Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2019-06-03 (public-webappsec@w3.org from June 2019)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 03 Jun 2019 17:00:28 +0000
To: public-webappsec@w3.org
Message-Id: <E1hXqJw-0004ga-Nn@uranus.w3.org>
Issues
------
* w3c/webappsec-csp (+2/-0/💬2)
  2 issues created:
  - Does child-src defer to script-src? (by bakkot)
    https://github.com/w3c/webappsec-csp/issues/398 
  - Header parsing and integration with Fetch (by annevk)
    https://github.com/w3c/webappsec-csp/issues/397 

  1 issues received 2 new comments:
  - #395 Scripts only in <head> (2 by craigfrancis, Malvoz)
    https://github.com/w3c/webappsec-csp/issues/395 

* w3c/webappsec-referrer-policy (+1/-0/💬0)
  1 issues created:
  - What default policy should new features use? (by jeremyroman)
    https://github.com/w3c/webappsec-referrer-policy/issues/121 

* w3c/webappsec-fetch-metadata (+0/-0/💬3)
  2 issues received 3 new comments:
  - #30 Behavior for payment manifests (2 by rsolomakhin, mikewest)
    https://github.com/w3c/webappsec-fetch-metadata/issues/30 
  - #28 Why is `Sec-Fetch-Site` based on the full URL redirect chain? (1 by anforowicz)
    https://github.com/w3c/webappsec-fetch-metadata/issues/28 

* WICG/trusted-types (+4/-3/💬21)
  4 issues created:
  - Define rules for TT wen multiple headers are present (by koto)
    https://github.com/WICG/trusted-types/issues/178 
  - Rename the factory as available on window to window.trustedTypes. (by koto)
    https://github.com/WICG/trusted-types/issues/177 
  - Putting guards at primitives instead of sinks (by annevk)
    https://github.com/WICG/trusted-types/issues/176 
  - Use once semantic (by annevk)
    https://github.com/WICG/trusted-types/issues/175 

  6 issues received 21 new comments:
  - #174 Figure out Function constructor + TrustedScript (11 by koto, otherdaniel, mikesamuel)
    https://github.com/WICG/trusted-types/issues/174 
  - #175 Use once semantic (5 by koto, mikesamuel, annevk)
    https://github.com/WICG/trusted-types/issues/175 
  - #176 Putting guards at primitives instead of sinks (2 by koto)
    https://github.com/WICG/trusted-types/issues/176 
  - #1 Suggestion: Use different switch/flag than CSP (1 by koto)
    https://github.com/WICG/trusted-types/issues/1 [spec] 
  - #50 Figure out what to do with cross-document interactions (1 by koto)
    https://github.com/WICG/trusted-types/issues/50 [spec] 
  - #152 Call out subtleties with createScriptURL & createURL URI processing (1 by koto)
    https://github.com/WICG/trusted-types/issues/152 [spec] 

  3 issues closed:
  - Consider adding a link and examples to the built in sanitizers ? https://github.com/WICG/trusted-types/issues/148 [spec] 
  - Use once semantic https://github.com/WICG/trusted-types/issues/175 
  - Figure out Function constructor + TrustedScript https://github.com/WICG/trusted-types/issues/174 



Pull requests
-------------
* w3c/webappsec-feature-policy (+1/-1/💬2)
  1 pull requests submitted:
  - Fix wrong property name for reporting (by sisidovski)
    https://github.com/w3c/webappsec-feature-policy/pull/319 

  2 pull requests received 2 new comments:
  - #313 HTML <meta>-delivery (1 by eeeps)
    https://github.com/w3c/webappsec-feature-policy/pull/313 
  - #319 Fix wrong property name for reporting (1 by clelland)
    https://github.com/w3c/webappsec-feature-policy/pull/319 

  1 pull requests merged:
  - Fix wrong property name for reporting
    https://github.com/w3c/webappsec-feature-policy/pull/319 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-feature-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/WICG/trusted-types
Received on Monday, 3 June 2019 17:00:30 UTC