W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2022

Weekly github digest (WebAppSec specs)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 19 Sep 2022 17:00:34 +0000
To: public-webappsec@w3.org
Message-Id: <E1oaK8I-00HGDy-5h@uranus.w3.org>



Issues
------
* w3c/webappsec-subresource-integrity (+0/-0/💬1)
  1 issues received 1 new comments:
  - #21 Consider integrity enforcement of iframe (1 by nathanfranke)
    https://github.com/w3c/webappsec-subresource-integrity/issues/21 [feature-request] 

* w3c/webappsec-csp (+1/-1/💬4)
  1 issues created:
  - The editor's draft includes several features that no one has shipped. (by mikewest)
    https://github.com/w3c/webappsec-csp/issues/563 

  1 issues received 4 new comments:
  - #563 The editor's draft includes several features that no one has shipped. (4 by annevk, mikewest)
    https://github.com/w3c/webappsec-csp/issues/563 

  1 issues closed:
  - "Get the effective directive for request" should handle at least worklets https://github.com/w3c/webappsec-csp/issues/554 

* w3c/webappsec-credential-management (+0/-1/💬0)
  1 issues closed:
  - Specify what happens when a credential request is issued while another one is in progress https://github.com/w3c/webappsec-credential-management/issues/206 [type:technical] 

* w3c/permissions-registry (+0/-0/💬3)
  2 issues received 3 new comments:
  - #11 Removal of PermissionName broke downstream standards (1 by rakuco)
    https://github.com/w3c/permissions-registry/issues/11 
  - #4 CFC for publication as a "Draft Registry" (2 by annevk, miketaylr)
    https://github.com/w3c/permissions-registry/issues/4 

* w3c/webappsec-permissions-policy (+0/-0/💬3)
  2 issues received 3 new comments:
  - #386 Usefulness of reporting in Permissions Policy (1 by bartoszniemczura)
    https://github.com/w3c/webappsec-permissions-policy/issues/386 
  - #208 How do I disable everything? (2 by AramZS, samuelweiler)
    https://github.com/w3c/webappsec-permissions-policy/issues/208 [feature question] 

* w3c/webappsec-trusted-types (+1/-1/💬1)
  1 issues created:
  - TrustedHTML.fromLiteral is exposed in workers but assumes the current global is a Window (by Ms2ger)
    https://github.com/w3c/webappsec-trusted-types/issues/374 

  1 issues received 1 new comments:
  - #363 Figure out if there is a better way to guard navigations to `javascript:` across documents (1 by shhnjk)
    https://github.com/w3c/webappsec-trusted-types/issues/363 

  1 issues closed:
  - Figure out if there is a better way to guard navigations to `javascript:` across documents https://github.com/w3c/webappsec-trusted-types/issues/363 



Pull requests
-------------
* w3c/webappsec (+1/-1/💬0)
  1 pull requests submitted:
  - Adding my name to attendees list (by seanturner)
    https://github.com/w3c/webappsec/pull/615 

  1 pull requests merged:
  - Adding my name to attendees list
    https://github.com/w3c/webappsec/pull/615 

* w3c/webappsec-csp (+1/-3/💬3)
  1 pull requests submitted:
  - Remove `navigate-to`. (by mikewest)
    https://github.com/w3c/webappsec-csp/pull/564 

  2 pull requests received 3 new comments:
  - #564 Remove `navigate-to`. (2 by antosart, mikewest)
    https://github.com/w3c/webappsec-csp/pull/564 
  - #555 Return correct effective directive for worklets (1 by mikewest)
    https://github.com/w3c/webappsec-csp/pull/555 

  3 pull requests merged:
  - Remove `navigate-to`.
    https://github.com/w3c/webappsec-csp/pull/564 
  - Return correct effective directive for worklets
    https://github.com/w3c/webappsec-csp/pull/555 
  - Editorial: Clarify the role of `'none'` in source lists.
    https://github.com/w3c/webappsec-csp/pull/534 

* w3c/webappsec-credential-management (+1/-1/💬4)
  1 pull requests submitted:
  - Add support for publickey-credentials-create permission policy (by stephenmcgruer)
    https://github.com/w3c/webappsec-credential-management/pull/209 

  2 pull requests received 4 new comments:
  - #209 Add support for publickey-credentials-create permission policy (2 by stephenmcgruer)
    https://github.com/w3c/webappsec-credential-management/pull/209 
  - #207 Disallow multiple in-progress credential requests (2 by npm1, nsatragno)
    https://github.com/w3c/webappsec-credential-management/pull/207 

  1 pull requests merged:
  - Disallow multiple in-progress credential requests
    https://github.com/w3c/webappsec-credential-management/pull/207 

* w3c/webappsec-permissions-policy (+3/-1/💬2)
  3 pull requests submitted:
  - Use spec-prod instead of Travis CI. (by jyasskin)
    https://github.com/w3c/webappsec-permissions-policy/pull/486 
  - Turn on PR Preview (by jyasskin)
    https://github.com/w3c/webappsec-permissions-policy/pull/485 
  - Reference "generate and queue a report" (by clelland)
    https://github.com/w3c/webappsec-permissions-policy/pull/484 

  2 pull requests received 2 new comments:
  - #486 Use spec-prod instead of Travis CI. (1 by jyasskin)
    https://github.com/w3c/webappsec-permissions-policy/pull/486 
  - #482 Wildcards in Permissions Policy Origins (1 by arichiv)
    https://github.com/w3c/webappsec-permissions-policy/pull/482 

  1 pull requests merged:
  - Editorial: export * and 'self'
    https://github.com/w3c/webappsec-permissions-policy/pull/474 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 19 September 2022 17:00:36 UTC

This archive was generated by hypermail 2.4.0 : Monday, 19 September 2022 17:00:38 UTC