- From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
- Date: Mon, 22 Jul 2019 17:00:16 +0000
- To: public-webappsec@w3.org
- Message-Id: <E1hpbfc-0005aZ-0m@uranus.w3.org>
Issues ------ * w3c/webappsec (+0/-1/š¬4) 2 issues received 4 new comments: - #538 Distrusting the web server (3 by leo-lb, Malvoz, mischmerz) https://github.com/w3c/webappsec/issues/538 - #550 Adopt Fetch Metadata as a deliverable. (1 by wseltzer) https://github.com/w3c/webappsec/issues/550 [CfC] 1 issues closed: - Adopt Fetch Metadata as a deliverable. https://github.com/w3c/webappsec/issues/550 [CfC] * w3c/webappsec-csp (+0/-0/š¬1) 1 issues received 1 new comments: - #394 Consider removing plugin-types (1 by Sora2455) https://github.com/w3c/webappsec-csp/issues/394 * w3c/webappsec-mixed-content (+0/-1/š¬0) 1 issues closed: - Definition of "unauthenticated response" actually defining "authenticated response"? https://github.com/w3c/webappsec-mixed-content/issues/19 * w3c/permissions (+1/-1/š¬1) 1 issues created: - tcp/udp permission (by jimmywarting) https://github.com/w3c/permissions/issues/195 1 issues received 1 new comments: - #195 tcp/udp permission (1 by marcoscaceres) https://github.com/w3c/permissions/issues/195 1 issues closed: - tcp/udp permission https://github.com/w3c/permissions/issues/195 * w3c/webappsec-feature-policy (+1/-1/š¬5) 1 issues created: - "All" directive should be a possible feature name (by emilfihlman) https://github.com/w3c/webappsec-feature-policy/issues/327 3 issues received 5 new comments: - #327 "All" directive should be a possible feature name (3 by igrigorik, emilfihlman, clelland) https://github.com/w3c/webappsec-feature-policy/issues/327 - #296 Dividing features across different types of policies (1 by clelland) https://github.com/w3c/webappsec-feature-policy/issues/296 [architecture] - #189 Proposal: define default for all (1 by clelland) https://github.com/w3c/webappsec-feature-policy/issues/189 [feature question] 1 issues closed: - "All" directive should be a possible feature name https://github.com/w3c/webappsec-feature-policy/issues/327 * w3c/webappsec-fetch-metadata (+0/-1/š¬3) 1 issues received 3 new comments: - #35 Decide on the proper `mode' value for CORS preflight requests (3 by annevk, mikewest) https://github.com/w3c/webappsec-fetch-metadata/issues/35 1 issues closed: - Decide on the proper `mode' value for CORS preflight requests https://github.com/w3c/webappsec-fetch-metadata/issues/35 * WICG/trusted-types (+1/-9/š¬10) 1 issues created: - Remove TrustedURL requirement for non-navigational sinks. (by koto) https://github.com/WICG/trusted-types/issues/192 10 issues received 10 new comments: - #1 Suggestion: Use different switch/flag than CSP (1 by koto) https://github.com/WICG/trusted-types/issues/1 [spec] - #66 Per-type enforcement (1 by koto) https://github.com/WICG/trusted-types/issues/66 [spec] - #131 Add additional context to the default policy invocations (1 by koto) https://github.com/WICG/trusted-types/issues/131 [spec] - #178 Define rules for TT when multiple headers are present (1 by koto) https://github.com/WICG/trusted-types/issues/178 [spec] - #47 Cross context node copies (1 by koto) https://github.com/WICG/trusted-types/issues/47 [security] [spec] - #50 Figure out what to do with cross-document interactions (1 by koto) https://github.com/WICG/trusted-types/issues/50 [spec] - #182 Finalize the header syntax (1 by koto) https://github.com/WICG/trusted-types/issues/182 [spec] - #184 Specify the violation events (1 by koto) https://github.com/WICG/trusted-types/issues/184 [polyfill] [spec] - #185 Make default policy available to tools (1 by koto) https://github.com/WICG/trusted-types/issues/185 - #190 Add a target suitable for nodejs. (1 by mikesamuel) https://github.com/WICG/trusted-types/issues/190 [polyfill] 9 issues closed: - Consider metadata API; building blocks for HTML sanitizers https://github.com/WICG/trusted-types/issues/43 [spec] - Add additional context to the default policy invocations https://github.com/WICG/trusted-types/issues/131 [polyfill] [spec] - Per-type enforcement https://github.com/WICG/trusted-types/issues/66 [spec] - Suggestion: Use different switch/flag than CSP https://github.com/WICG/trusted-types/issues/1 [spec] - Cross context node copies https://github.com/WICG/trusted-types/issues/47 [security] [spec] - Figure out what to do with cross-document interactions https://github.com/WICG/trusted-types/issues/50 [spec] - Define rules for TT when multiple headers are present https://github.com/WICG/trusted-types/issues/178 [spec] - Finalize the header syntax https://github.com/WICG/trusted-types/issues/182 [spec] - Specify the violation events https://github.com/WICG/trusted-types/issues/184 [polyfill] [spec] Pull requests ------------- * w3c/webappsec-mixed-content (+1/-2/š¬3) 1 pull requests submitted: - Add MIX level 2 skeleton (by estark37) https://github.com/w3c/webappsec-mixed-content/pull/21 1 pull requests received 3 new comments: - #21 Add MIX level 2 skeleton (3 by mikewest, estark37) https://github.com/w3c/webappsec-mixed-content/pull/21 2 pull requests merged: - Fix typo in "unauthenticated response" definition. https://github.com/w3c/webappsec-mixed-content/pull/20 - Add MIX level 2 skeleton https://github.com/w3c/webappsec-mixed-content/pull/21 * w3c/webappsec-feature-policy (+2/-2/š¬2) 2 pull requests submitted: - Change same-origin-domain check to same-origin. (by clelland) https://github.com/w3c/webappsec-feature-policy/pull/326 - Remove algorithms no longer needed (by dtapuska) https://github.com/w3c/webappsec-feature-policy/pull/325 1 pull requests received 2 new comments: - #325 Remove algorithms no longer needed (2 by dtapuska, clelland) https://github.com/w3c/webappsec-feature-policy/pull/325 2 pull requests merged: - Remove algorithms no longer needed https://github.com/w3c/webappsec-feature-policy/pull/325 - Expose new algorithms to create a Feature Policy before document is cā¦ https://github.com/w3c/webappsec-feature-policy/pull/324 * WICG/trusted-types (+6/-6/š¬0) 6 pull requests submitted: - Added get{Property|Attribute}Type definition. (by koto) https://github.com/WICG/trusted-types/pull/197 - Updated the dependencies. (by koto) https://github.com/WICG/trusted-types/pull/196 - Allowed the policy create* functions to accept multiple arguments (the first one will be stringified). (by koto) https://github.com/WICG/trusted-types/pull/195 - Specified the sink names to use for violation events. (by koto) https://github.com/WICG/trusted-types/pull/194 - Editorial changes. (by koto) https://github.com/WICG/trusted-types/pull/193 - Rewrote the spec to integrate the header with CSP (by koto) https://github.com/WICG/trusted-types/pull/191 6 pull requests merged: - Added get{Property|Attribute}Type definition. https://github.com/WICG/trusted-types/pull/197 - Updated the dependencies. https://github.com/WICG/trusted-types/pull/196 - Allowed the policy create* functions to accept multiple arguments (the first one will be stringified). https://github.com/WICG/trusted-types/pull/195 - Specified the sink names to use for violation events. https://github.com/WICG/trusted-types/pull/194 - Editorial changes. https://github.com/WICG/trusted-types/pull/193 - Rewrote the spec to integrate the header with CSP https://github.com/WICG/trusted-types/pull/191 Repositories tracked by this digest: ----------------------------------- * https://github.com/w3c/webappsec * https://github.com/w3c/webappsec-subresource-integrity * https://github.com/w3c/webappsec-csp * https://github.com/w3c/webappsec-mixed-content * https://github.com/w3c/webappsec-upgrade-insecure-requests * https://github.com/w3c/webappsec-credential-management * https://github.com/w3c/permissions * https://github.com/w3c/webappsec-referrer-policy * https://github.com/w3c/webappsec-secure-contexts * https://github.com/w3c/webappsec-clear-site-data * https://github.com/w3c/webappsec-cowl * https://github.com/w3c/webappsec-epr * https://github.com/w3c/webappsec-suborigins * https://github.com/w3c/webappsec-cspee * https://github.com/w3c/webappsec-feature-policy * https://github.com/w3c/webappsec-fetch-metadata * https://github.com/WICG/trusted-types
Received on Monday, 22 July 2019 17:00:19 UTC