Weekly github digest (WebAppSec specs)

Issues
------
* w3c/webappsec (+0/-1/šŸ’¬4)
  2 issues received 4 new comments:
  - #538 Distrusting the web server (3 by leo-lb, Malvoz, mischmerz)
    https://github.com/w3c/webappsec/issues/538 
  - #550 Adopt Fetch Metadata as a deliverable. (1 by wseltzer)
    https://github.com/w3c/webappsec/issues/550 [CfC] 

  1 issues closed:
  - Adopt Fetch Metadata as a deliverable. https://github.com/w3c/webappsec/issues/550 [CfC] 

* w3c/webappsec-csp (+0/-0/šŸ’¬1)
  1 issues received 1 new comments:
  - #394 Consider removing plugin-types (1 by Sora2455)
    https://github.com/w3c/webappsec-csp/issues/394 

* w3c/webappsec-mixed-content (+0/-1/šŸ’¬0)
  1 issues closed:
  - Definition of "unauthenticated response" actually defining "authenticated response"? https://github.com/w3c/webappsec-mixed-content/issues/19 

* w3c/permissions (+1/-1/šŸ’¬1)
  1 issues created:
  - tcp/udp permission (by jimmywarting)
    https://github.com/w3c/permissions/issues/195 

  1 issues received 1 new comments:
  - #195 tcp/udp permission (1 by marcoscaceres)
    https://github.com/w3c/permissions/issues/195 

  1 issues closed:
  - tcp/udp permission https://github.com/w3c/permissions/issues/195 

* w3c/webappsec-feature-policy (+1/-1/šŸ’¬5)
  1 issues created:
  - "All" directive should be a possible feature name (by emilfihlman)
    https://github.com/w3c/webappsec-feature-policy/issues/327 

  3 issues received 5 new comments:
  - #327 "All" directive should be a possible feature name (3 by igrigorik, emilfihlman, clelland)
    https://github.com/w3c/webappsec-feature-policy/issues/327 
  - #296 Dividing features across different types of policies (1 by clelland)
    https://github.com/w3c/webappsec-feature-policy/issues/296 [architecture] 
  - #189 Proposal: define default for all (1 by clelland)
    https://github.com/w3c/webappsec-feature-policy/issues/189 [feature question] 

  1 issues closed:
  - "All" directive should be a possible feature name https://github.com/w3c/webappsec-feature-policy/issues/327 

* w3c/webappsec-fetch-metadata (+0/-1/šŸ’¬3)
  1 issues received 3 new comments:
  - #35 Decide on the proper `mode' value for CORS preflight requests (3 by annevk, mikewest)
    https://github.com/w3c/webappsec-fetch-metadata/issues/35 

  1 issues closed:
  - Decide on the proper `mode' value for CORS preflight requests https://github.com/w3c/webappsec-fetch-metadata/issues/35 

* WICG/trusted-types (+1/-9/šŸ’¬10)
  1 issues created:
  - Remove TrustedURL requirement for non-navigational sinks. (by koto)
    https://github.com/WICG/trusted-types/issues/192 

  10 issues received 10 new comments:
  - #1 Suggestion: Use different switch/flag than CSP (1 by koto)
    https://github.com/WICG/trusted-types/issues/1 [spec] 
  - #66 Per-type enforcement (1 by koto)
    https://github.com/WICG/trusted-types/issues/66 [spec] 
  - #131 Add additional context to the default policy invocations (1 by koto)
    https://github.com/WICG/trusted-types/issues/131 [spec] 
  - #178 Define rules for TT when multiple headers are present (1 by koto)
    https://github.com/WICG/trusted-types/issues/178 [spec] 
  - #47 Cross context node copies (1 by koto)
    https://github.com/WICG/trusted-types/issues/47 [security] [spec] 
  - #50 Figure out what to do with cross-document interactions (1 by koto)
    https://github.com/WICG/trusted-types/issues/50 [spec] 
  - #182 Finalize the header syntax (1 by koto)
    https://github.com/WICG/trusted-types/issues/182 [spec] 
  - #184 Specify the violation events (1 by koto)
    https://github.com/WICG/trusted-types/issues/184 [polyfill] [spec] 
  - #185 Make default policy available to tools (1 by koto)
    https://github.com/WICG/trusted-types/issues/185 
  - #190 Add a target suitable for nodejs. (1 by mikesamuel)
    https://github.com/WICG/trusted-types/issues/190 [polyfill] 

