W3C home > Mailing lists > Public > public-webappsec@w3.org > October 2021

Weekly github digest (WebAppSec specs)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 18 Oct 2021 17:00:41 +0000
To: public-webappsec@w3.org
Message-Id: <E1mcW09-0001Pu-E6@uranus.w3.org>



Issues
------
* w3c/webappsec-subresource-integrity (+0/-0/💬1)
  1 issues received 1 new comments:
  - #21 Consider integrity enforcement of iframe (1 by amark)
    https://github.com/w3c/webappsec-subresource-integrity/issues/21 [feature-request] 

* w3c/webappsec-csp (+3/-3/💬16)
  3 issues created:
  - Report a violation assumes violation's resource is a URL (by annevk)
    https://github.com/w3c/webappsec-csp/issues/519 
  - Request to Support Dynamic Resource Validation (by gulachek)
    https://github.com/w3c/webappsec-csp/issues/518 
  - Do not report violations after redirects (by antosart)
    https://github.com/w3c/webappsec-csp/issues/517 

  4 issues received 16 new comments:
  - #518 Request to Support Dynamic Resource Validation (2 by annevk, gulachek)
    https://github.com/w3c/webappsec-csp/issues/518 
  - #517 Do not report violations after redirects (10 by annevk, antosart, terjanq)
    https://github.com/w3c/webappsec-csp/issues/517 
  - #516 External color profiles and CSP (3 by annevk, mikewest, noamr)
    https://github.com/w3c/webappsec-csp/issues/516 
  - #8 CSP: form-action and redirects (1 by jub0bs)
    https://github.com/w3c/webappsec-csp/issues/8 [CSP] 

  3 issues closed:
  - Do not report violations after redirects https://github.com/w3c/webappsec-csp/issues/517 
  - Do not report violations after redirects https://github.com/w3c/webappsec-csp/issues/517 
  - Report a violation assumes violation's resource is a URL https://github.com/w3c/webappsec-csp/issues/519 

* w3c/permissions (+4/-2/💬3)
  4 issues created:
  - "accelerometer", (by marcoscaceres)
    https://github.com/w3c/permissions/issues/296 
  - Ensure "background-fetch" permission is integrated in Background Sync spec (by marcoscaceres)
    https://github.com/w3c/permissions/issues/295 
  - "midi", (by miketaylr)
    https://github.com/w3c/permissions/issues/294 
  - "push", (by miketaylr)
    https://github.com/w3c/permissions/issues/293 

  2 issues received 3 new comments:
  - #291 Ensure "notifications" permission is properly integrated into parent spec (2 by miketaylr)
    https://github.com/w3c/permissions/issues/291 
  - #191 Semantic Permission Bundles (1 by reillyeon)
    https://github.com/w3c/permissions/issues/191 

  2 issues closed:
  - `MidiPermissionDescriptor` in example 1 is confusing https://github.com/w3c/permissions/issues/197 [editorial] 
  - "accelerometer", https://github.com/w3c/permissions/issues/296 

* w3c/webappsec-trusted-types (+0/-0/💬4)
  1 issues received 4 new comments:
  - #342 CfC to publish as an FPWD. (4 by OR13, dveditz, mozfreddyb)
    https://github.com/w3c/webappsec-trusted-types/issues/342 

* w3c/webappsec-change-password-url (+1/-1/💬0)
  1 issues created:
  - @atanassov @astearns (by luze560715)
    https://github.com/w3c/webappsec-change-password-url/issues/35 

  1 issues closed:
  - @atanassov @astearns https://github.com/w3c/webappsec-change-password-url/issues/35 



Pull requests
-------------
* w3c/webappsec-subresource-integrity (+0/-0/💬2)
  1 pull requests received 2 new comments:
  - #103 Add some information for authors about the intent of the spec (2 by robinwhittleton, samuelweiler)
    https://github.com/w3c/webappsec-subresource-integrity/pull/103 [enhancement] 

* w3c/webappsec-csp (+1/-3/💬7)
  1 pull requests submitted:
  - Fix serialization of blockedURI (by antosart)
    https://github.com/w3c/webappsec-csp/pull/520 

  2 pull requests received 7 new comments:
  - #520 Fix serialization of blockedURI (4 by annevk, antosart)
    https://github.com/w3c/webappsec-csp/pull/520 
  - #293 Minimal specification of 'wasm-unsafe-eval' source directive (3 by annevk, antosart, fgmccabe)
    https://github.com/w3c/webappsec-csp/pull/293 

  3 pull requests merged:
  - Fix serialization of blockedURI
    https://github.com/w3c/webappsec-csp/pull/520 
  - Minimal specification of 'wasm-unsafe-eval' source directive
    https://github.com/w3c/webappsec-csp/pull/293 
  - Fix violation's resource for eval violations
    https://github.com/w3c/webappsec-csp/pull/515 

* w3c/permissions (+1/-2/💬1)
  1 pull requests submitted:
  - Editorial: update Notifications integration (by miketaylr)
    https://github.com/w3c/permissions/pull/292 

  1 pull requests received 1 new comments:
  - #282 Editorial: clarify how aspects are specified (1 by marcoscaceres)
    https://github.com/w3c/permissions/pull/282 

  2 pull requests merged:
  - Editorial: clarify how aspects are specified
    https://github.com/w3c/permissions/pull/282 
  - Editorial: update Notifications integration
    https://github.com/w3c/permissions/pull/292 

* w3c/webappsec-permissions-policy (+1/-1/💬0)
  1 pull requests submitted:
  - Fix typo in "Container policies" section (by reillyeon)
    https://github.com/w3c/webappsec-permissions-policy/pull/429 

  1 pull requests merged:
  - Fix typo in "Container policies" section
    https://github.com/w3c/webappsec-permissions-policy/pull/429 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 18 October 2021 17:00:43 UTC

This archive was generated by hypermail 2.4.0 : Monday, 18 October 2021 17:00:45 UTC