W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2022

Weekly github digest (WebAppSec specs)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 21 Feb 2022 17:00:33 +0000
To: public-webappsec@w3.org
Message-Id: <E1nMC37-0007wl-Li@uranus.w3.org>



Issues
------
* w3c/webappsec-csp (+2/-1/💬7)
  2 issues created:
  - Eval, callerRealm and calleeRealm (by antosart)
    https://github.com/w3c/webappsec-csp/issues/539 
  - What should the default be for the "webrtc" directive in workers? (by alvestrand)
    https://github.com/w3c/webappsec-csp/issues/538 

  3 issues received 7 new comments:
  - #539 Eval, callerRealm and calleeRealm (3 by annevk, antosart, domenic)
    https://github.com/w3c/webappsec-csp/issues/539 
  - #538 What should the default be for the "webrtc" directive in workers? (1 by antosart)
    https://github.com/w3c/webappsec-csp/issues/538 
  - #438 Cross-realm eval() calls and 'unsafe-eval' (3 by annevk, antosart, domenic)
    https://github.com/w3c/webappsec-csp/issues/438 

  1 issues closed:
  - Eval, callerRealm and calleeRealm https://github.com/w3c/webappsec-csp/issues/539 

* w3c/webappsec-credential-management (+1/-4/💬0)
  1 issues created:
  - Make [[Create]] consistently create its Credentials from a task (by jyasskin)
    https://github.com/w3c/webappsec-credential-management/issues/192 

  4 issues closed:
  - normal use case is 1 person per browser per domain and hence 1 single account per browser per domain https://github.com/w3c/webappsec-credential-management/issues/190 
  - is it necessary?: if (credential.type == 'password') https://github.com/w3c/webappsec-credential-management/issues/188 
  - id field should be optional https://github.com/w3c/webappsec-credential-management/issues/189 
  - security https://github.com/w3c/webappsec-credential-management/issues/191 

* w3c/permissions (+1/-2/💬2)
  1 issues created:
  - Removal of PermissionName broke downstream standards (by annevk)
    https://github.com/w3c/permissions/issues/366 

  2 issues received 2 new comments:
  - #243 Permissions states should be concepts (1 by marcoscaceres)
    https://github.com/w3c/permissions/issues/243 [editorial] 
  - #193 Add "background-playback" permission type? (1 by marcoscaceres)
    https://github.com/w3c/permissions/issues/193 [question] 

  2 issues closed:
  - Permissions states should be concepts https://github.com/w3c/permissions/issues/243 [editorial] 
  - Add "background-playback" permission type? https://github.com/w3c/permissions/issues/193 [question] 

* w3c/webappsec-permissions-policy (+0/-0/💬1)
  1 issues received 1 new comments:
  - #444 Permissions Policy unload (1 by fergald)
    https://github.com/w3c/webappsec-permissions-policy/issues/444 

* w3c/webappsec-trusted-types (+4/-0/💬1)
  4 issues created:
  - Can we conditionally enforce Trusted Types based on document response type in XHR? (by shhnjk)
    https://github.com/w3c/webappsec-trusted-types/issues/360 
  - Maybe enforce Trusted Types in XSL's xsl:text (by shhnjk)
    https://github.com/w3c/webappsec-trusted-types/issues/359 
  - Maybe enforce Trusted Types in document.createProcessingInstruction? (by shhnjk)
    https://github.com/w3c/webappsec-trusted-types/issues/358 
  - Add SVG <use> href attribute to Trusted Types enforcement (by shhnjk)
    https://github.com/w3c/webappsec-trusted-types/issues/357 

  1 issues received 1 new comments:
  - #360 Can we conditionally enforce Trusted Types based on document response type in XHR? (1 by craigfrancis)
    https://github.com/w3c/webappsec-trusted-types/issues/360 



Pull requests
-------------
* w3c/webappsec-csp (+1/-0/💬7)
  1 pull requests submitted:
  - Do not check callerRealm for eval (by antosart)
    https://github.com/w3c/webappsec-csp/pull/540 

  2 pull requests received 7 new comments:
  - #540 Do not check callerRealm for eval (3 by antosart)
    https://github.com/w3c/webappsec-csp/pull/540 
  - #457 Introduce 'webrtc' as a simple on/off switch (4 by annevk, antosart, zenhack)
    https://github.com/w3c/webappsec-csp/pull/457 

* w3c/permissions (+2/-3/💬3)
  2 pull requests submitted:
  - Handle non-fully-active documents (by marcoscaceres)
    https://github.com/w3c/permissions/pull/365 
  - Editorial: Add linking-text for "specifies a powerful feature" (by miketaylr)
    https://github.com/w3c/permissions/pull/363 

  3 pull requests received 3 new comments:
  - #365 Handle non-fully-active documents (1 by marcoscaceres)
    https://github.com/w3c/permissions/pull/365 
  - #363 Editorial: Add linking-text for "specifies a powerful feature" (1 by miketaylr)
    https://github.com/w3c/permissions/pull/363 
  - #249 Handle not fully active documents when querying Permissions API (1 by marcoscaceres)
    https://github.com/w3c/permissions/pull/249 

  3 pull requests merged:
  - Editorial: Add linking-text for "specifies a powerful feature"
    https://github.com/w3c/permissions/pull/363 
  - Editorial: bring back Automated Testing into spec
    https://github.com/w3c/permissions/pull/346 
  - Add requirements for specifying Powerful Features
    https://github.com/w3c/permissions/pull/362 

* w3c/webappsec-change-password-url (+0/-1/💬1)
  1 pull requests received 1 new comments:
  - #37 Add 1Password (1 by w3cbot)
    https://github.com/w3c/webappsec-change-password-url/pull/37 

  1 pull requests merged:
  - Add 1Password
    https://github.com/w3c/webappsec-change-password-url/pull/37 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 21 February 2022 17:00:36 UTC

This archive was generated by hypermail 2.4.0 : Monday, 21 February 2022 17:00:37 UTC