- From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
- Date: Mon, 15 Jul 2019 17:00:13 +0000
- To: public-webappsec@w3.org
- Message-Id: <E1hn4Kj-0005aT-8P@uranus.w3.org>
Issues ------ * w3c/webappsec-csp (+0/-1/š¬7) 2 issues received 7 new comments: - #403 CSP domain.com vs domain.com/ with slash (6 by annevk, laukstein, dveditz) https://github.com/w3c/webappsec-csp/issues/403 - #7 CSP: connect-src 'self' and websockets (1 by Thesephi) https://github.com/w3c/webappsec-csp/issues/7 [CSP] 1 issues closed: - CSP domain.com vs domain.com/ with slash https://github.com/w3c/webappsec-csp/issues/403 * w3c/webappsec-feature-policy (+0/-3/š¬8) 5 issues received 8 new comments: - #250 What happened to the webrtc feature? (4 by lgrahl, clelland, Malvoz) https://github.com/w3c/webappsec-feature-policy/issues/250 [feature question] - #58 How vibrate will work with Feature Policy given the user gesture requirement? (1 by clelland) https://github.com/w3c/webappsec-feature-policy/issues/58 [feature question] - #154 Explicit export/definition for "payment" (1 by clelland) https://github.com/w3c/webappsec-feature-policy/issues/154 [feedback] - #230 Need to define how 'src' works with sandboxed frames (1 by clelland) https://github.com/w3c/webappsec-feature-policy/issues/230 [definition] - #45 Provide example(s) of enabling disabled-by-default feature(s) (1 by clelland) https://github.com/w3c/webappsec-feature-policy/issues/45 [feedback] 3 issues closed: - Explicit export/definition for "payment" https://github.com/w3c/webappsec-feature-policy/issues/154 [feedback] - How vibrate will work with Feature Policy given the user gesture requirement? https://github.com/w3c/webappsec-feature-policy/issues/58 [feature question] - Provide example(s) of enabling disabled-by-default feature(s) https://github.com/w3c/webappsec-feature-policy/issues/45 [feedback] * w3c/webappsec-fetch-metadata (+0/-0/š¬2) 1 issues received 2 new comments: - #36 Sec-Fetch-Site for service worker update request (2 by arturjanc, makotoshimazu) https://github.com/w3c/webappsec-fetch-metadata/issues/36 * WICG/trusted-types (+1/-3/š¬8) 1 issues created: - Add a target suitable for nodejs. (by koto) https://github.com/WICG/trusted-types/issues/190 [polyfill] 5 issues received 8 new comments: - #190 Add a target suitable for nodejs. (3 by koto) https://github.com/WICG/trusted-types/issues/190 [polyfill] - #117 Should we guard module imports? (2 by mikesamuel) https://github.com/WICG/trusted-types/issues/117 [spec] - #64 Bypass via HTMLAnchorElement properties (1 by koto) https://github.com/WICG/trusted-types/issues/64 [security] - #139 Handle srcset attributes (1 by koto) https://github.com/WICG/trusted-types/issues/139 [spec] - #178 Define rules for TT when multiple headers are present (1 by koto) https://github.com/WICG/trusted-types/issues/178 [spec] 3 issues closed: - Bypass via insertAdjacentText https://github.com/WICG/trusted-types/issues/133 [spec] - Handle srcset attributes https://github.com/WICG/trusted-types/issues/139 [spec] - Clarify interaction between unsafe-eval and TrustedScript. https://github.com/WICG/trusted-types/issues/143 Pull requests ------------- * w3c/webappsec-feature-policy (+2/-0/š¬0) 2 pull requests submitted: - Expose new algorithms to create a Feature Policy before document is cā¦ (by dtapuska) https://github.com/w3c/webappsec-feature-policy/pull/324 - Add `display-capture` feature (by Malvoz) https://github.com/w3c/webappsec-feature-policy/pull/323 * WICG/trusted-types (+3/-4/š¬1) 3 pull requests submitted: - Fix for #133. (by koto) https://github.com/WICG/trusted-types/pull/189 - Fix the poisoned proto in tests. (by koto) https://github.com/WICG/trusted-types/pull/188 - Bugfix: Call the IE range hack on install(). (by koto) https://github.com/WICG/trusted-types/pull/187 1 pull requests received 1 new comments: - #140 enforcement for `<img srcset>` (1 by koto) https://github.com/WICG/trusted-types/pull/140 4 pull requests merged: - Protect text node manipulation under script elements. Fixes #133. https://github.com/WICG/trusted-types/pull/189 - Fix the poisoned proto in tests. https://github.com/WICG/trusted-types/pull/188 - Bugfix: Call the IE range hack on install(). https://github.com/WICG/trusted-types/pull/187 - Rewrote CSP & EcmaScript integration https://github.com/WICG/trusted-types/pull/170 Repositories tracked by this digest: ----------------------------------- * https://github.com/w3c/webappsec * https://github.com/w3c/webappsec-subresource-integrity * https://github.com/w3c/webappsec-csp * https://github.com/w3c/webappsec-mixed-content * https://github.com/w3c/webappsec-upgrade-insecure-requests * https://github.com/w3c/webappsec-credential-management * https://github.com/w3c/permissions * https://github.com/w3c/webappsec-referrer-policy * https://github.com/w3c/webappsec-secure-contexts * https://github.com/w3c/webappsec-clear-site-data * https://github.com/w3c/webappsec-cowl * https://github.com/w3c/webappsec-epr * https://github.com/w3c/webappsec-suborigins * https://github.com/w3c/webappsec-cspee * https://github.com/w3c/webappsec-feature-policy * https://github.com/w3c/webappsec-fetch-metadata * https://github.com/WICG/trusted-types
Received on Monday, 15 July 2019 17:00:15 UTC