- From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
- Date: Mon, 26 Jul 2021 17:00:40 +0000
- To: public-webappsec@w3.org
- Message-Id: <E1m83y4-0003i1-8n@uranus.w3.org>
Issues
------
* w3c/webappsec (+0/-0/💬15)
1 issues received 15 new comments:
- #596 [meta] Adopting the Sanitizer API (15 by annevk, domenic, mikewest, msporny, otherdaniel, wseltzer)
https://github.com/w3c/webappsec/issues/596 [charter]
* w3c/webappsec-subresource-integrity (+0/-0/💬4)
1 issues received 4 new comments:
- #102 Add recommendation to use SRI for versioned & stable resources (4 by bchapuis, mikewest, robinwhittleton)
https://github.com/w3c/webappsec-subresource-integrity/issues/102
* w3c/webappsec-csp (+0/-0/💬2)
2 issues received 2 new comments:
- #506 Consider adding import-src (1 by shhnjk)
https://github.com/w3c/webappsec-csp/issues/506
- #215 Multiple CSP headers restriction is unclear (1 by 3dyd)
https://github.com/w3c/webappsec-csp/issues/215
* w3c/permissions (+1/-1/💬12)
1 issues created:
- Add a fourth permission state "grantable without a prompt"? (by mkruisselbrink)
https://github.com/w3c/permissions/issues/250
4 issues received 12 new comments:
- #250 Add a fourth permission state "grantable without a prompt"? (4 by marcoscaceres, mkruisselbrink, tomayac)
https://github.com/w3c/permissions/issues/250
- #162 Handle non-fully-active documents (5 by jyasskin, marcoscaceres)
https://github.com/w3c/permissions/issues/162
- #158 A more modest request() (1 by marcoscaceres)
https://github.com/w3c/permissions/issues/158
- #150 Media autoplay permission (2 by marcoscaceres, ndvbd)
https://github.com/w3c/permissions/issues/150 [question]
1 issues closed:
- A more modest request() https://github.com/w3c/permissions/issues/158
* w3c/webappsec-secure-contexts (+1/-0/💬0)
1 issues created:
- Remove Discovery API example? (by bathos)
https://github.com/w3c/webappsec-secure-contexts/issues/90
* w3c/webappsec-fetch-metadata (+0/-11/💬10)
9 issues received 10 new comments:
- #71 Sec-Fetch-User and Sec-Fetch-Site for user-initiated UI navigations (2 by annevk, mikewest)
https://github.com/w3c/webappsec-fetch-metadata/issues/71
- #57 Link to Editor's Draft should target actual spec (1 by mikewest)
https://github.com/w3c/webappsec-fetch-metadata/issues/57
- #54 Should we ignore invalid values? (1 by mikewest)
https://github.com/w3c/webappsec-fetch-metadata/issues/54
- #46 `<portal>` should result in a "nested" navigation. (1 by mikewest)
https://github.com/w3c/webappsec-fetch-metadata/issues/46
- #39 Sending `Sec-Fetch-Site: none` after redirects from directly user-initiated requests (1 by mikewest)
https://github.com/w3c/webappsec-fetch-metadata/issues/39
- #37 Handling iframing via <embed> / <object> (1 by mikewest)
https://github.com/w3c/webappsec-fetch-metadata/issues/37
- #29 Update Redirect section with HTTPS->HTTP behavior (1 by mikewest)
https://github.com/w3c/webappsec-fetch-metadata/issues/29
- #28 Why is `Sec-Fetch-Site` based on the full URL redirect chain? (1 by mikewest)
https://github.com/w3c/webappsec-fetch-metadata/issues/28
- #27 FAQ: How to use this for hotlinking protection (1 by mikewest)
https://github.com/w3c/webappsec-fetch-metadata/issues/27
11 issues closed:
- Extensions behavior is not defined https://github.com/w3c/webappsec-fetch-metadata/issues/12
- `Sec-Fetch-Site` for requests from extension background pages https://github.com/w3c/webappsec-fetch-metadata/issues/47