  9 issues closed:
  - Consider metadata API; building blocks for HTML sanitizers https://github.com/WICG/trusted-types/issues/43 [spec] 
  - Add additional context to the default policy invocations https://github.com/WICG/trusted-types/issues/131 [polyfill] [spec] 
  - Per-type enforcement https://github.com/WICG/trusted-types/issues/66 [spec] 
  - Suggestion: Use different switch/flag than CSP https://github.com/WICG/trusted-types/issues/1 [spec] 
  - Cross context node copies https://github.com/WICG/trusted-types/issues/47 [security] [spec] 
  - Figure out what to do with cross-document interactions https://github.com/WICG/trusted-types/issues/50 [spec] 
  - Define rules for TT when multiple headers are present https://github.com/WICG/trusted-types/issues/178 [spec] 
  - Finalize the header syntax https://github.com/WICG/trusted-types/issues/182 [spec] 
  - Specify the violation events https://github.com/WICG/trusted-types/issues/184 [polyfill] [spec] 



Pull requests
-------------
* w3c/webappsec-mixed-content (+1/-2/šŸ’¬3)
  1 pull requests submitted:
  - Add MIX level 2 skeleton (by estark37)
    https://github.com/w3c/webappsec-mixed-content/pull/21 

  1 pull requests received 3 new comments:
  - #21 Add MIX level 2 skeleton (3 by mikewest, estark37)
    https://github.com/w3c/webappsec-mixed-content/pull/21 

  2 pull requests merged:
  - Fix typo in "unauthenticated response" definition.
    https://github.com/w3c/webappsec-mixed-content/pull/20 
  - Add MIX level 2 skeleton
    https://github.com/w3c/webappsec-mixed-content/pull/21 

* w3c/webappsec-feature-policy (+2/-2/šŸ’¬2)
  2 pull requests submitted:
  - Change same-origin-domain check to same-origin. (by clelland)
    https://github.com/w3c/webappsec-feature-policy/pull/326 
  - Remove algorithms no longer needed (by dtapuska)
    https://github.com/w3c/webappsec-feature-policy/pull/325 

  1 pull requests received 2 new comments:
  - #325 Remove algorithms no longer needed (2 by dtapuska, clelland)
    https://github.com/w3c/webappsec-feature-policy/pull/325 

  2 pull requests merged:
  - Remove algorithms no longer needed
    https://github.com/w3c/webappsec-feature-policy/pull/325 
  - Expose new algorithms to create a Feature Policy before document is cā€¦
    https://github.com/w3c/webappsec-feature-policy/pull/324 

* WICG/trusted-types (+6/-6/šŸ’¬0)
  6 pull requests submitted:
  - Added get{Property|Attribute}Type definition. (by koto)
    https://github.com/WICG/trusted-types/pull/197 
  - Updated the dependencies. (by koto)
    https://github.com/WICG/trusted-types/pull/196 
  - Allowed the policy create* functions to accept multiple arguments (the first one will be stringified). (by koto)
    https://github.com/WICG/trusted-types/pull/195 
  - Specified the sink names to use for violation events. (by koto)
    https://github.com/WICG/trusted-types/pull/194 
  - Editorial changes. (by koto)
    https://github.com/WICG/trusted-types/pull/193 
  - Rewrote the spec to integrate the header with CSP (by koto)
    https://github.com/WICG/trusted-types/pull/191 

  6 pull requests merged:
  - Added get{Property|Attribute}Type definition.
    https://github.com/WICG/trusted-types/pull/197 
  - Updated the dependencies.
    https://github.com/WICG/trusted-types/pull/196 
  - Allowed the policy create* functions to accept multiple arguments (the first one will be stringified).
    https://github.com/WICG/trusted-types/pull/195 
  - Specified the sink names to use for violation events.
    https://github.com/WICG/trusted-types/pull/194 
  - Editorial changes.
    https://github.com/WICG/trusted-types/pull/193 
  - Rewrote the spec to integrate the header with CSP
    https://github.com/WICG/trusted-types/pull/191 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-feature-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/WICG/trusted-types

Received on Monday, 22 July 2019 17:00:19 UTC