Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2024-06-17 (public-webappsec@w3.org from June 2024)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 17 Jun 2024 17:00:24 +0000
To: public-webappsec@w3.org
Message-Id: <E1sJFiS-009rdA-03@janus.w3.internal>
Issues
------
* w3c/webappsec (+0/-0/💬1)
  1 issues received 1 new comments:
  - #652 Planning 2024-06-19 (1 by jonathanKingston)
    https://github.com/w3c/webappsec/issues/652 

* w3c/webappsec-csp (+0/-0/💬2)
  2 issues received 2 new comments:
  - #625 Allow 'strict-dynamic' scripts to inject styles (1 by gregtalarico)
    https://github.com/w3c/webappsec-csp/issues/625 
  - #399 Support 'strict-dynamic' in style-src (1 by gregtalarico)
    https://github.com/w3c/webappsec-csp/issues/399 

* w3c/webappsec-secure-contexts (+1/-0/💬1)
  1 issues created:
  - Rescind this specification (by drzraf)
    https://github.com/w3c/webappsec-secure-contexts/issues/104 

  1 issues received 1 new comments:
  - #104 Rescind this specification (1 by marcoscaceres)
    https://github.com/w3c/webappsec-secure-contexts/issues/104 

* w3c/webappsec-trusted-types (+4/-8/💬16)
  4 issues created:
  - Add WPTs for `report-uri` with Workers (by mbrodesser-Igalia)
    https://github.com/w3c/trusted-types/issues/526 
  - Script element mid-parse protection mechanism (by lukewarlow)
    https://github.com/w3c/trusted-types/issues/525 [spec] 
  - getPropertyType and SVGScriptElement href baseVal property (by lukewarlow)
    https://github.com/w3c/trusted-types/issues/521 [spec] 
  - Finalise spec mechanism for event handlers (by lukewarlow)
    https://github.com/w3c/trusted-types/issues/520 

  6 issues received 16 new comments:
  - #525 Script element mid-parse protection mechanism (1 by lukewarlow)
    https://github.com/w3c/trusted-types/issues/525 [spec] 
  - #508 WPT for CSP header `trusted-types 'none' 'none'` missing (1 by lukewarlow)
    https://github.com/w3c/trusted-types/issues/508 [spec] 
  - #469 Stringification of TrustedHTML with `null`-data needs to be specified (10 by lukewarlow, mbrodesser-Igalia, petervanderbeken)
    https://github.com/w3c/trusted-types/issues/469 
  - #461 Can we drop the default policy value changing from Eval, new Function() (and other usages of the dynamic code brand checks proposal)? (2 by lukewarlow)
    https://github.com/w3c/trusted-types/issues/461 
  - #437 Issue with script enforcement (1 by lukewarlow)
    https://github.com/w3c/trusted-types/issues/437 [bug] [spec] 
  - #207 Finalize the integrations that guard eval & Function.constructor (1 by lukewarlow)
    https://github.com/w3c/trusted-types/issues/207 [tc39] 

  8 issues closed:
  - Issue with script enforcement https://github.com/w3c/trusted-types/issues/437 [bug] [spec] 
  - Set slot values when called directly by the parser https://github.com/w3c/trusted-types/issues/252 [spec] 
  - Finalize the integrations that guard eval & Function.constructor https://github.com/w3c/trusted-types/issues/207 [tc39] 
  - getAttributeType() needs a rewrite https://github.com/w3c/trusted-types/issues/423 
  - Event handler enforcement section wrong https://github.com/w3c/trusted-types/issues/474 
  - Can we drop the default policy value changing from Eval, new Function() (and other usages of the dynamic code brand checks proposal)? https://github.com/w3c/trusted-types/issues/461 
  - `getPropertyType()` needs a rewrite? https://github.com/w3c/trusted-types/issues/456 
  - WPT for CSP header `trusted-types 'none' 'none'` missing https://github.com/w3c/trusted-types/issues/508 [spec] 



Pull requests
-------------
* w3c/webappsec-csp (+0/-1/💬2)
  1 pull requests received 2 new comments:
  - #363 Specify behavior in case of malformed policies (2 by lukewarlow, mbrodesser-Igalia)
    https://github.com/w3c/webappsec-csp/pull/363 

  1 pull requests merged:
  - Update EnsureCSPDoesNotBlockStringCompilation to match updated HostEnsureCanCompileStrings definition
    https://github.com/w3c/webappsec-csp/pull/650 

* w3c/webappsec-credential-management (+0/-1/💬1)
  1 pull requests received 1 new comments:
  - #239 Chore: add Marcos to the editor's list (1 by marcoscaceres)
    https://github.com/w3c/webappsec-credential-management/pull/239 

  1 pull requests merged:
  - Chore: add Marcos to the editor's list
    https://github.com/w3c/webappsec-credential-management/pull/239 

* w3c/webappsec-permissions-policy (+1/-0/💬0)
  1 pull requests submitted:
  - Add digital-credential-get experimental permission to features.md (by pkotwicz)
    https://github.com/w3c/webappsec-permissions-policy/pull/549 

* w3c/webappsec-trusted-types (+3/-4/💬4)
  3 pull requests submitted:
  - Add script text associated data to SVGScriptElement. (by lukewarlow)
    https://github.com/w3c/trusted-types/pull/524 
  - Remove HostEnsureCanCompileStrings and HostGetCodeForEval (by lukewarlow)
    https://github.com/w3c/trusted-types/pull/523 
  - Remove timer integration block (by lukewarlow)
    https://github.com/w3c/trusted-types/pull/522 

  2 pull requests received 4 new comments:
  - #524 Add script protection mechanisms to SVGScriptElement (3 by annevk, lukewarlow)
    https://github.com/w3c/trusted-types/pull/524 
  - #457 Rewrite metadata functions (1 by lukewarlow)
    https://github.com/w3c/trusted-types/pull/457 

  4 pull requests merged:
  - Update HTML Parser steps for script element to set "script text"
    https://github.com/w3c/trusted-types/pull/499 
  - Remove timer integration block
    https://github.com/w3c/trusted-types/pull/522 
  - Remove StringContext attribute
    https://github.com/w3c/trusted-types/pull/498 
  - Rewrite metadata functions
    https://github.com/w3c/trusted-types/pull/457 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 17 June 2024 17:00:24 UTC