W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2020

Weekly github digest (WebAppSec specs)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 23 Mar 2020 17:00:17 +0000
To: public-webappsec@w3.org
Message-Id: <E1jGQQz-0003Ma-PU@uranus.w3.org>



Issues
------
* w3c/webappsec-subresource-integrity (+0/-0/💬6)
  1 issues received 6 new comments:
  - #68 integrity for downloads (6 by annevk, devd, khuguenin, mozfreddyb, tdelmas)
    https://github.com/w3c/webappsec-subresource-integrity/issues/68 [SRI-next] [feature-request] 

* w3c/webappsec-csp (+5/-0/💬8)
  5 issues created:
  - connect-src: wss without schema  (by axelssonHakan)
    https://github.com/w3c/webappsec-csp/issues/429 
  - `unsafe-allow-redirects` and `form-action` interact weirdly (by bakkot)
    https://github.com/w3c/webappsec-csp/issues/428 
  - `javascript:` navigation directive-name is always null (by bakkot)
    https://github.com/w3c/webappsec-csp/issues/427 
  - Does `strict-dynamic` allow dynamically adding inline scripts? (by bakkot)
    https://github.com/w3c/webappsec-csp/issues/426 
  - Inconsistent treatment of base64url-encoded hash sources in CSP vs SRI (by bakkot)
    https://github.com/w3c/webappsec-csp/issues/423 

  2 issues received 8 new comments:
  - #429 connect-src: wss without schema  (6 by annevk, axelssonHakan, bakkot, mikewest)
    https://github.com/w3c/webappsec-csp/issues/429 
  - #426 Does `strict-dynamic` allow dynamically adding inline scripts? (2 by arturjanc, mikewest)
    https://github.com/w3c/webappsec-csp/issues/426 

* w3c/webappsec-credential-management (+0/-0/💬1)
  1 issues received 1 new comments:
  - #140 Update spec to new IDL syntax for optional dictionaries (1 by domenic)
    https://github.com/w3c/webappsec-credential-management/issues/140 

* w3c/webappsec-feature-policy (+0/-0/💬2)
  2 issues received 2 new comments:
  - #322 Feature-Policy: clipboard-read and clipboard-write (1 by tomayac)
    https://github.com/w3c/webappsec-feature-policy/issues/322 
  - #189 Proposal: define default for all (1 by kovge)
    https://github.com/w3c/webappsec-feature-policy/issues/189 [feature question] 

* w3c/webappsec-fetch-metadata (+1/-0/💬8)
  1 issues created:
  - `Sec-Fetch-Site-Ancestors`? (by mikewest)
    https://github.com/w3c/webappsec-fetch-metadata/issues/56 

  1 issues received 8 new comments:
  - #56 `Sec-Fetch-Ancestors`? (8 by annevk, arturjanc, deian, lweichselbaum, mikewest)
    https://github.com/w3c/webappsec-fetch-metadata/issues/56 

* WICG/trusted-types (+0/-1/💬1)
  1 issues received 1 new comments:
  - #258 Consider allowing creating a policy via a constructor. (1 by koto)
    https://github.com/w3c/webappsec-trusted-types/issues/258 [future] [spec] 

  1 issues closed:
  - Consider allowing creating a policy via a constructor. https://github.com/w3c/webappsec-trusted-types/issues/258 [future] [spec] 



Pull requests
-------------
* w3c/webappsec (+1/-1/💬0)
  1 pull requests submitted:
  - Add mixed content to 2020-03-17 agenda (by estark37)
    https://github.com/w3c/webappsec/pull/563 

  1 pull requests merged:
  - Add mixed content to 2020-03-17 agenda
    https://github.com/w3c/webappsec/pull/563 

* w3c/webappsec-csp (+3/-0/💬1)
  3 pull requests submitted:
  - Clarify that integrity metadata must be non-empty (by bakkot)
    https://github.com/w3c/webappsec-csp/pull/425 
  - Use correct set of source expressions in script directives pre-request check (by bakkot)
    https://github.com/w3c/webappsec-csp/pull/424 
  - Fix typo (by bakkot)
    https://github.com/w3c/webappsec-csp/pull/422 

  1 pull requests received 1 new comments:
  - #422 Fix typo (1 by bakkot)
    https://github.com/w3c/webappsec-csp/pull/422 

* w3c/webappsec-mixed-content (+1/-0/💬0)
  1 pull requests submitted:
  - Fix "requires prohibits" (by jyasskin)
    https://github.com/w3c/webappsec-mixed-content/pull/29 

* w3c/permissions (+1/-0/💬4)
  1 pull requests submitted:
  - Add CameraDevicePermissionDescriptor for 'camera' permission (by eehakkin)
    https://github.com/w3c/permissions/pull/204 

  1 pull requests received 4 new comments:
  - #204 Add CameraDevicePermissionDescriptor for 'camera' permission (4 by eehakkin, riju)
    https://github.com/w3c/permissions/pull/204 

* w3c/webappsec-feature-policy (+1/-0/💬4)
  1 pull requests submitted:
  - Feature registry (by clelland)
    https://github.com/w3c/webappsec-feature-policy/pull/366 

  1 pull requests received 4 new comments:
  - #366 Feature registry (4 by annevk, clelland, domenic)
    https://github.com/w3c/webappsec-feature-policy/pull/366 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-feature-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/WICG/trusted-types
* https://github.com/w3c/webappsec-unofficial-drafts
Received on Monday, 23 March 2020 17:00:20 UTC

This archive was generated by hypermail 2.4.0 : Monday, 23 March 2020 17:00:21 UTC