- From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
- Date: Mon, 22 Jul 2019 17:00:16 +0000
- To: public-webappsec@w3.org
- Message-Id: <E1hpbfc-0005aZ-0m@uranus.w3.org>
Issues
------
* w3c/webappsec (+0/-1/š¬4)
2 issues received 4 new comments:
- #538 Distrusting the web server (3 by leo-lb, Malvoz, mischmerz)
https://github.com/w3c/webappsec/issues/538
- #550 Adopt Fetch Metadata as a deliverable. (1 by wseltzer)
https://github.com/w3c/webappsec/issues/550 [CfC]
1 issues closed:
- Adopt Fetch Metadata as a deliverable. https://github.com/w3c/webappsec/issues/550 [CfC]
* w3c/webappsec-csp (+0/-0/š¬1)
1 issues received 1 new comments:
- #394 Consider removing plugin-types (1 by Sora2455)
https://github.com/w3c/webappsec-csp/issues/394
* w3c/webappsec-mixed-content (+0/-1/š¬0)
1 issues closed:
- Definition of "unauthenticated response" actually defining "authenticated response"? https://github.com/w3c/webappsec-mixed-content/issues/19
* w3c/permissions (+1/-1/š¬1)
1 issues created:
- tcp/udp permission (by jimmywarting)
https://github.com/w3c/permissions/issues/195
1 issues received 1 new comments:
- #195 tcp/udp permission (1 by marcoscaceres)
https://github.com/w3c/permissions/issues/195
1 issues closed:
- tcp/udp permission https://github.com/w3c/permissions/issues/195
* w3c/webappsec-feature-policy (+1/-1/š¬5)
1 issues created:
- "All" directive should be a possible feature name (by emilfihlman)
https://github.com/w3c/webappsec-feature-policy/issues/327
3 issues received 5 new comments:
- #327 "All" directive should be a possible feature name (3 by igrigorik, emilfihlman, clelland)
https://github.com/w3c/webappsec-feature-policy/issues/327
- #296 Dividing features across different types of policies (1 by clelland)
https://github.com/w3c/webappsec-feature-policy/issues/296 [architecture]
- #189 Proposal: define default for all (1 by clelland)
https://github.com/w3c/webappsec-feature-policy/issues/189 [feature question]
1 issues closed:
- "All" directive should be a possible feature name https://github.com/w3c/webappsec-feature-policy/issues/327
* w3c/webappsec-fetch-metadata (+0/-1/š¬3)
1 issues received 3 new comments:
- #35 Decide on the proper `mode' value for CORS preflight requests (3 by annevk, mikewest)
https://github.com/w3c/webappsec-fetch-metadata/issues/35
1 issues closed:
- Decide on the proper `mode' value for CORS preflight requests https://github.com/w3c/webappsec-fetch-metadata/issues/35
* WICG/trusted-types (+1/-9/š¬10)
1 issues created:
- Remove TrustedURL requirement for non-navigational sinks. (by koto)
https://github.com/WICG/trusted-types/issues/192
10 issues received 10 new comments:
- #1 Suggestion: Use different switch/flag than CSP (1 by koto)
https://github.com/WICG/trusted-types/issues/1 [spec]
- #66 Per-type enforcement (1 by koto)
https://github.com/WICG/trusted-types/issues/66 [spec]
- #131 Add additional context to the default policy invocations (1 by koto)
https://github.com/WICG/trusted-types/issues/131 [spec]
- #178 Define rules for TT when multiple headers are present (1 by koto)
https://github.com/WICG/trusted-types/issues/178 [spec]
- #47 Cross context node copies (1 by koto)
https://github.com/WICG/trusted-types/issues/47 [security] [spec]
- #50 Figure out what to do with cross-document interactions (1 by koto)
https://github.com/WICG/trusted-types/issues/50 [spec]
- #182 Finalize the header syntax (1 by koto)
https://github.com/WICG/trusted-types/issues/182 [spec]
- #184 Specify the violation events (1 by koto)
https://github.com/WICG/trusted-types/issues/184 [polyfill] [spec]
- #185 Make default policy available to tools (1 by koto)
https://github.com/WICG/trusted-types/issues/185
- #190 Add a target suitable for nodejs. (1 by mikesamuel)
