W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2020

Weekly github digest (WebAppSec specs)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 10 Aug 2020 17:00:18 +0000
To: public-webappsec@w3.org
Message-Id: <E1k5B9m-0005op-8P@uranus.w3.org>



Issues
------
* w3c/webappsec-csp (+3/-0/💬7)
  3 issues created:
  - host-part matching should allow IPv6 "[::1]" as it does for "127.0.0.1" (by fdelapena)
    https://github.com/w3c/webappsec-csp/issues/440 
  - Does http://example.com:80 match https://example.com? (by antosart)
    https://github.com/w3c/webappsec-csp/issues/439 
  - Cross-realm eval() calls and 'unsafe-eval' (by TomiBelan)
    https://github.com/w3c/webappsec-csp/issues/438 

  4 issues received 7 new comments:
  - #439 Does http://example.com:80 match https://example.com? (1 by antosart)
    https://github.com/w3c/webappsec-csp/issues/439 
  - #438 Cross-realm eval() calls and 'unsafe-eval' (2 by TomiBelan, annevk)
    https://github.com/w3c/webappsec-csp/issues/438 
  - #437 Looking for guidance on defining CSP for <portal> (3 by devd, domenic)
    https://github.com/w3c/webappsec-csp/issues/437 
  - #277 Allow CSP-Report-Only in meta tags. (1 by annevk)
    https://github.com/w3c/webappsec-csp/issues/277 

* w3c/webappsec-cspee (+1/-0/💬0)
  1 issues created:
  - Meaning of 'self' in csp attribute (by antosart)
    https://github.com/w3c/webappsec-cspee/issues/16 

* w3c/webappsec-permissions-policy (+0/-0/💬1)
  1 issues received 1 new comments:
  - #399 Document Policy feature detection (1 by annevk)
    https://github.com/w3c/webappsec-permissions-policy/issues/399 



Pull requests
-------------
* w3c/webappsec-referrer-policy (+1/-0/💬6)
  1 pull requests submitted:
  - Make strict-origin-when-cross-origin the default referrer policy (by krgovind)
    https://github.com/w3c/webappsec-referrer-policy/pull/142 

  2 pull requests received 6 new comments:
  - #142 Make strict-origin-when-cross-origin the default referrer policy (5 by annevk, krgovind, yoavweiss)
    https://github.com/w3c/webappsec-referrer-policy/pull/142 
  - #125 Default to 'strict-origin-when-cross-origin'. (1 by krgovind)
    https://github.com/w3c/webappsec-referrer-policy/pull/125 

* w3c/webappsec-cspee (+1/-0/💬1)
  1 pull requests submitted:
  - Rewrite source expression intersection without using similarity (by antosart)
    https://github.com/w3c/webappsec-cspee/pull/17 

  1 pull requests received 1 new comments:
  - #17 Rewrite source expression intersection without using similarity (1 by antosart)
    https://github.com/w3c/webappsec-cspee/pull/17 

* w3c/webappsec-permissions-policy (+0/-0/💬1)
  1 pull requests received 1 new comments:
  - #379 Rename all the things (1 by Manishearth)
    https://github.com/w3c/webappsec-permissions-policy/pull/379 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/WICG/trusted-types
* https://github.com/w3c/webappsec-unofficial-drafts


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 10 August 2020 17:00:20 UTC

This archive was generated by hypermail 2.4.0 : Monday, 10 August 2020 17:00:21 UTC