W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2019

Weekly github digest (WebAppSec specs)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 21 Oct 2019 17:00:29 +0000
To: public-webappsec@w3.org
Message-Id: <E1iMb2j-000666-A1@uranus.w3.org>



Issues
------
* w3c/webappsec-csp (+1/-0/💬1)
  1 issues created:
  - recapture bug (by Ronsekaon)
    https://github.com/w3c/webappsec-csp/issues/412 

  1 issues received 1 new comments:
  - #412 recapture bug (1 by Ronsekaon)
    https://github.com/w3c/webappsec-csp/issues/412 

* w3c/webappsec-fetch-metadata (+0/-0/💬1)
  1 issues received 1 new comments:
  - #45 Naming for new items in `mode`. (1 by arturjanc)
    https://github.com/w3c/webappsec-fetch-metadata/issues/45 

* WICG/trusted-types (+3/-5/💬13)
  3 issues created:
  - Attribute change steps should not throw (by koto)
    https://github.com/w3c/webappsec-trusted-types/issues/229 
  - <iframe> and data: URLs? (by domenic)
    https://github.com/w3c/webappsec-trusted-types/issues/228 
  - Overriding innerText and textContent does not work (by domenic)
    https://github.com/w3c/webappsec-trusted-types/issues/227 

  9 issues received 13 new comments:
  - #228 <iframe> and data: URLs? (4 by domenic, koto)
    https://github.com/w3c/webappsec-trusted-types/issues/228 
  - #227 Overriding innerText and textContent does not work (1 by koto)
    https://github.com/w3c/webappsec-trusted-types/issues/227 
  - #225 Trusted Types - bad name? (1 by zcorpan)
    https://github.com/w3c/webappsec-trusted-types/issues/225 
  - #222 How does this work when you have a dependency included twice? (1 by koto)
    https://github.com/w3c/webappsec-trusted-types/issues/222 
  - #221 Figure out if we need `'trusted-script'` in `script-src` (1 by koto)
    https://github.com/w3c/webappsec-trusted-types/issues/221 
  - #176 Putting guards at primitives instead of sinks (1 by domenic)
    https://github.com/w3c/webappsec-trusted-types/issues/176 [spec] 
  - #141 Event handler path not checking right name (2 by koto)
    https://github.com/w3c/webappsec-trusted-types/issues/141 
  - #47 Put safeguards around attribute nodes (1 by koto)
    https://github.com/w3c/webappsec-trusted-types/issues/47 [security] [spec] 
  - #42 How to handle <template>? (1 by koto)
    https://github.com/w3c/webappsec-trusted-types/issues/42 [security] [spec] 

  5 issues closed:
  - Add multiple params to TrustedTypePolicyOptions callback https://github.com/w3c/webappsec-trusted-types/issues/224 [spec] 
  - How to handle <template>? https://github.com/w3c/webappsec-trusted-types/issues/42 [security] [spec] 
  - Event handler path not checking right name https://github.com/w3c/webappsec-trusted-types/issues/141 
  - <iframe> and data: URLs? https://github.com/w3c/webappsec-trusted-types/issues/228 
  - Trusted Types - bad name? https://github.com/w3c/webappsec-trusted-types/issues/225 



Pull requests
-------------
* w3c/permissions (+0/-0/💬2)
  2 pull requests received 2 new comments:
  - #201 Add nfc permission. (1 by marcoscaceres)
    https://github.com/w3c/permissions/pull/201 
  - #155 Add ClipboardPermissionDescriptor (1 by saschanaz)
    https://github.com/w3c/permissions/pull/155 

* w3c/webappsec-referrer-policy (+4/-2/💬18)
  4 pull requests submitted:
  - Codify user agent flexibility with regard to referrer values. (by mikewest)
    https://github.com/w3c/webappsec-referrer-policy/pull/127 
  - Strip referrer information from non-secure requests. (by mikewest)
    https://github.com/w3c/webappsec-referrer-policy/pull/126 
  - Default to 'strict-origin-when-cross-origin'. (by mikewest)
    https://github.com/w3c/webappsec-referrer-policy/pull/125 
  - De-fang 'unsafe-url'. (by mikewest)
    https://github.com/w3c/webappsec-referrer-policy/pull/124 

