Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2019-06-10 (public-webappsec@w3.org from June 2019)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 10 Jun 2019 17:00:22 +0000
To: public-webappsec@w3.org
Message-Id: <E1haNeg-0001lL-7V@uranus.w3.org>
Issues
------
* w3c/webappsec-csp (+2/-1/💬6)
  2 issues created:
  - frame-src spec does not match implementations in terms of which CSP is used (by bzbarsky)
    https://github.com/w3c/webappsec-csp/issues/400 
  - Support 'strict-dynamic' in style-src (by arturjanc)
    https://github.com/w3c/webappsec-csp/issues/399 

  4 issues received 6 new comments:
  - #395 Scripts only in <head> (2 by craigfrancis, dveditz)
    https://github.com/w3c/webappsec-csp/issues/395 
  - #398 Does child-src defer to script-src? (2 by bakkot, dveditz)
    https://github.com/w3c/webappsec-csp/issues/398 
  - #400 frame-src spec does not match implementations in terms of which CSP is used (1 by bzbarsky)
    https://github.com/w3c/webappsec-csp/issues/400 
  - #201 clarify whether csp blocks reflection of non-string arguments to eval (1 by mikesamuel)
    https://github.com/w3c/webappsec-csp/issues/201 

  1 issues closed:
  - Scripts only in <head> https://github.com/w3c/webappsec-csp/issues/395 

* w3c/webappsec-upgrade-insecure-requests (+1/-0/💬0)
  1 issues created:
  - Use of "incumbent settings object" in "Policy inheritance" section does not make sense (by bzbarsky)
    https://github.com/w3c/webappsec-upgrade-insecure-requests/issues/17 

* w3c/webappsec-secure-contexts (+1/-0/💬5)
  1 issues created:
  - Is "file:" protocol considered a "secure context", if not why? (by guest271314)
    https://github.com/w3c/webappsec-secure-contexts/issues/66 

  1 issues received 5 new comments:
  - #66 Is "file:" protocol considered a "secure context", if not why? (5 by inexorabletash, guest271314, mkruisselbrink)
    https://github.com/w3c/webappsec-secure-contexts/issues/66 

* w3c/webappsec-clear-site-data (+0/-0/💬1)
  1 issues received 1 new comments:
  - #54 Normative spec doesn't necessarily terminate service workers (1 by jungkees)
    https://github.com/w3c/webappsec-clear-site-data/issues/54 

* w3c/webappsec-feature-policy (+1/-0/💬4)
  1 issues created:
  - Feature idea: non-strict-mode (by Jamesernator)
    https://github.com/w3c/webappsec-feature-policy/issues/320 

  2 issues received 4 new comments:
  - #273 Prevent programmatic focus in iframe (3 by ehsan-karamad, craigfrancis)
    https://github.com/w3c/webappsec-feature-policy/issues/273 [proposed feature] 
  - #189 Proposal: define default for all (1 by Jamesernator)
    https://github.com/w3c/webappsec-feature-policy/issues/189 [feature question] 

* WICG/trusted-types (+0/-0/💬4)
  2 issues received 4 new comments:
  - #176 Putting guards at primitives instead of sinks (2 by koto, annevk)
    https://github.com/WICG/trusted-types/issues/176 
  - #152 Allow for limiting the sinks that a type can be used for (2 by koto, engelsdamien)
    https://github.com/WICG/trusted-types/issues/152 [spec] 



Pull requests
-------------
* w3c/webappsec-referrer-policy (+1/-0/💬3)
  1 pull requests submitted:
  - Limit `referer` header's value to 4k. (by mikewest)
    https://github.com/w3c/webappsec-referrer-policy/pull/122 

  1 pull requests received 3 new comments:
  - #122 Limit `referer` header's value to 4k. (3 by arturjanc, mikewest)
    https://github.com/w3c/webappsec-referrer-policy/pull/122 

* w3c/webappsec-feature-policy (+1/-0/💬0)
  1 pull requests submitted:
  - Fix spec link in focus-without-user-activation Policy (by foolip)
    https://github.com/w3c/webappsec-feature-policy/pull/321 

* WICG/trusted-types (+1/-1/💬0)
  1 pull requests submitted:
  - CSP3 integration docs (by mikesamuel)
    https://github.com/WICG/trusted-types/pull/179 

  1 pull requests merged:
  - CSP3 integration docs
    https://github.com/WICG/trusted-types/pull/179 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-feature-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/WICG/trusted-types
Received on Monday, 10 June 2019 17:00:25 UTC