W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2020

Weekly github digest (WebAppSec specs)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 17 Feb 2020 17:00:16 +0000
To: public-webappsec@w3.org
Message-Id: <E1j3jkm-0005tv-79@uranus.w3.org>



Issues
------
* w3c/webappsec (+0/-0/💬1)
  1 issues received 1 new comments:
  - #543 Prevent programmatic focus in iframe (1 by uhrohraggy)
    https://github.com/w3c/webappsec/issues/543 

* w3c/webappsec-subresource-integrity (+1/-0/💬0)
  1 issues created:
  - SubResourceIntegrity check failed for <link> tag (by manoj6587)
    https://github.com/w3c/webappsec-subresource-integrity/issues/91 

* w3c/webappsec-secure-contexts (+1/-4/💬10)
  1 issues created:
  - Convoluted blob: URL issue (by annevk)
    https://github.com/w3c/webappsec-secure-contexts/issues/71 

  5 issues received 10 new comments:
  - #69 Can data: URLs be part of a secure context? (5 by annevk, mikewest)
    https://github.com/w3c/webappsec-secure-contexts/issues/69 
  - #59 Typo: "Intergration with WebIDL" (1 by annevk)
    https://github.com/w3c/webappsec-secure-contexts/issues/59 
  - #28 Consider whether sandboxed content should automatically be a secure context (2 by annevk, mikewest)
    https://github.com/w3c/webappsec-secure-contexts/issues/28 
  - #26 Sandboxed data: URI in a localhost page should be a Secure Context (1 by annevk)
    https://github.com/w3c/webappsec-secure-contexts/issues/26 
  - #9 Figure out how to manage normative dependencies to WHATWG HTML for features not in W3C HTML for CR/REC (1 by annevk)
    https://github.com/w3c/webappsec-secure-contexts/issues/9 [help wanted] 

  4 issues closed:
  - Consider whether sandboxed content should automatically be a secure context https://github.com/w3c/webappsec-secure-contexts/issues/28 
  - Figure out how to manage normative dependencies to WHATWG HTML for features not in W3C HTML for CR/REC https://github.com/w3c/webappsec-secure-contexts/issues/9 [help wanted] 
  - Typo: "Intergration with WebIDL" https://github.com/w3c/webappsec-secure-contexts/issues/59 
  - Can data: URLs be part of a secure context? https://github.com/w3c/webappsec-secure-contexts/issues/69 

* w3c/webappsec-feature-policy (+0/-0/💬2)
  1 issues received 2 new comments:
  - #189 Proposal: define default for all (2 by Valodim, oliverjanik)
    https://github.com/w3c/webappsec-feature-policy/issues/189 [feature question] 

* w3c/webappsec-fetch-metadata (+1/-0/💬1)
  1 issues created:
  - Should we ignore invalid values? (by sspi)
    https://github.com/w3c/webappsec-fetch-metadata/issues/54 

  1 issues received 1 new comments:
  - #54 Should we ignore invalid values? (1 by arturjanc)
    https://github.com/w3c/webappsec-fetch-metadata/issues/54 

* WICG/trusted-types (+2/-0/💬15)
  2 issues created:
  - Consider allowing creating a policy via a constructor. (by koto)
    https://github.com/w3c/webappsec-trusted-types/issues/258 
  - Use of [Unforgeable] in Trusted Types WebIDL (by littledan)
    https://github.com/w3c/webappsec-trusted-types/issues/257 

  3 issues received 15 new comments:
  - #258 Consider allowing creating a policy via a constructor. (2 by koto, otherdaniel)
    https://github.com/w3c/webappsec-trusted-types/issues/258 
  - #257 Use of [Unforgeable] in Trusted Types WebIDL (12 by annevk, domenic, koto, littledan)
    https://github.com/w3c/webappsec-trusted-types/issues/257 
  - #248 Alternative Options for Default Policy. (1 by annevk)
    https://github.com/w3c/webappsec-trusted-types/issues/248 



Pull requests
-------------
* w3c/webappsec-subresource-integrity (+0/-0/💬1)
  1 pull requests received 1 new comments:
  - #86 Apply integrity checks to inline script and style blocks. (1 by mozdevcontrib)
    https://github.com/w3c/webappsec-subresource-integrity/pull/86 

* w3c/webappsec-referrer-policy (+0/-0/💬1)
  1 pull requests received 1 new comments:
  - #126 Strip referrer information from non-secure requests. (1 by fmarier)
    https://github.com/w3c/webappsec-referrer-policy/pull/126 

* w3c/webappsec-secure-contexts (+3/-3/💬2)
  3 pull requests submitted:
  - Drop the sandbox flag. (by mikewest)
    https://github.com/w3c/webappsec-secure-contexts/pull/73 
  - data: URLs (by annevk)
    https://github.com/w3c/webappsec-secure-contexts/pull/72 
  - Meta: address Bikeshed issues (by annevk)
    https://github.com/w3c/webappsec-secure-contexts/pull/70 

  2 pull requests received 2 new comments:
  - #73 Drop the sandbox flag. (1 by mikewest)
    https://github.com/w3c/webappsec-secure-contexts/pull/73 
  - #70 Meta: address Bikeshed issues (1 by annevk)
    https://github.com/w3c/webappsec-secure-contexts/pull/70 

  3 pull requests merged:
  - Drop the sandbox flag.
    https://github.com/w3c/webappsec-secure-contexts/pull/73 
  - Fix typo in WebIDL header
    https://github.com/w3c/webappsec-secure-contexts/pull/67 
  - data: URLs
    https://github.com/w3c/webappsec-secure-contexts/pull/72 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-feature-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/WICG/trusted-types
* https://github.com/w3c/webappsec-unofficial-drafts
Received on Monday, 17 February 2020 17:00:18 UTC

This archive was generated by hypermail 2.4.0 : Monday, 17 February 2020 17:00:19 UTC