Weekly github digest (WebAppSec specs)

Issues
------
* w3c/webappsec-csp (+1/-2/💬5)
  1 issues created:
  - How to block javascript injection in app webview. (by lufengd3)
    https://github.com/w3c/webappsec-csp/issues/570 

  3 issues received 5 new comments:
  - #570 How to block javascript injection in app webview. (2 by jonathanKingston, lufengd3)
    https://github.com/w3c/webappsec-csp/issues/570 
  - #545 “Report a violation” can seemingly reach “fire an event at” w/ WorkletGlobalScope (1 by antosart)
    https://github.com/w3c/webappsec-csp/issues/545 
  - #336 Should Workers inherit CSP directives from the parent context? (2 by antosart, codehag)
    https://github.com/w3c/webappsec-csp/issues/336 

  2 issues closed:
  - Should Workers inherit CSP directives from the parent context? https://github.com/w3c/webappsec-csp/issues/336 
  - “Report a violation” can seemingly reach “fire an event at” w/ WorkletGlobalScope https://github.com/w3c/webappsec-csp/issues/545 

* w3c/permissions (+1/-0/💬3)
  1 issues created:
  - Can we more formally define the "Permission Store" (by annevk)
    https://github.com/w3c/permissions/issues/384 

  1 issues received 3 new comments:
  - #384 Can we more formally define the "Permission Store" (3 by annevk, johannhof, jyasskin)
    https://github.com/w3c/permissions/issues/384 



Pull requests
-------------
* w3c/webappsec-csp (+2/-3/💬12)
  2 pull requests submitted:
  - Fix validation of CSS markup (by antosart)
    https://github.com/w3c/webappsec-csp/pull/569 
  - Define securitypolicyviolation event (by tidoust)
    https://github.com/w3c/webappsec-csp/pull/568 

  4 pull requests received 12 new comments:
  - #569 Fix validation of CSS markup (2 by antosart, sideshowbarker)
    https://github.com/w3c/webappsec-csp/pull/569 
  - #568 Define securitypolicyviolation event (6 by antosart, dontcallmedom, tidoust)
    https://github.com/w3c/webappsec-csp/pull/568 
  - #567 Add support for the webidentity destination (2 by antosart, cbiesinger)
    https://github.com/w3c/webappsec-csp/pull/567 
  - #564 Remove `navigate-to`. (2 by dveditz, mozfreddyb)
    https://github.com/w3c/webappsec-csp/pull/564 

  3 pull requests merged:
  - Add support for the webidentity destination
    https://github.com/w3c/webappsec-csp/pull/567 
  - Define securitypolicyviolation event
    https://github.com/w3c/webappsec-csp/pull/568 
  - Fix validation of CSS markup
    https://github.com/w3c/webappsec-csp/pull/569 

* w3c/webappsec-permissions-policy (+0/-0/💬3)
  2 pull requests received 3 new comments:
  - #482 Wildcards in Permissions Policy Origins (2 by annevk, arichiv)
    https://github.com/w3c/webappsec-permissions-policy/pull/482 
  - #438 add experimental features join-ad-interest-group and run-ad-auction (1 by qingxinwu)
    https://github.com/w3c/webappsec-permissions-policy/pull/438 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config