W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2019

Weekly github digest (WebAppSec specs)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 16 Sep 2019 17:00:14 +0000
To: public-webappsec@w3.org
Message-Id: <E1i9uMI-0001d3-FY@uranus.w3.org>



Issues
------
* w3c/webappsec (+0/-0/💬5)
  1 issues received 5 new comments:
  - #555 TPAC 2019 Agenda. (5 by annevk, cyberphone, clelland, yoavweiss, arturjanc)
    https://github.com/w3c/webappsec/issues/555 

* w3c/webappsec-subresource-integrity (+1/-0/💬0)
  1 issues created:
  - Relationship to Digest header (by LPardue)
    https://github.com/w3c/webappsec-subresource-integrity/issues/83 

* w3c/webappsec-csp (+0/-0/💬1)
  1 issues received 1 new comments:
  - #348 Allow report-to in CSP and CSPRO meta tags (1 by eligrey)
    https://github.com/w3c/webappsec-csp/issues/348 

* w3c/permissions (+1/-1/💬1)
  1 issues created:
  - Screen sharing permission "display" should be "display-capture" (by jan-ivar)
    https://github.com/w3c/permissions/issues/199 

  1 issues received 1 new comments:
  - #199 Screen sharing permission "display" should be "display-capture" (1 by jan-ivar)
    https://github.com/w3c/permissions/issues/199 

  1 issues closed:
  - Screen sharing permission "display" should be "display-capture" https://github.com/w3c/permissions/issues/199 

* w3c/webappsec-referrer-policy (+1/-0/💬0)
  1 issues created:
  - Inconsistencies with "same-origin" requests (by domfarolino)
    https://github.com/w3c/webappsec-referrer-policy/issues/123 

* w3c/webappsec-feature-policy (+1/-0/💬2)
  1 issues created:
  - Add display-capture (by annevk)
    https://github.com/w3c/webappsec-feature-policy/issues/339 

  2 issues received 2 new comments:
  - #230 Need to define how 'src' works with sandboxed frames (1 by annevk)
    https://github.com/w3c/webappsec-feature-policy/issues/230 [definition] 
  - #55 Support for declaring feature policy in HTML (1 by mikewest)
    https://github.com/w3c/webappsec-feature-policy/issues/55 [feedback] 

* w3c/webappsec-fetch-metadata (+1/-2/💬5)
  1 issues created:
  - Comparison does not seem to account for opaque origins (by annevk)
    https://github.com/w3c/webappsec-fetch-metadata/issues/41 

  2 issues received 5 new comments:
  - #37 Handling iframing via <embed> / <object> (3 by annevk, arturjanc)
    https://github.com/w3c/webappsec-fetch-metadata/issues/37 
  - #34 Treat http://foo.com -> https://foo.com requests as `Sec-Fetch-Site: cross-site`. (2 by annevk, mikewest)
    https://github.com/w3c/webappsec-fetch-metadata/issues/34 

  2 issues closed:
  - Comparison does not seem to account for opaque origins https://github.com/w3c/webappsec-fetch-metadata/issues/41 
  - Treat http://foo.com -> https://foo.com requests as `Sec-Fetch-Site: cross-site`. https://github.com/w3c/webappsec-fetch-metadata/issues/34 

* WICG/trusted-types (+2/-0/💬3)
  2 issues created:
  - Consider adding TT.emptyScript (by koto)
    https://github.com/WICG/trusted-types/issues/218 
  - Intent to Migrate: Trusted Types (by koto)
    https://github.com/WICG/trusted-types/issues/215 

  1 issues received 3 new comments:
  - #36 Expose information on status of TrustedTypes enforcement (3 by koto, Siegrift)
    https://github.com/WICG/trusted-types/issues/36 [spec] 



Pull requests
-------------
* w3c/webappsec (+1/-1/💬0)
  1 pull requests submitted:
  - add webex link (by samuelweiler)
    https://github.com/w3c/webappsec/pull/556 

  1 pull requests merged:
  - add webex link
    https://github.com/w3c/webappsec/pull/556 

* w3c/permissions (+0/-0/💬1)
  1 pull requests received 1 new comments:
  - #188 Rename 'display' permission to 'display-capture'. (1 by jan-ivar)
    https://github.com/w3c/permissions/pull/188 

* w3c/webappsec-fetch-metadata (+1/-1/💬3)
  1 pull requests submitted:
  - Sec-Fetch-Site's scheme comparison should account for opaque origins. (by mikewest)
    https://github.com/w3c/webappsec-fetch-metadata/pull/42 

  1 pull requests received 3 new comments:
  - #42 Sec-Fetch-Site's scheme comparison should account for opaque origins. (3 by annevk, mikewest)
    https://github.com/w3c/webappsec-fetch-metadata/pull/42 

  1 pull requests merged:
  - Sec-Fetch-Site's scheme comparison should account for opaque origins.
    https://github.com/w3c/webappsec-fetch-metadata/pull/42 

* WICG/trusted-types (+4/-4/💬2)
  4 pull requests submitted:
  - Add missing externs (by Siegrift)
    https://github.com/WICG/trusted-types/pull/217 
  - Release new version: 1.1.0 (by koto)
    https://github.com/WICG/trusted-types/pull/216 
  - Don't throw on policy collision when policy names = * (by Siegrift)
    https://github.com/WICG/trusted-types/pull/214 
  - Fix default policy minification error, enable some closure flags (by Siegrift)
    https://github.com/WICG/trusted-types/pull/213 

  1 pull requests received 2 new comments:
  - #213 Fix default policy minification error, enable some closure flags (2 by koto, Siegrift)
    https://github.com/WICG/trusted-types/pull/213 

  4 pull requests merged:
  - Release new version: 1.1.0
    https://github.com/WICG/trusted-types/pull/216 
  - Build polyfill for multiple environments
    https://github.com/WICG/trusted-types/pull/210 
  - Don't throw on policy collision when policy names = *
    https://github.com/WICG/trusted-types/pull/214 
  - Fix default policy minification error, enable some closure flags
    https://github.com/WICG/trusted-types/pull/213 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-feature-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/WICG/trusted-types
Received on Monday, 16 September 2019 17:00:17 UTC

This archive was generated by hypermail 2.3.1 : Monday, 16 September 2019 17:00:17 UTC