W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2019

Weekly github digest (WebAppSec specs)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 25 Nov 2019 17:00:20 +0000
To: public-webappsec@w3.org
Message-Id: <E1iZHim-00084U-1D@uranus.w3.org>



Issues
------
* w3c/webappsec-csp (+1/-0/💬0)
  1 issues created:
  - Spec is inconsistent about which strings are valid CSPs (by bakkot)
    https://github.com/w3c/webappsec-csp/issues/414 

* w3c/webappsec-fetch-metadata (+1/-1/💬6)
  1 issues created:
  - `Sec-Fetch-Site` for requests from extension background pages (by arturjanc)
    https://github.com/w3c/webappsec-fetch-metadata/issues/47 

  3 issues received 6 new comments:
  - #47 `Sec-Fetch-Site` for requests from extension background pages (4 by anforowicz, mikewest)
    https://github.com/w3c/webappsec-fetch-metadata/issues/47 
  - #39 Sending `Sec-Fetch-Site: none` after redirects from directly user-initiated requests (1 by mikewest)
    https://github.com/w3c/webappsec-fetch-metadata/issues/39 
  - #16 Is `Sec-Fetch-Dest` necessary? (1 by mikewest)
    https://github.com/w3c/webappsec-fetch-metadata/issues/16 

  1 issues closed:
  - Is `Sec-Fetch-Dest` necessary? https://github.com/w3c/webappsec-fetch-metadata/issues/16 

* WICG/trusted-types (+0/-3/💬15)
  6 issues received 15 new comments:
  - #242 Ascertain in-realm documents are indeed covered in the spec (1 by koto)
    https://github.com/w3c/webappsec-trusted-types/issues/242 
  - #241 Allow future extensions to the API without breaking compatibility (9 by koto, mikewest, otherdaniel)
    https://github.com/w3c/webappsec-trusted-types/issues/241 
  - #240 getAttributeType is wrong about namespaces (2 by annevk, koto)
    https://github.com/w3c/webappsec-trusted-types/issues/240 
  - #234 Navigating to plugins (1 by mikewest)
    https://github.com/w3c/webappsec-trusted-types/issues/234 
  - #229 Attribute change steps should not throw (1 by koto)
    https://github.com/w3c/webappsec-trusted-types/issues/229 [spec] 
  - #227 Overriding innerText and textContent does not work (1 by koto)
    https://github.com/w3c/webappsec-trusted-types/issues/227 [spec] 

  3 issues closed:
  - Attribute change steps should not throw https://github.com/w3c/webappsec-trusted-types/issues/229 [spec] 
  - Overriding innerText and textContent does not work https://github.com/w3c/webappsec-trusted-types/issues/227 [spec] 
  - Ascertain in-realm documents are indeed covered in the spec https://github.com/w3c/webappsec-trusted-types/issues/242 



Pull requests
-------------
* w3c/webappsec-csp (+1/-1/💬1)
  1 pull requests submitted:
  - Fix typo (missing comma) in Directives intro (by sideshowbarker)
    https://github.com/w3c/webappsec-csp/pull/415 

  1 pull requests received 1 new comments:
  - #415 Fix typo (missing comma) in Directives intro (1 by sideshowbarker)
    https://github.com/w3c/webappsec-csp/pull/415 

  1 pull requests merged:
  - Fix typo (missing comma) in Directives intro
    https://github.com/w3c/webappsec-csp/pull/415 

* w3c/webappsec-referrer-policy (+0/-0/💬1)
  1 pull requests received 1 new comments:
  - #125 Default to 'strict-origin-when-cross-origin'. (1 by annevk)
    https://github.com/w3c/webappsec-referrer-policy/pull/125 

* w3c/webappsec-feature-policy (+3/-0/💬0)
  3 pull requests submitted:
  - Editorial: Align with Web IDL specification (by autokagami)
    https://github.com/w3c/webappsec-feature-policy/pull/352 
  - Add `document-access` to experimental features (by Malvoz)
    https://github.com/w3c/webappsec-feature-policy/pull/351 
  - Move `encrypted-media` to standardized features (by Malvoz)
    https://github.com/w3c/webappsec-feature-policy/pull/350 

* WICG/trusted-types (+1/-1/💬1)
  1 pull requests submitted:
  - Fix #240. Attributes, by default, are not namespaced. (by koto)
    https://github.com/w3c/webappsec-trusted-types/pull/243 

  1 pull requests received 1 new comments:
  - #236 Alternate take for script enforcement.  (1 by koto)
    https://github.com/w3c/webappsec-trusted-types/pull/236 

  1 pull requests merged:
  - Alternate take for script enforcement. 
    https://github.com/w3c/webappsec-trusted-types/pull/236 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-feature-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/WICG/trusted-types
* https://github.com/w3c/webappsec-unofficial-drafts
Received on Monday, 25 November 2019 17:00:21 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:55:09 UTC