1 by kkaefer)
    https://github.com/w3c/webappsec-referrer-policy/issues/95 

* w3c/webappsec-secure-contexts (+0/-0/💬1)
  1 issues received 1 new comments:
  - #62 TAG Requesting Status (1 by mikewest)
    https://github.com/w3c/webappsec-secure-contexts/issues/62 

* w3c/webappsec-clear-site-data (+0/-0/💬1)
  1 issues received 1 new comments:
  - #54 Normative spec doesn't necessarily terminate service workers (1 by asakusuma)
    https://github.com/w3c/webappsec-clear-site-data/issues/54 

* w3c/webappsec-feature-policy (+2/-1/💬7)
  2 issues created:
  - Allowing cases where document.write is "ok" (by jakearchibald)
    https://github.com/w3c/webappsec-feature-policy/issues/274 
  - Prevent programmatic focus in iframe (by marian-r)
    https://github.com/w3c/webappsec-feature-policy/issues/273 

  3 issues received 7 new comments:
  - #193 Feature Policy: lazyload (5 by ehsan-karamad, triblondon)
    https://github.com/w3c/webappsec-feature-policy/issues/193 [proposed feature] 
  - #163 Proposal: Parameterized features (1 by triblondon)
    https://github.com/w3c/webappsec-feature-policy/issues/163 
  - #175 [Feature proposal] Spatial navigation (1 by jihyerish)
    https://github.com/w3c/webappsec-feature-policy/issues/175 [proposed feature] 

  1 issues closed:
  - Feature Policy: lazyload https://github.com/w3c/webappsec-feature-policy/issues/193 [proposed feature] 




Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-feature-policy
Received on Monday, 4 February 2019 17:00:24 UTC