- From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
- Date: Mon, 29 Jan 2024 17:00:30 +0000
- To: public-webappsec@w3.org
- Message-Id: <E1rUUzm-00FSL2-Rd@uranus.w3.org>
Issues
------
* w3c/webappsec-csp (+1/-1/💬3)
1 issues created:
- Why is the Content-Security-Policy-Report-Only header field not supported in `<meta>` elements? (by mbrodesser-Igalia)
https://github.com/w3c/webappsec-csp/issues/640
1 issues received 3 new comments:
- #640 Why is the Content-Security-Policy-Report-Only header field not supported in `<meta>` elements? (3 by annevk, mbrodesser-Igalia)
https://github.com/w3c/webappsec-csp/issues/640
1 issues closed:
- CSP not working for certain hostnames https://github.com/w3c/webappsec-csp/issues/620
* w3c/webappsec-secure-contexts (+0/-0/💬2)
2 issues received 2 new comments:
- #78 localhost domains and HTTP/2 and beyond (1 by aerik)
https://github.com/w3c/webappsec-secure-contexts/issues/78
- #60 Using secure-context gated features with local devices (1 by aerik)
https://github.com/w3c/webappsec-secure-contexts/issues/60
* w3c/webappsec-trusted-types (+12/-5/💬43)
12 issues created:
- Duplication of some tests (by lukewarlow)
https://github.com/w3c/trusted-types/issues/426
- Improve test coverage for DOM integration in WPT (by koto)
https://github.com/w3c/trusted-types/issues/425
- Can lowercasing be removed from getAttributeType()? (by annevk)
https://github.com/w3c/trusted-types/issues/424
- getAttributeType() needs a rewrite (by annevk)
https://github.com/w3c/trusted-types/issues/423
- Why are cross-document vectors only partially adresseable with CSP propagation rules? (by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/422
- Can we add no-op/report? (by bkardell)
https://github.com/w3c/trusted-types/issues/421
- Ensure one representative of all classes of injection sinks is guarded with TT (by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/419
- Create pull request template (by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/415
- CreateXXX as specced can return null values but not marked as such in IDL (by lukewarlow)
https://github.com/w3c/trusted-types/issues/414
- Process value with default policy missing step? (by lukewarlow)
https://github.com/w3c/trusted-types/issues/413
- Either remove `fromLiteral` from v1 of the spec or add note to the spec that it'll be implemented later (by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/412
- Add `fromLiteral` (by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/411
17 issues received 43 new comments:
- #425 Improve test coverage for DOM integration in WPT (1 by lukewarlow)
https://github.com/w3c/trusted-types/issues/425
- #424 Can lowercasing be removed from getAttributeType()? (1 by annevk)
https://github.com/w3c/trusted-types/issues/424
- #422 Adressing cross-document vectors comprehensively relies on "origin-policy" which is a proposal which is on hold (4 by koto, mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/422
- #421 Can we add no-op/report? (7 by Sora2455, bkardell, koto, lukewarlow, mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/421
- #419 Ensure at least one representative of all classes of injection sinks is guarded with TT (2 by koto, mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/419
- #414 CreateXXX as specced can return null values but not marked as such in IDL (4 by koto, lukewarlow)
https://github.com/w3c/trusted-types/issues/414
- #413 Process value with default policy missing step? (1 by koto)
https://github.com/w3c/trusted-types/issues/413
- #412 Either remove `fromLiteral` from v1 of the spec or add a note to the spec that it'll be implemented later (1 by lukewarlow)
https://github.com/w3c/trusted-types/issues/412
- #402 Figure out what to do with `script.setAttribute('src')` (1 by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/402
- #400 Integration with WebIDL (1 by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/400
