- From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
- Date: Mon, 02 Dec 2024 17:00:29 +0000
- To: public-webappsec@w3.org
- Message-Id: <E1tI9mf-001pIp-0L@janus.w3.internal>
Issues
------
* w3c/webappsec-csp (+3/-0/💬4)
3 issues created:
- https://w3c.github.io/webappsec-csp/#report-violation invokes "Queue a task" without passing a task source (by mbrodesser-Igalia)
https://github.com/w3c/webappsec-csp/issues/696
- EnsureCSPDoesNotBlockStringCompilation uses incorrect compilationSink for Eval (by fred-wang)
https://github.com/w3c/webappsec-csp/issues/695
- Allow RFC3986 scheme relative URIs in host-source (by Mahoney)
https://github.com/w3c/webappsec-csp/issues/694
2 issues received 4 new comments:
- #688 Assigning `location.href` to a `javascript:...` is a form of eval (3 by arturjanc, dinofx)
https://github.com/w3c/webappsec-csp/issues/688
- #229 allow calls to new Function(); - but not to the actual constructed function. under csp unsafe-eval. (1 by fcano-ut)
https://github.com/w3c/webappsec-csp/issues/229
* w3c/webappsec-credential-management (+1/-0/💬1)
1 issues created:
- InvalidStateError for non-fully active documents conflicts with WebAuthn's InvalidStateError (by nsatragno)
https://github.com/w3c/webappsec-credential-management/issues/266
1 issues received 1 new comments:
- #266 InvalidStateError for non-fully active documents conflicts with WebAuthn's InvalidStateError (1 by nsatragno)
https://github.com/w3c/webappsec-credential-management/issues/266
* w3c/webappsec-referrer-policy (+1/-0/💬0)
1 issues created:
- Add additional security and privacy controls for referrer policies (by rshaner-stripe)
https://github.com/w3c/webappsec-referrer-policy/issues/174
* w3c/webappsec-trusted-types (+0/-0/💬1)
1 issues received 1 new comments:
- #94 Browser extensions vs Trusted Types (1 by NicBright)
https://github.com/w3c/trusted-types/issues/94
Pull requests
-------------
* w3c/webappsec-subresource-integrity (+0/-0/💬1)
1 pull requests received 1 new comments:
- #112 Update references and clarify section 3.5 in the current version of the spec (1 by domfarolino)
https://github.com/w3c/webappsec-subresource-integrity/pull/112
* w3c/webappsec-csp (+1/-0/💬13)
1 pull requests submitted:
- Hash reporting (by yoavweiss)
https://github.com/w3c/webappsec-csp/pull/693
2 pull requests received 13 new comments:
- #693 Hash reporting (11 by annevk, ddworken, yoavweiss)
https://github.com/w3c/webappsec-csp/pull/693
- #692 Use "navigation request's policy container's CSP list" instead of "navigation request's client's global object's CSP list" (2 by antosart, mbrodesser-Igalia)
https://github.com/w3c/webappsec-csp/pull/692
Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 2 December 2024 17:00:30 UTC