https://github.com/WICG/trusted-types/issues/190 [polyfill]
9 issues closed:
- Consider metadata API; building blocks for HTML sanitizers https://github.com/WICG/trusted-types/issues/43 [spec]
- Add additional context to the default policy invocations https://github.com/WICG/trusted-types/issues/131 [polyfill] [spec]
- Per-type enforcement https://github.com/WICG/trusted-types/issues/66 [spec]
- Suggestion: Use different switch/flag than CSP https://github.com/WICG/trusted-types/issues/1 [spec]
- Cross context node copies https://github.com/WICG/trusted-types/issues/47 [security] [spec]
- Figure out what to do with cross-document interactions https://github.com/WICG/trusted-types/issues/50 [spec]
- Define rules for TT when multiple headers are present https://github.com/WICG/trusted-types/issues/178 [spec]
- Finalize the header syntax https://github.com/WICG/trusted-types/issues/182 [spec]
- Specify the violation events https://github.com/WICG/trusted-types/issues/184 [polyfill] [spec]
Pull requests
-------------
* w3c/webappsec-mixed-content (+1/-2/š¬3)
1 pull requests submitted:
- Add MIX level 2 skeleton (by estark37)
https://github.com/w3c/webappsec-mixed-content/pull/21
1 pull requests received 3 new comments:
- #21 Add MIX level 2 skeleton (3 by mikewest, estark37)
https://github.com/w3c/webappsec-mixed-content/pull/21
2 pull requests merged:
- Fix typo in "unauthenticated response" definition.
https://github.com/w3c/webappsec-mixed-content/pull/20
- Add MIX level 2 skeleton
https://github.com/w3c/webappsec-mixed-content/pull/21
* w3c/webappsec-feature-policy (+2/-2/š¬2)
2 pull requests submitted:
- Change same-origin-domain check to same-origin. (by clelland)
https://github.com/w3c/webappsec-feature-policy/pull/326
- Remove algorithms no longer needed (by dtapuska)
https://github.com/w3c/webappsec-feature-policy/pull/325
1 pull requests received 2 new comments:
- #325 Remove algorithms no longer needed (2 by dtapuska, clelland)
https://github.com/w3c/webappsec-feature-policy/pull/325
2 pull requests merged:
- Remove algorithms no longer needed
https://github.com/w3c/webappsec-feature-policy/pull/325
- Expose new algorithms to create a Feature Policy before document is cā¦
https://github.com/w3c/webappsec-feature-policy/pull/324
* WICG/trusted-types (+6/-6/š¬0)
6 pull requests submitted:
- Added get{Property|Attribute}Type definition. (by koto)
https://github.com/WICG/trusted-types/pull/197
- Updated the dependencies. (by koto)
https://github.com/WICG/trusted-types/pull/196
- Allowed the policy create* functions to accept multiple arguments (the first one will be stringified). (by koto)
https://github.com/WICG/trusted-types/pull/195
- Specified the sink names to use for violation events. (by koto)
https://github.com/WICG/trusted-types/pull/194
- Editorial changes. (by koto)
https://github.com/WICG/trusted-types/pull/193
- Rewrote the spec to integrate the header with CSP (by koto)
https://github.com/WICG/trusted-types/pull/191
6 pull requests merged:
- Added get{Property|Attribute}Type definition.
https://github.com/WICG/trusted-types/pull/197
- Updated the dependencies.
https://github.com/WICG/trusted-types/pull/196
- Allowed the policy create* functions to accept multiple arguments (the first one will be stringified).
https://github.com/WICG/trusted-types/pull/195
- Specified the sink names to use for violation events.
https://github.com/WICG/trusted-types/pull/194
- Editorial changes.
https://github.com/WICG/trusted-types/pull/193
- Rewrote the spec to integrate the header with CSP
https://github.com/WICG/trusted-types/pull/191
Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-feature-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/WICG/trusted-types
Received on Monday, 22 July 2019 17:00:19 UTC