- From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
- Date: Mon, 15 Jan 2024 17:00:36 +0000
- To: public-webappsec@w3.org
- Message-Id: <E1rPQKC-009InV-Pt@uranus.w3.org>
Issues
------
* w3c/webappsec (+0/-0/💬1)
1 issues received 1 new comments:
- #638 Planning 2024-01-17. (1 by kyraseevers)
https://github.com/w3c/webappsec/issues/638
* w3c/webappsec-csp (+1/-0/💬1)
1 issues created:
- Does "Is Element Nonceable" apply to non-inline scripts? (by evilpie)
https://github.com/w3c/webappsec-csp/issues/635
1 issues received 1 new comments:
- #635 Does "Is Element Nonceable" apply to non-inline scripts? (1 by evilpie)
https://github.com/w3c/webappsec-csp/issues/635
* w3c/permissions (+1/-2/💬1)
1 issues created:
- Broken references in Permissions (by dontcallmedom-bot)
https://github.com/w3c/permissions/issues/433
1 issues received 1 new comments:
- #419 WebDriver: Make it possible to pass a different origin to "Set Permission" (1 by OrKoN)
https://github.com/w3c/permissions/issues/419
2 issues closed:
- Broken references in Permissions https://github.com/w3c/permissions/issues/433
- Umbrella / Meta: Browser Permissions for WebDriver BiDi as an extension module https://github.com/w3c/permissions/issues/424
* w3c/permissions-registry (+1/-0/💬0)
1 issues created:
- Broken references in Permissions Registry (by dontcallmedom-bot)
https://github.com/w3c/permissions-registry/issues/25
* w3c/webappsec-trusted-types (+12/-3/💬32)
12 issues created:
- Missing integration with new unsafe HTML parsing methods (by lukewarlow)
https://github.com/w3c/trusted-types/issues/403
- Figure out what to do with `script.setAttribute('src')` (by lukewarlow)
https://github.com/w3c/trusted-types/issues/402
- Is the `[[ScriptURL]]` slot needed? (by lukewarlow)
https://github.com/w3c/trusted-types/issues/401
- Integration with WebIDL (by lukewarlow)
https://github.com/w3c/trusted-types/issues/400
- Is there agreement in the HTML-spec community that no new injection sinks will be added? (by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/399
- Defer `fromLiteral`? (by lukewarlow)
https://github.com/w3c/trusted-types/issues/398
- Defer integration with Dynamic Code Brand Checks (by lukewarlow)
https://github.com/w3c/trusted-types/issues/397
- Incorrect assertion within Example 18 (by lukewarlow)
https://github.com/w3c/trusted-types/issues/393
- https://github.com/w3c/trusted-types/blob/main/CONTRIBUTING.md requires documentation how to locally generate the spec's HTML (by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/392
- [infra] This repositories GitHub actions are broken (by lukewarlow)
https://github.com/w3c/trusted-types/issues/390
- Mismatch between spec IDL and Chromium implementation for TrustedTypePolicyOptions (by lukewarlow)
https://github.com/w3c/trusted-types/issues/388
- Are `TrustedTypePolicy`;s `create*` methods intentionally not `readonly`? (by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/386
12 issues received 32 new comments:
- #403 Missing integration with new unsafe HTML parsing methods (1 by lukewarlow)
https://github.com/w3c/trusted-types/issues/403
- #399 Is there agreement in the HTML-spec community that no new injection sinks will be added? (3 by lukewarlow, mbrodesser-Igalia, mozfreddyb)
https://github.com/w3c/trusted-types/issues/399
- #398 Defer `fromLiteral`? (1 by lukewarlow)
https://github.com/w3c/trusted-types/issues/398
- #397 Defer integration with Dynamic Code Brand Checks? (3 by koto, lukewarlow)
https://github.com/w3c/trusted-types/issues/397
- #392 https://github.com/w3c/trusted-types/blob/main/CONTRIBUTING.md requires documentation how to locally generate the spec's HTML (2 by lukewarlow, mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/392
- #390 [infra] This repositories GitHub actions are broken (2 by koto, mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/390
- #388 Mismatch between spec IDL and Chromium implementation for TrustedTypePolicyOptions (2 by koto, lukewarlow)
https://github.com/w3c/trusted-types/issues/388
- #386 Are `TrustedTypePolicy`'s `create*` methods intentionally not `readonly`? (3 by koto, mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/386
- #385 Are all injection sinks covered by the spec? (6 by koto, lukewarlow, mbrodesser-Igalia, mozfreddyb)
https://github.com/w3c/trusted-types/issues/385
- #383 Should `require-trusted-types-for` support trusted scripts and trusted script URLs? (7 by koto, lukewarlow, mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/383