  4 pull requests received 18 new comments:
  - #127 Codify user agent flexibility with regard to referrer values. (2 by mikewest)
    https://github.com/w3c/webappsec-referrer-policy/pull/127 
  - #126 Strip referrer information from non-secure requests. (2 by fmarier, mikewest)
    https://github.com/w3c/webappsec-referrer-policy/pull/126 
  - #125 Default to 'strict-origin-when-cross-origin'. (4 by annevk, domenic, ehsan, mikewest)
    https://github.com/w3c/webappsec-referrer-policy/pull/125 
  - #124 De-fang 'unsafe-url'. (10 by annevk, domenic, ericlaw1979, mikewest)
    https://github.com/w3c/webappsec-referrer-policy/pull/124 

  2 pull requests merged:
  - Limit `referer` header's value to 4k.
    https://github.com/w3c/webappsec-referrer-policy/pull/122 
  - Codify user agent flexibility with regard to referrer values.
    https://github.com/w3c/webappsec-referrer-policy/pull/127 

* w3c/webappsec-feature-policy (+3/-3/💬2)
  3 pull requests submitted:
  - Add `navigation-override` to standardized features (by Malvoz)
    https://github.com/w3c/webappsec-feature-policy/pull/347 
  - Add `focus-without-user-activation` to experimental features (by Malvoz)
    https://github.com/w3c/webappsec-feature-policy/pull/346 
  - Add `battery` feature identifier for the Battery Status API (by Malvoz)
    https://github.com/w3c/webappsec-feature-policy/pull/345 

  2 pull requests received 2 new comments:
  - #345 Add `battery` feature identifier for the Battery Status API (1 by clelland)
    https://github.com/w3c/webappsec-feature-policy/pull/345 
  - #344 Move `publickey-credentials` from proposed to standardized feature (1 by clelland)
    https://github.com/w3c/webappsec-feature-policy/pull/344 

  3 pull requests merged:
  - Add `battery` feature identifier for the Battery Status API
    https://github.com/w3c/webappsec-feature-policy/pull/345 
  - Update features.md with latest WebXR changes
    https://github.com/w3c/webappsec-feature-policy/pull/343 
  - Move `publickey-credentials` from proposed to standardized feature
    https://github.com/w3c/webappsec-feature-policy/pull/344 

* WICG/trusted-types (+3/-4/💬3)
  3 pull requests submitted:
  - Fix #224. (by koto)
    https://github.com/w3c/webappsec-trusted-types/pull/231 
  - Small spec fixes. (by koto)
    https://github.com/w3c/webappsec-trusted-types/pull/230 
  - Correct spelling mistake (by nitinsurana)
    https://github.com/w3c/webappsec-trusted-types/pull/226 

  2 pull requests received 3 new comments:
  - #226 Correct spelling mistake (2 by koto)
    https://github.com/w3c/webappsec-trusted-types/pull/226 
  - #217 Add missing externs (1 by koto)
    https://github.com/w3c/webappsec-trusted-types/pull/217 

  4 pull requests merged:
  - Fix #224.
    https://github.com/w3c/webappsec-trusted-types/pull/231 
  - Small spec fixes.
    https://github.com/w3c/webappsec-trusted-types/pull/230 
  - Add missing externs
    https://github.com/w3c/webappsec-trusted-types/pull/217 
  - Correct spelling mistake
    https://github.com/w3c/webappsec-trusted-types/pull/226 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-feature-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/WICG/trusted-types
* https://github.com/w3c/webappsec-unofficial-drafts
Received on Monday, 21 October 2019 17:00:31 UTC

This archive was generated by hypermail 2.3.1 : Monday, 21 October 2019 17:00:32 UTC