- Sending `Sec-Fetch-Site: none` after redirects from directly user-initiated requests https://github.com/w3c/webappsec-fetch-metadata/issues/39
- Should we ignore invalid values? https://github.com/w3c/webappsec-fetch-metadata/issues/54
- FAQ: How to use this for hotlinking protection https://github.com/w3c/webappsec-fetch-metadata/issues/27
- Why is `Sec-Fetch-Site` based on the full URL redirect chain? https://github.com/w3c/webappsec-fetch-metadata/issues/28
- Update Redirect section with HTTPS->HTTP behavior https://github.com/w3c/webappsec-fetch-metadata/issues/29
- Handling iframing via <embed> / <object> https://github.com/w3c/webappsec-fetch-metadata/issues/37
- `<portal>` should result in a "nested" navigation. https://github.com/w3c/webappsec-fetch-metadata/issues/46
- Link to Editor's Draft should target actual spec https://github.com/w3c/webappsec-fetch-metadata/issues/57
- Remove outstanding issues https://github.com/w3c/webappsec-fetch-metadata/issues/73
* w3c/webappsec-trusted-types (+1/-0/💬3)
1 issues created:
- Create [TrustedTypes].fromLiteral method (by shhnjk)
https://github.com/w3c/webappsec-trusted-types/issues/347
2 issues received 3 new comments:
- #347 Create [TrustedTypes].fromLiteral method (2 by Sora2455, koto)
https://github.com/w3c/webappsec-trusted-types/issues/347
- #345 Bypass using execCommand (1 by koto)
https://github.com/w3c/webappsec-trusted-types/issues/345
Pull requests
-------------
* w3c/webappsec (+1/-2/💬0)
1 pull requests submitted:
- [charter] typos/clarity (by samuelweiler)
https://github.com/w3c/webappsec/pull/598
2 pull requests merged:
- [charter] typos/clarity
https://github.com/w3c/webappsec/pull/598
- [charter] add doc policy; remove CSP:EE, SRI, Suborigins, Origin Policy
https://github.com/w3c/webappsec/pull/597
* w3c/permissions (+3/-2/💬3)
3 pull requests submitted:
- Remove 'device-info' permission (by marcoscaceres)
https://github.com/w3c/permissions/pull/253
- s/Screen Capture/Display Capture (by eladalon1983)
https://github.com/w3c/permissions/pull/252
- Fix typo (by tomayac)
https://github.com/w3c/permissions/pull/251
2 pull requests received 3 new comments:
- #253 Remove 'device-info' permission (2 by marcoscaceres)
https://github.com/w3c/permissions/pull/253
- #252 s/Screen Capture/Display Capture (1 by marcoscaceres)
https://github.com/w3c/permissions/pull/252
2 pull requests merged:
- s/Screen Capture/Display Capture
https://github.com/w3c/permissions/pull/252
- Fix typo
https://github.com/w3c/permissions/pull/251
* w3c/webappsec-fetch-metadata (+1/-2/💬5)
1 pull requests submitted:
- Add considerations for extension contexts. (by mikewest)
https://github.com/w3c/webappsec-fetch-metadata/pull/76
1 pull requests received 5 new comments:
- #76 Add considerations for extension contexts. (5 by annevk, arturjanc, mikewest)
https://github.com/w3c/webappsec-fetch-metadata/pull/76
2 pull requests merged:
- Add considerations for extension contexts.
https://github.com/w3c/webappsec-fetch-metadata/pull/76
- Clean up the integration with HTML and Fetch.
https://github.com/w3c/webappsec-fetch-metadata/pull/75
* w3c/webappsec-trusted-types (+0/-1/💬2)
1 pull requests received 2 new comments:
- #346 fix typos (2 by koto, w3cbot)
https://github.com/w3c/webappsec-trusted-types/pull/346
1 pull requests merged:
- fix typos
https://github.com/w3c/webappsec-trusted-types/pull/346
Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 26 July 2021 17:00:42 UTC