- #381 getAttributeType and getPropertyType should default to HTML namespace, not "" (1 by koto)
https://github.com/w3c/trusted-types/issues/381
- #270 JavaScript event for tracking (and blocking) policy creation (1 by lukewarlow)
https://github.com/w3c/trusted-types/issues/270 [spec] [future]
3 issues closed:
- https://github.com/w3c/trusted-types/blob/main/CONTRIBUTING.md requires documentation how to locally generate the spec's HTML https://github.com/w3c/trusted-types/issues/392
- [infra] This repositories GitHub actions are broken https://github.com/w3c/trusted-types/issues/390
- Mismatch between spec IDL and Chromium implementation for TrustedTypePolicyOptions https://github.com/w3c/trusted-types/issues/388
Pull requests
-------------
* w3c/webappsec (+1/-0/💬1)
1 pull requests submitted:
- Initial Content for the W3C WebAppSec WG Mitigations Wiki (by aaronshim)
https://github.com/w3c/webappsec/pull/639
1 pull requests received 1 new comments:
- #639 Initial Content for the W3C WebAppSec WG Mitigations Wiki (1 by mikewest)
https://github.com/w3c/webappsec/pull/639
* w3c/webappsec-csp (+1/-1/💬1)
1 pull requests submitted:
- Is-element-nonceable should check if the attribute's name |contains| <script or <style> (by evilpie)
https://github.com/w3c/webappsec-csp/pull/636
1 pull requests received 1 new comments:
- #564 Remove `navigate-to`. (1 by marsupilamimon)
https://github.com/w3c/webappsec-csp/pull/564
1 pull requests merged:
- Is-element-nonceable should check if the attribute's name |contains| <script or <style>
https://github.com/w3c/webappsec-csp/pull/636
* w3c/permissions (+3/-3/💬8)
3 pull requests submitted:
- Require an explicit origin for WebDriver BiDi automation (by OrKoN)
https://github.com/w3c/permissions/pull/436
- Editorial: Update link to accelerometer permission (by OrKoN)
https://github.com/w3c/permissions/pull/435
- Editorial: fix tidy errors (by OrKoN)
https://github.com/w3c/permissions/pull/434
4 pull requests received 8 new comments:
- #436 Require an explicit origin for WebDriver BiDi automation (2 by marcoscaceres, miketaylr)
https://github.com/w3c/permissions/pull/436
- #435 Editorial: Update link to accelerometer permission (1 by miketaylr)
https://github.com/w3c/permissions/pull/435
- #434 Editorial: fix tidy errors (4 by OrKoN, miketaylr)
https://github.com/w3c/permissions/pull/434
- #431 Introduce Browser Permissions for WebDriver BiDi (1 by miketaylr)
https://github.com/w3c/permissions/pull/431
3 pull requests merged:
- Editorial: fix tidy errors
https://github.com/w3c/permissions/pull/434
- Editorial: Update link to accelerometer permission
https://github.com/w3c/permissions/pull/435
- Introduce Browser Permissions for WebDriver BiDi
https://github.com/w3c/permissions/pull/431
* w3c/webappsec-cspee (+0/-0/💬1)
1 pull requests received 1 new comments:
- #28 Remove same-origin blanket enforcement (1 by jmyljml36)
https://github.com/w3c/webappsec-cspee/pull/28
* w3c/webappsec-trusted-types (+7/-5/💬0)
7 pull requests submitted:
- Collect HTML injection sinks and DOM XSS injection sinks under XSS injection sinks (by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/pull/404
- Add documentation how to locally translate spec changes from bikeshed to HTML (by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/pull/396
- Fix https://github.com/w3c/trusted-types/issues/388. (by koto)
https://github.com/w3c/trusted-types/pull/395
- Fixed bikeshed build. (by koto)
https://github.com/w3c/trusted-types/pull/394
- Removed commented out WPT Path Prefix from the metadata section (by koto)
https://github.com/w3c/trusted-types/pull/391
- Update callback IDL to return nullable types (by lukewarlow)
https://github.com/w3c/trusted-types/pull/389
- Correct identifier passed to StringContext attribute (by lukewarlow)
https://github.com/w3c/trusted-types/pull/387
5 pull requests merged:
- Add documentation how to locally translate spec changes from bikeshed to HTML
https://github.com/w3c/trusted-types/pull/396
- Fix https://github.com/w3c/trusted-types/issues/388.
https://github.com/w3c/trusted-types/pull/395
- Update callback IDL to return nullable types
https://github.com/w3c/trusted-types/pull/389
- Fixed bikeshed build.
https://github.com/w3c/trusted-types/pull/394
- Correct identifier passed to StringContext attribute
https://github.com/w3c/trusted-types/pull/387
Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 15 January 2024 17:00:40 UTC