- #399 Is there agreement in the HTML-spec community that no new injection sinks will be added? (1 by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/399
- #398 Defer `fromLiteral`? (5 by caridy, koto, mbrodesser-Igalia, shhnjk)
https://github.com/w3c/trusted-types/issues/398 [proposed-removal]
- #385 Are all injection sinks covered by the spec? (4 by mbrodesser-Igalia, mozfreddyb)
https://github.com/w3c/trusted-types/issues/385
- #384 Are `getAttributeType` and `getPropertyType` methods neccessary? (3 by lukewarlow, mozfreddyb)
https://github.com/w3c/trusted-types/issues/384 [proposed-removal]
- #381 getAttributeType and getPropertyType should default to HTML namespace, not "" (1 by lukewarlow)
https://github.com/w3c/trusted-types/issues/381
- #379 should `null` & `undefined` for sinks requiring TT be a passthrough ? (4 by koto, mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/379
- #359 Maybe enforce Trusted Types in XSL's xsl:text (2 by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/359 [future]
5 issues closed:
- Are `getAttributeType` and `getPropertyType` methods neccessary? https://github.com/w3c/trusted-types/issues/384 [proposed-removal]
- CreateXXX as specced can return null values but not marked as such in IDL https://github.com/w3c/trusted-types/issues/414
- Process value with default policy missing step? https://github.com/w3c/trusted-types/issues/413 [bug]
- Defer `fromLiteral`? https://github.com/w3c/trusted-types/issues/398 [proposed-removal]
- Is there agreement in the HTML-spec community that no new injection sinks will be added? https://github.com/w3c/trusted-types/issues/399
Pull requests
-------------
* w3c/webappsec (+2/-2/💬0)
2 pull requests submitted:
- Tilt comments (part 2) (by plehegar)
https://github.com/w3c/webappsec/pull/642
- Tilt comments (by plehegar)
https://github.com/w3c/webappsec/pull/641
2 pull requests merged:
- Tilt comments (part 2)
https://github.com/w3c/webappsec/pull/642
- Tilt comments
https://github.com/w3c/webappsec/pull/641
* w3c/webappsec-csp (+1/-1/💬1)
1 pull requests submitted:
- Add optional trailing dot to host-part (by SaeidEid)
https://github.com/w3c/webappsec-csp/pull/639
1 pull requests received 1 new comments:
- #639 Add optional trailing dot to host-part (1 by antosart)
https://github.com/w3c/webappsec-csp/pull/639
1 pull requests merged:
- Add optional trailing dot to host-part
https://github.com/w3c/webappsec-csp/pull/639
* w3c/webappsec-trusted-types (+4/-3/💬6)
4 pull requests submitted:
- Extract Get Trusted Type content algorithm (by lukewarlow)
https://github.com/w3c/trusted-types/pull/420
- Rewrote DOM integration (by koto)
https://github.com/w3c/trusted-types/pull/418
- Stringify input when trusted type (by lukewarlow)
https://github.com/w3c/trusted-types/pull/417
- Add WPT block to spec to display test link (by lukewarlow)
https://github.com/w3c/trusted-types/pull/416
5 pull requests received 6 new comments:
- #420 Extract Get Trusted Type policy value algorithm (1 by koto)
https://github.com/w3c/trusted-types/pull/420
- #418 Rewrote DOM integration (2 by koto, mbrodesser-Igalia)
https://github.com/w3c/trusted-types/pull/418
- #416 Add WPT block to spec to display test link (1 by lukewarlow)
https://github.com/w3c/trusted-types/pull/416
- #406 Add integration with setHTMLUnsafe and parseHTMLUnsafe (1 by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/pull/406
- #405 Remove `fromLiteral` from spec. (1 by lukewarlow)
https://github.com/w3c/trusted-types/pull/405
3 pull requests merged:
- Extract Get Trusted Type policy value algorithm
https://github.com/w3c/trusted-types/pull/420
- Stringify input when trusted type
https://github.com/w3c/trusted-types/pull/417
- Add WPT block to spec to display test link
https://github.com/w3c/trusted-types/pull/416
Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 29 January 2024 17:00:33 UTC