Weekly github digest (WebAppSec specs)

Issues
------
* w3c/webappsec-csp (+2/-0/💬4)
  2 issues created:
  - Clarify that report-uri cannot violate mixed-content (by antosart)
    https://github.com/w3c/webappsec-csp/issues/432 
  - Why do `base-uri` and `frame-ancestors` have different grammars? (by bakkot)
    https://github.com/w3c/webappsec-csp/issues/431 

  2 issues received 4 new comments:
  - #431 Why do `base-uri` and `frame-ancestors` have different grammars? (2 by annevk, bakkot)
    https://github.com/w3c/webappsec-csp/issues/431 
  - #279 Sandbox directive for workers (2 by annevk, hiroshige-g)
    https://github.com/w3c/webappsec-csp/issues/279 

* w3c/webappsec-mixed-content (+0/-0/💬2)
  1 issues received 2 new comments:
  - #31 Form submission warning does not address redirects (2 by annevk, carlosjoan91)
    https://github.com/w3c/webappsec-mixed-content/issues/31 

* w3c/permissions (+2/-0/💬0)
  2 issues created:
  - Can `Permission task source` be exported? (by yoavweiss)
    https://github.com/w3c/permissions/issues/206 
  - PermissionName not defined as proper IDL block (by tidoust)
    https://github.com/w3c/permissions/issues/205 

* w3c/webappsec-feature-policy (+0/-0/💬7)
  1 issues received 7 new comments:
  - #322 Feature-Policy: clipboard-read and clipboard-write (7 by NicholasHallman, bershanskiy, dway123, eduxdream, jondcoleman)
    https://github.com/w3c/webappsec-feature-policy/issues/322 

* w3c/webappsec-fetch-metadata (+0/-1/💬1)
  1 issues received 1 new comments:
  - #55 Document still contains nested-document and nested-navigate (1 by mikewest)
    https://github.com/w3c/webappsec-fetch-metadata/issues/55 

  1 issues closed:
  - Document still contains nested-document and nested-navigate https://github.com/w3c/webappsec-fetch-metadata/issues/55 

* WICG/trusted-types (+0/-1/💬0)
  1 issues closed:
  - Redefine behaviour for svg script href setter. https://github.com/w3c/webappsec-trusted-types/issues/275 



Pull requests
-------------
* w3c/webappsec (+1/-1/💬0)
  1 pull requests submitted:
  - Add mixed content to 2020-04-21-agenda.md (by carlosjoan91)
    https://github.com/w3c/webappsec/pull/566 

  1 pull requests merged:
  - Add mixed content to 2020-04-21-agenda.md
    https://github.com/w3c/webappsec/pull/566 

* w3c/webappsec-mixed-content (+0/-0/💬6)
  1 pull requests received 6 new comments:
  - #30 Include concepts from MIX in MIX2 (6 by annevk, carlosjoan91, mikewest)
    https://github.com/w3c/webappsec-mixed-content/pull/30 

* w3c/webappsec-referrer-policy (+0/-0/💬2)
  1 pull requests received 2 new comments:
  - #125 Default to 'strict-origin-when-cross-origin'. (2 by johnwilander, kiding)
    https://github.com/w3c/webappsec-referrer-policy/pull/125 

* WICG/trusted-types (+1/-1/💬0)
  1 pull requests submitted:
  - Fix #275. (by koto)
    https://github.com/w3c/webappsec-trusted-types/pull/277 

  1 pull requests merged:
  - Fix #275.
    https://github.com/w3c/webappsec-trusted-types/pull/277 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-feature-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/WICG/trusted-types
* https://github.com/w3c/webappsec-unofficial-drafts

Received on Monday, 27 April 2020 17:00:21 UTC