W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2019

Weekly github digest (WebAppSec specs)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 20 May 2019 17:00:25 +0000
To: public-webappsec@w3.org
Message-Id: <E1hSleD-0006l3-Eu@uranus.w3.org>



Issues
------
* w3c/webappsec (+0/-0/💬1)
  1 issues received 1 new comments:
  - #206 CSP: Consider a `permissions` directive. (1 by Malvoz)
    https://github.com/w3c/webappsec/issues/206 [CSP] 

* w3c/webappsec-csp (+0/-1/💬19)
  4 issues received 19 new comments:
  - #391 Extend `frame-ancestors` to allow resizing iframe based on its contents. (10 by annevk, dveditz, craigfrancis, briansmith)
    https://github.com/w3c/webappsec-csp/issues/391 
  - #392 Enforce "at most once" semantics for scripts (4 by dveditz, briansmith)
    https://github.com/w3c/webappsec-csp/issues/392 
  - #394 Consider removing plugin-types (4 by Sora2455, briansmith)
    https://github.com/w3c/webappsec-csp/issues/394 
  - #243 Any protection against dynamic module import? (1 by briansmith)
    https://github.com/w3c/webappsec-csp/issues/243 

  1 issues closed:
  - Extend `frame-ancestors` to allow resizing iframe based on its contents. https://github.com/w3c/webappsec-csp/issues/391 

* w3c/permissions (+1/-0/💬0)
  1 issues created:
  - Add "background-playback" permission type (by mantou132)
    https://github.com/w3c/permissions/issues/193 

* w3c/webappsec-referrer-policy (+1/-0/💬0)
  1 issues created:
  - Should request's referrer uses browsing context container’s node document url in Blob url (by tungmangtdh3)
    https://github.com/w3c/webappsec-referrer-policy/issues/120 

* w3c/webappsec-feature-policy (+2/-1/💬16)
  2 issues created:
  - "Enforce" links (and "enforce" generally) (by eeeps)
    https://github.com/w3c/webappsec-feature-policy/issues/312 
  - [loading-image-default-eager] background-images and generated content? (by Malvoz)
    https://github.com/w3c/webappsec-feature-policy/issues/311 

  5 issues received 16 new comments:
  - #148 commas and semicolons both allowed, with different rules for overriding (8 by annevk, clelland, briansmith)
    https://github.com/w3c/webappsec-feature-policy/issues/148 [eng task] 
  - #312 "Enforce" links (and "enforce" generally) (3 by clelland, eeeps)
    https://github.com/w3c/webappsec-feature-policy/issues/312 
  - #305 Feature-Policy-Report-Only: which types are supported? (2 by gi11es, maxtruxa)
    https://github.com/w3c/webappsec-feature-policy/issues/305 [feature question] 
  - #311 [loading-image-default-eager] background-images and generated content? (2 by ehsan-karamad, clelland)
    https://github.com/w3c/webappsec-feature-policy/issues/311 
  - #300 Architecture discussion: Sandbox policies (1 by annevk)
    https://github.com/w3c/webappsec-feature-policy/issues/300 [architecture] 

  1 issues closed:
  - Feature-Policy-Report-Only: which types are supported? https://github.com/w3c/webappsec-feature-policy/issues/305 [feature question] 



Pull requests
-------------
* w3c/webappsec-feature-policy (+3/-0/💬4)
  3 pull requests submitted:
  - Change semicolons separating directives in examples to commas. (by eeeps)
    https://github.com/w3c/webappsec-feature-policy/pull/314 
  - HTML <meta>-delivery (by eeeps)
    https://github.com/w3c/webappsec-feature-policy/pull/313 
  - Add definitions to other page lifecyle feature policies (by dtapuska)
    https://github.com/w3c/webappsec-feature-policy/pull/310 

  2 pull requests received 4 new comments:
  - #313 HTML <meta>-delivery (2 by annevk, eeeps)
    https://github.com/w3c/webappsec-feature-policy/pull/313 
  - #314 Change semicolons separating directives in examples to commas. (2 by eeeps, briansmith)
    https://github.com/w3c/webappsec-feature-policy/pull/314 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-feature-policy
Received on Monday, 20 May 2019 17:00:29 UTC

This archive was generated by hypermail 2.3.1 : Monday, 20 May 2019 17:00:30 UTC