Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2021-01-18 (public-webappsec@w3.org from January 2021)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 18 Jan 2021 17:00:21 +0000
To: public-webappsec@w3.org
Message-Id: <E1l1Xt7-0000yl-4E@uranus.w3.org>
Issues
------
* w3c/webappsec-subresource-integrity (+0/-0/💬1)
  1 issues received 1 new comments:
  - #83 Relationship to Digest header (1 by ioggstream)
    https://github.com/w3c/webappsec-subresource-integrity/issues/83 

* w3c/webappsec-csp (+1/-0/💬3)
  1 issues created:
  - Use Infra for JSON (by annevk)
    https://github.com/w3c/webappsec-csp/issues/455 

  1 issues received 3 new comments:
  - #394 Consider removing plugin-types (3 by annevk, mikewest)
    https://github.com/w3c/webappsec-csp/issues/394 

* w3c/webappsec-referrer-policy (+0/-2/💬2)
  2 issues received 2 new comments:
  - #121 What default policy should new features use? (1 by domfarolino)
    https://github.com/w3c/webappsec-referrer-policy/issues/121 
  - #118 Typo: space between “non-” and “potentially trustworthy” (1 by domfarolino)
    https://github.com/w3c/webappsec-referrer-policy/issues/118 

  2 issues closed:
  - Typo: space between “non-” and “potentially trustworthy” https://github.com/w3c/webappsec-referrer-policy/issues/118 
  - What default policy should new features use? https://github.com/w3c/webappsec-referrer-policy/issues/121 

* w3c/webappsec-secure-contexts (+1/-7/💬18)
  1 issues created:
  - Potentially trustworthy URL algo should explicitly treat authenticated schemes as non-opaque (by fred-wang)
    https://github.com/w3c/webappsec-secure-contexts/issues/85 

  10 issues received 18 new comments:
  - #85 Potentially trustworthy URL algo should explicitly treat authenticated schemes as non-opaque (8 by anforowicz, annevk, fred-wang)
    https://github.com/w3c/webappsec-secure-contexts/issues/85 
  - #83 Data URL iframes are considered secure contexts only if sandboxed (1 by annevk)
    https://github.com/w3c/webappsec-secure-contexts/issues/83 
  - #82 Surprising inheritance behavior for opened windows (1 by annevk)
    https://github.com/w3c/webappsec-secure-contexts/issues/82 
  - #81 about:blank" or "about:srcdoc" with query string or fragment should be potentially trustworthy (2 by annevk, fred-wang)
    https://github.com/w3c/webappsec-secure-contexts/issues/81 
  - #79 Upstream monkey-patches to HTML and delete in this spec (1 by annevk)
    https://github.com/w3c/webappsec-secure-contexts/issues/79 
  - #74 secure contexts and Workers created from data URLs (1 by annevk)
    https://github.com/w3c/webappsec-secure-contexts/issues/74 
  - #71 Convoluted blob: URL issue (1 by annevk)
    https://github.com/w3c/webappsec-secure-contexts/issues/71 
  - #63 Consider "potentially trustworthy" for responses (1 by annevk)
    https://github.com/w3c/webappsec-secure-contexts/issues/63 
  - #57 "Is an environment settings object contextually secure?" does not work for worklets (1 by annevk)
    https://github.com/w3c/webappsec-secure-contexts/issues/57 
  - #56 "Is an environment settings object contextually secure?" does not deal with nested workers (1 by annevk)
    https://github.com/w3c/webappsec-secure-contexts/issues/56 

  7 issues closed:
  - Data URL iframes are considered secure contexts only if sandboxed https://github.com/w3c/webappsec-secure-contexts/issues/83 
  - Surprising inheritance behavior for opened windows https://github.com/w3c/webappsec-secure-contexts/issues/82 
  - secure contexts and Workers created from data URLs https://github.com/w3c/webappsec-secure-contexts/issues/74 
  - Consider "potentially trustworthy" for responses https://github.com/w3c/webappsec-secure-contexts/issues/63 
  - "Is an environment settings object contextually secure?" does not work for worklets https://github.com/w3c/webappsec-secure-contexts/issues/57 
  - "Is an environment settings object contextually secure?" does not deal with nested workers https://github.com/w3c/webappsec-secure-contexts/issues/56 
  - Upstream monkey-patches to HTML and delete in this spec https://github.com/w3c/webappsec-secure-contexts/issues/79 

