Weekly github digest (WebAppSec specs)

Issues
------
* w3c/webappsec (+0/-0/💬1)
  1 issues received 1 new comments:
  - #645 Move OTR to Privacy Working Group (1 by rinchen)
    https://github.com/w3c/webappsec/issues/645 [charter] 

* w3c/webappsec-csp (+3/-0/💬3)
  3 issues created:
  - How to prevent an iframe with srcdoc and defined csp from inheriting the parent page's CSP policies (by JuanRojasC)
    https://github.com/w3c/webappsec-csp/issues/700 
  - EnsureCSPDoesNotBlockStringCompilation: caling "Get Trusted Type compliant string" (by fred-wang)
    https://github.com/w3c/webappsec-csp/issues/698 
  - EnsureCSPDoesNotBlockStringCompilation: Explain why we need to check TrustedScript's data (and add tests) (by fred-wang)
    https://github.com/w3c/webappsec-csp/issues/697 

  2 issues received 3 new comments:
  - #688 Assigning `location.href` to a `javascript:...` is a form of eval (1 by dinofx)
    https://github.com/w3c/webappsec-csp/issues/688 
  - #683 Introduce 'connect-certificate-hash' for WebTransport (2 by dveditz)
    https://github.com/w3c/webappsec-csp/issues/683 

* w3c/permissions (+1/-0/💬2)
  1 issues created:
  - Bring this document to CR (by jyasskin)
    https://github.com/w3c/permissions/issues/454 

  1 issues received 2 new comments:
  - #454 Bring this document to CR (2 by mikewest, simoneonofri)
    https://github.com/w3c/permissions/issues/454 

* w3c/webappsec-trusted-types (+3/-0/💬2)
  3 issues created:
  - Add tests for setInterval()/setTimeout() called from WorkerGlobalScope (by fred-wang)
    https://github.com/w3c/trusted-types/issues/568 
  - Add tests for worker constructors called from worker global scope (by fred-wang)
    https://github.com/w3c/trusted-types/issues/567 
  - Rely on WedIDL's "implements" definition for isHTML/isScript/isScriptURL? (by fred-wang)
    https://github.com/w3c/trusted-types/issues/566 

  1 issues received 2 new comments:
  - #566 Rely on WedIDL's "implements" definition for isHTML/isScript/isScriptURL? (2 by mbrodesser-Igalia)
    https://github.com/w3c/trusted-types/issues/566 



Pull requests
-------------
* w3c/webappsec-csp (+1/-1/💬15)
  1 pull requests submitted:
  - Fix eval compilationSink in EnsureCSPDoesNotBlockStringCompilation. (by fred-wang)
    https://github.com/w3c/webappsec-csp/pull/699 

  2 pull requests received 15 new comments:
  - #699 Fix eval compilationSink in EnsureCSPDoesNotBlockStringCompilation. (1 by fred-wang)
    https://github.com/w3c/webappsec-csp/pull/699 
  - #693 Hash reporting for scripts (14 by antosart, ddworken, mikewest, yoavweiss)
    https://github.com/w3c/webappsec-csp/pull/693 

  1 pull requests merged:
  - Hash reporting for scripts
    https://github.com/w3c/webappsec-csp/pull/693 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config