W3C home > Mailing lists > Public > public-webappsec@w3.org > July 2019

Weekly github digest (WebAppSec specs)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 29 Jul 2019 17:00:15 +0000
To: public-webappsec@w3.org
Message-Id: <E1hs90R-0004Xa-Cy@uranus.w3.org>



Issues
------
* w3c/webappsec-csp (+2/-0/💬4)
  2 issues created:
  - Resolving 'self' within srcdoc iframe (by ckerschb)
    https://github.com/w3c/webappsec-csp/issues/405 
  - CSP HTTP headers not registered with IANA (by SmashManiac)
    https://github.com/w3c/webappsec-csp/issues/404 

  2 issues received 4 new comments:
  - #405 Resolving 'self' within srcdoc iframe (3 by bzbarsky, ckerschb)
    https://github.com/w3c/webappsec-csp/issues/405 
  - #404 CSP HTTP headers not registered with IANA (1 by Malvoz)
    https://github.com/w3c/webappsec-csp/issues/404 

* w3c/webappsec-referrer-policy (+0/-0/💬1)
  1 issues received 1 new comments:
  - #108 Referrer policy of referencing in SVG? (1 by Malvoz)
    https://github.com/w3c/webappsec-referrer-policy/issues/108 

* w3c/webappsec-feature-policy (+0/-2/💬6)
  5 issues received 6 new comments:
  - #85 Allow document.cookie and maybe Set-Cookie from the server to be controlled (2 by clelland, Malvoz)
    https://github.com/w3c/webappsec-feature-policy/issues/85 [feedback] [proposed feature] 
  - #299 Architecture discussion: Document Policies (1 by clelland)
    https://github.com/w3c/webappsec-feature-policy/issues/299 [architecture] 
  - #300 Architecture discussion: Sandbox policies (1 by clelland)
    https://github.com/w3c/webappsec-feature-policy/issues/300 [architecture] 
  - #282 Proposal: Define new feature types (1 by clelland)
    https://github.com/w3c/webappsec-feature-policy/issues/282 [architecture] 
  - #253 Should document.domain setter be considered different than 'self' ? (1 by clelland)
    https://github.com/w3c/webappsec-feature-policy/issues/253 [architecture] 

  2 issues closed:
  - Should document.domain setter be considered different than 'self' ? https://github.com/w3c/webappsec-feature-policy/issues/253 [architecture] 
  - Architecture discussion: Document Policies https://github.com/w3c/webappsec-feature-policy/issues/299 [architecture] 

* WICG/trusted-types (+0/-3/💬1)
  1 issues received 1 new comments:
  - #104 Why is there no type for style / CSS? (1 by koto)
    https://github.com/WICG/trusted-types/issues/104 [spec] 

  3 issues closed:
  - Why is there no type for style / CSS? https://github.com/WICG/trusted-types/issues/104 [spec] 
  - Specify the enforcement for non HTML namespaces https://github.com/WICG/trusted-types/issues/183 [spec] 
  - Remove TrustedURL requirement for non-navigational sinks. https://github.com/WICG/trusted-types/issues/192 [polyfill] [spec] 



Pull requests
-------------
* w3c/webappsec-feature-policy (+1/-1/💬1)
  1 pull requests submitted:
  - Create document-policy-explainer.md (by clelland)
    https://github.com/w3c/webappsec-feature-policy/pull/328 

  1 pull requests received 1 new comments:
  - #328 Create document-policy-explainer.md (1 by clelland)
    https://github.com/w3c/webappsec-feature-policy/pull/328 

  1 pull requests merged:
  - Change same-origin-domain check to same-origin.
    https://github.com/w3c/webappsec-feature-policy/pull/326 

* WICG/trusted-types (+5/-5/💬0)
  5 pull requests submitted:
  - Added text to security considerations. (by koto)
    https://github.com/WICG/trusted-types/pull/202 
  - Added non-goals and use cases. (by koto)
    https://github.com/WICG/trusted-types/pull/201 
  - Trimming the violating value to 40 characters, not the whole sample. (by koto)
    https://github.com/WICG/trusted-types/pull/200 
  - Added enforcement for SVG sinks. (by koto)
    https://github.com/WICG/trusted-types/pull/199 
  - Removed TrustedURL for non-navigational sinks. (by koto)
    https://github.com/WICG/trusted-types/pull/198 

  5 pull requests merged:
  - Added text to security considerations.
    https://github.com/WICG/trusted-types/pull/202 
  - Added non-goals and use cases.
    https://github.com/WICG/trusted-types/pull/201 
  - Trimming the violating value to 40 characters, not the whole sample.
    https://github.com/WICG/trusted-types/pull/200 
  - Added enforcement for SVG sinks.
    https://github.com/WICG/trusted-types/pull/199 
  - Removed TrustedURL for non-navigational sinks.
    https://github.com/WICG/trusted-types/pull/198 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-feature-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/WICG/trusted-types
Received on Monday, 29 July 2019 17:00:17 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 July 2019 17:00:18 UTC