Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2024-07-15 (public-webappsec@w3.org from July 2024)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 15 Jul 2024 17:00:24 +0000
To: public-webappsec@w3.org
Message-Id: <E1sTP3o-005tia-2T@janus.w3.internal>
Issues
------
* w3c/webappsec (+1/-0/💬3)
  1 issues created:
  - Note for Standardizing Security Semantics of Cross-Site Cookies (by DCtheTall)
    https://github.com/w3c/webappsec/issues/653 

  1 issues received 3 new comments:
  - #653 Note for Standardizing Security Semantics of Cross-Site Cookies (3 by mikewest, simoneonofri)
    https://github.com/w3c/webappsec/issues/653 

* w3c/webappsec-csp (+2/-2/💬6)
  2 issues created:
  - CSP Report Does Not Reflect Redirected Blocked Domains (by ConardLi)
    https://github.com/w3c/webappsec-csp/issues/672 
  - Queries about exfiltration? (by Blason)
    https://github.com/w3c/webappsec-csp/issues/671 

  4 issues received 6 new comments:
  - #671 Queries about exfiltration? (1 by annevk)
    https://github.com/w3c/webappsec-csp/issues/671 
  - #670 Even though I have domains specified in the CSP policy violations still appear (2 by Blason, mikewest)
    https://github.com/w3c/webappsec-csp/issues/670 
  - #658 Possibility to block all javascript: URLs (2 by awwright, norman-cmt)
    https://github.com/w3c/webappsec-csp/issues/658 
  - #277 Allow CSP-Report-Only in meta tags. (1 by Xavier59)
    https://github.com/w3c/webappsec-csp/issues/277 

  2 issues closed:
  - Queries about exfiltration? https://github.com/w3c/webappsec-csp/issues/671 
  - Even though I have domains specified in the CSP policy violations still appear https://github.com/w3c/webappsec-csp/issues/670 

* w3c/webappsec-credential-management (+1/-0/💬3)
  1 issues created:
  - Disallow multiple types via navigator.credentials's methods (by marcoscaceres)
    https://github.com/w3c/webappsec-credential-management/issues/244 

  1 issues received 3 new comments:
  - #243 Consider not running internal methods in parallel or add "consumes user activation" to registry? (3 by bvandersloot-mozilla, marcoscaceres, nsatragno)
    https://github.com/w3c/webappsec-credential-management/issues/243 

* w3c/webappsec-secure-contexts (+0/-0/💬1)
  1 issues received 1 new comments:
  - #104 Rescind this specification (1 by dveditz)
    https://github.com/w3c/webappsec-secure-contexts/issues/104 

* w3c/webappsec-clear-site-data (+1/-0/💬7)
  1 issues created:
  - web preferences api (by bkardell)
    https://github.com/w3c/webappsec-clear-site-data/issues/83 

  3 issues received 7 new comments:
  - #83 web preferences api (1 by annevk)
    https://github.com/w3c/webappsec-clear-site-data/issues/83 
  - #82 Clear a specific cookie (2 by annevk, johannhof)
    https://github.com/w3c/webappsec-clear-site-data/issues/82 
  - #81 Clear a specific URL from cache (4 by mnot, yoavweiss)
    https://github.com/w3c/webappsec-clear-site-data/issues/81 

* w3c/webappsec-trusted-types (+2/-2/💬6)
  2 issues created:
  - Should the default policy be invoked when trusted types are not required? (by mbrodesser-Igalia)
    https://github.com/w3c/trusted-types/issues/536 
  - Should "Get Trusted Type compliant string" check `isHTML`/`isScript/`isScriptURL/`? (by mbrodesser-Igalia)
    https://github.com/w3c/trusted-types/issues/534 

  4 issues received 6 new comments:
  - #536 Should the default policy be invoked when trusted types are not required? (3 by koto, mbrodesser-Igalia)
    https://github.com/w3c/trusted-types/issues/536 
  - #517 Should all 3 script IDL setters change the associated script text value identically (1 by lukewarlow)
    https://github.com/w3c/trusted-types/issues/517 [spec] 
  - #432 TrustedTypePolicyFactory getTypeMapping() missing from spec. (1 by lukewarlow)
    https://github.com/w3c/trusted-types/issues/432 [proposed-removal] 
  - #400 Integration with WebIDL (1 by lukewarlow)
    https://github.com/w3c/trusted-types/issues/400 

  2 issues closed:
  - Integration with WebIDL https://github.com/w3c/trusted-types/issues/400 
  - TrustedTypePolicyFactory getTypeMapping() missing from spec. https://github.com/w3c/trusted-types/issues/432 [proposed-removal] 



Pull requests
-------------
* w3c/webappsec-csp (+0/-0/💬2)
  1 pull requests received 2 new comments:
  - #564 Remove `navigate-to`. (2 by eligrey)
    https://github.com/w3c/webappsec-csp/pull/564 

* w3c/webappsec-trusted-types (+0/-0/💬3)
  1 pull requests received 3 new comments:
  - #533 Change Script Enforcement Mechanism to use flags (3 by lukewarlow)
    https://github.com/w3c/trusted-types/pull/533 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 15 July 2024 17:00:25 UTC