* w3c/webappsec-clear-site-data (+0/-0/💬1)
  1 issues received 1 new comments:
  - #40 Can't clear site data while offline (1 by asakusuma)
    https://github.com/w3c/webappsec-clear-site-data/issues/40 

* w3c/webappsec-permissions-policy (+0/-0/💬3)
  1 issues received 3 new comments:
  - #189 Proposal: define default for all (3 by gapple, winter2x)
    https://github.com/w3c/webappsec-permissions-policy/issues/189 [feature question] 



Pull requests
-------------
* w3c/webappsec-subresource-integrity (+1/-1/💬2)
  1 pull requests submitted:
  - typo: content-encoding (by ioggstream)
    https://github.com/w3c/webappsec-subresource-integrity/pull/94 

  1 pull requests received 2 new comments:
  - #94 typo: content-encoding (2 by mozfreddyb, w3cbot)
    https://github.com/w3c/webappsec-subresource-integrity/pull/94 

  1 pull requests merged:
  - typo: content-encoding
    https://github.com/w3c/webappsec-subresource-integrity/pull/94 

* w3c/webappsec-csp (+2/-1/💬8)
  2 pull requests submitted:
  - Remove plugin-types (by antosart)
    https://github.com/w3c/webappsec-csp/pull/456 
  - Restore CSP Level 2 reporting envelope (by clelland)
    https://github.com/w3c/webappsec-csp/pull/454 

  3 pull requests received 8 new comments:
  - #456 Remove plugin-types (3 by annevk, domenic, mikewest)
    https://github.com/w3c/webappsec-csp/pull/456 
  - #454 Restore CSP Level 2 reporting envelope (3 by ArthurSonzogni, clelland)
    https://github.com/w3c/webappsec-csp/pull/454 
  - #287 Introduce 'webrtc-src'. (2 by annevk, zenhack)
    https://github.com/w3c/webappsec-csp/pull/287 

  1 pull requests merged:
  - Restore CSP Level 2 reporting envelope
    https://github.com/w3c/webappsec-csp/pull/454 

* w3c/webappsec-referrer-policy (+2/-2/💬0)
  2 pull requests submitted:
  - No need to use the word "associated" when referring to referrer policy (by domfarolino)
    https://github.com/w3c/webappsec-referrer-policy/pull/146 
  - Rebuild spec to correct a few things (by domfarolino)
    https://github.com/w3c/webappsec-referrer-policy/pull/145 

  2 pull requests merged:
  - No need to use the word "associated" when referring to referrer policy
    https://github.com/w3c/webappsec-referrer-policy/pull/146 
  - Rebuild spec to correct a few things
    https://github.com/w3c/webappsec-referrer-policy/pull/145 

* w3c/webappsec-secure-contexts (+1/-4/💬5)
  1 pull requests submitted:
  - Fix typo and remove duplicate words (by shisama)
    https://github.com/w3c/webappsec-secure-contexts/pull/86 

  5 pull requests received 5 new comments:
  - #86 Fix typo and remove duplicate words (1 by annevk)
    https://github.com/w3c/webappsec-secure-contexts/pull/86 
  - #80 Fix typo in example description (1 by annevk)
    https://github.com/w3c/webappsec-secure-contexts/pull/80 
  - #76 Meta: no more fork of WHATWG HTML (1 by annevk)
    https://github.com/w3c/webappsec-secure-contexts/pull/76 
  - #75 Always use creation URL to determine trustworthiness (1 by annevk)
    https://github.com/w3c/webappsec-secure-contexts/pull/75 
  - #51 Secure sheets (1 by annevk)
    https://github.com/w3c/webappsec-secure-contexts/pull/51 

  4 pull requests merged:
  - Fix typo and remove duplicate words
    https://github.com/w3c/webappsec-secure-contexts/pull/86 
  - Fix typo in example description
    https://github.com/w3c/webappsec-secure-contexts/pull/80 
  - Improve origin trustworthiness algorithm
    https://github.com/w3c/webappsec-secure-contexts/pull/77 
  - Update for HTML integration
    https://github.com/w3c/webappsec-secure-contexts/pull/84 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-unofficial-drafts


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 18 January 2021 17:00:24 UTC