- From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
- Date: Mon, 26 Feb 2024 17:00:25 +0000
- To: public-webappsec@w3.org
- Message-Id: <E1reeL3-00C1Eb-NJ@uranus.w3.org>
Issues
------
* w3c/webappsec (+1/-0/💬2)
1 issues created:
- Planning the 2024-03-20 meeting (by dveditz)
https://github.com/w3c/webappsec/issues/643
1 issues received 2 new comments:
- #643 Planning the 2024-03-20 meeting (2 by javifernandez, twiss)
https://github.com/w3c/webappsec/issues/643
* w3c/webappsec-csp (+0/-2/💬2)
1 issues received 2 new comments:
- #631 Problem with SecurityPolicyViolationEvent constructor and optional init dict (2 by SaeidEid, antosart)
https://github.com/w3c/webappsec-csp/issues/631
2 issues closed:
- [TIMING] references broken https://github.com/w3c/webappsec-csp/issues/644
- Problem with SecurityPolicyViolationEvent constructor and optional init dict https://github.com/w3c/webappsec-csp/issues/631
* w3c/webappsec-permissions-policy (+1/-0/💬3)
1 issues created:
- Query: Can trusted subframe allocate permission to one of it's subframe with a cross-domain (by aromalanil)
https://github.com/w3c/webappsec-permissions-policy/issues/542
2 issues received 3 new comments:
- #542 Query: Can trusted subframe allocate permission to one of it's cross-domain subframe (2 by aromalanil, clelland)
https://github.com/w3c/webappsec-permissions-policy/issues/542
- #273 Prevent programmatic focus in iframe (1 by JoeAzar)
https://github.com/w3c/webappsec-permissions-policy/issues/273 [proposed feature]
* w3c/webappsec-trusted-types (+12/-3/💬31)
12 issues created:
- `getPropertyType()` needs a rewrite()? (by lukewarlow)
https://github.com/w3c/trusted-types/issues/456
- Ensure spec PR's diffs are generated correctly (by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/455
- https://w3c.github.io/trusted-types/dist/spec/#webidl-validate-the-string-in-context should link to the HTML standard's definition of how the validation is performed (by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/454
- Consider deleting the master branch as it's superseded by the main branch (by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/452
- Is there a convenient way to see the rendered diff a spec PR? (by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/451
- Is it intended that non-injection sinks may be assigned with trusted types? (by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/449
- Add test for `setAttributeNS` with an event handler (by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/448
- <Element-setAttributeNS.html> contains commented out test and seems to duplicate other tests (by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/447
- Should the polyfill be moved? (by lukewarlow)
https://github.com/w3c/trusted-types/issues/444 [polyfill]
- Integration with Shadow Realms? (by lukewarlow)
https://github.com/w3c/trusted-types/issues/442
- Integration with DOM Parts API (by lukewarlow)
https://github.com/w3c/trusted-types/issues/441
- MIssing IDL changes compared to Chromium (by lukewarlow)
https://github.com/w3c/trusted-types/issues/438
11 issues received 31 new comments:
- #455 Ensure spec PR's diffs are generated correctly (2 by koto, mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/455
- #454 https://w3c.github.io/trusted-types/dist/spec/#webidl-validate-the-string-in-context should link to the HTML standard's definition of how the validation is performed (3 by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/454
- #452 Consider deleting the master branch as it's superseded by the main branch (1 by koto)
https://github.com/w3c/trusted-types/issues/452
- #449 Is it intended that non-injection sinks may be assigned with trusted types? (2 by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/449
- #442 Integration with Shadow Realms? (5 by caridy, lukewarlow, mhofman, nicolo-ribaudo)
https://github.com/w3c/trusted-types/issues/442
- #438 Integration with DOM APIs (1 by lukewarlow)
https://github.com/w3c/trusted-types/issues/438 [spec]
- #437 Issue with script enforcement (6 by lukewarlow, mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/437 [bug] [spec]
- #424 Can lowercasing be removed from getAttributeType()? (1 by lukewarlow)
https://github.com/w3c/trusted-types/issues/424
- #221 Figure out if we need `'trusted-script'` in `script-src` (2 by caridy, lukewarlow)
https://github.com/w3c/trusted-types/issues/221
- #207 Finalize the integrations that guard eval & Function.constructor (7 by caridy, lukewarlow, ptomato)
https://github.com/w3c/trusted-types/issues/207 [tc39]
- #143 Clarify interaction between unsafe-eval and TrustedScript. (1 by lukewarlow)
https://github.com/w3c/trusted-types/issues/143
3 issues closed:
- Ensure spec PR's diffs are generated correctly https://github.com/w3c/trusted-types/issues/455
- Consider deleting the master branch as it's superseded by the main branch https://github.com/w3c/trusted-types/issues/452
- Is there a convenient way to see the rendered diff a spec PR? https://github.com/w3c/trusted-types/issues/451
Pull requests
-------------
* w3c/webappsec-csp (+2/-2/💬0)
2 pull requests submitted:
- Fix reference link for [TIMING] (by antosart)
https://github.com/w3c/webappsec-csp/pull/646
- Remove required condition on the attributes fror SecurityPolicyViolationEventInit dict (by SaeidEid)
https://github.com/w3c/webappsec-csp/pull/645
2 pull requests merged:
- Fix reference link for [TIMING]
https://github.com/w3c/webappsec-csp/pull/646
- Remove required condition on the attributes fror SecurityPolicyViolationEventInit dict
https://github.com/w3c/webappsec-csp/pull/645
* w3c/webappsec-trusted-types (+8/-5/💬19)
8 pull requests submitted:
- Rewrite metadata functions (by lukewarlow)
https://github.com/w3c/trusted-types/pull/457
- Test for preview diff, don't merg (by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/pull/453
- Extract `Does sink type require trusted types?` to its own algorithm (by lukewarlow)
https://github.com/w3c/trusted-types/pull/450
- Remove superfluous condition (by lukewarlow)
https://github.com/w3c/trusted-types/pull/446
- Update dynamic code compilation support (by lukewarlow)
https://github.com/w3c/trusted-types/pull/445
- Remove pre-commit hooks (by lukewarlow)
https://github.com/w3c/trusted-types/pull/443
- Add missing IDL changes to Parent and Child Node mixins from dom spec (by lukewarlow)
https://github.com/w3c/trusted-types/pull/440
- Make gitignore more exhaustive (by lukewarlow)
https://github.com/w3c/trusted-types/pull/439
2 pull requests received 19 new comments:
- #450 Extract `Does sink type require trusted types?` to its own algorithm (7 by koto, lukewarlow, mbrodesser-Igalia)
https://github.com/w3c/trusted-types/pull/450
- #440 Add missing IDL changes to Parent and Child Node mixins from dom spec (12 by lukewarlow, mbrodesser-Igalia)
https://github.com/w3c/trusted-types/pull/440
5 pull requests merged:
- Add example for CSP header with `'none'`
https://github.com/w3c/trusted-types/pull/453
- Extract `Does sink type require trusted types?` to its own algorithm
https://github.com/w3c/trusted-types/pull/450
- Remove superfluous condition
https://github.com/w3c/trusted-types/pull/446
- Make gitignore more exhaustive
https://github.com/w3c/trusted-types/pull/439
- Remove pre-commit hooks
https://github.com/w3c/trusted-types/pull/443
Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 26 February 2024 17:00:27 UTC