Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2024-06-24 (public-webappsec@w3.org from June 2024)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 24 Jun 2024 17:00:24 +0000
To: public-webappsec@w3.org
Message-Id: <E1sLn3I-00DRpk-1j@janus.w3.internal>
Issues
------
* w3c/webappsec-csp (+2/-2/💬2)
  2 issues created:
  - [Meta] PR Previews not working (by lukewarlow)
    https://github.com/w3c/webappsec-csp/issues/667 
  - "trusted-types-policy" missing from a violation's resource (by mbrodesser-Igalia)
    https://github.com/w3c/webappsec-csp/issues/666 

  2 issues received 2 new comments:
  - #666 "trusted-types-policy" missing from a violation's resource (1 by lukewarlow)
    https://github.com/w3c/webappsec-csp/issues/666 
  - #628 CSP:EE does not support Trusted Types CSP directives (1 by tosmolka)
    https://github.com/w3c/webappsec-csp/issues/628 

  2 issues closed:
  - [Meta] PR Previews not working https://github.com/w3c/webappsec-csp/issues/667 
  - "trusted-types-policy" missing from a violation's resource https://github.com/w3c/webappsec-csp/issues/666 

* w3c/webappsec-credential-management (+1/-1/💬2)
  1 issues created:
  - User activation  (by marcoscaceres)
    https://github.com/w3c/webappsec-credential-management/issues/241 

  1 issues received 2 new comments:
  - #241 User activation  (2 by marcoscaceres, nsatragno)
    https://github.com/w3c/webappsec-credential-management/issues/241 

  1 issues closed:
  - User activation  https://github.com/w3c/webappsec-credential-management/issues/241 

* w3c/webappsec-clear-site-data (+2/-0/💬0)
  2 issues created:
  - Clear a specific cookie (by yoavweiss)
    https://github.com/w3c/webappsec-clear-site-data/issues/82 
  - Clear a specific URL from cache (by yoavweiss)
    https://github.com/w3c/webappsec-clear-site-data/issues/81 

* w3c/webappsec-permissions-policy (+3/-0/💬3)
  3 issues created:
  - PP header inheritance for local schemes (by AlbertoFDR)
    https://github.com/w3c/webappsec-permissions-policy/issues/552 
  - Update features.md (e.g., 'storage-access' is missing) (by JannisBush)
    https://github.com/w3c/webappsec-permissions-policy/issues/551 
  - Example 3 is misleading/Delegating Trust to Nested Contexts (by JannisBush)
    https://github.com/w3c/webappsec-permissions-policy/issues/550 

  3 issues received 3 new comments:
  - #552 PP header inheritance for local schemes (1 by clelland)
    https://github.com/w3c/webappsec-permissions-policy/issues/552 
  - #551 Update features.md (e.g., 'storage-access' is missing) (1 by clelland)
    https://github.com/w3c/webappsec-permissions-policy/issues/551 
  - #289 Feature Policy: downloads-without-user-activation (1 by MarcWadai)
    https://github.com/w3c/webappsec-permissions-policy/issues/289 [proposed feature] 

* w3c/webappsec-trusted-types (+1/-1/💬2)
  1 issues created:
  - Add WPT that `createPolicy` which violates the `trusted-types` CSP directive fires a violation event for Windows (not Workers) (by mbrodesser-Igalia)
    https://github.com/w3c/trusted-types/issues/530 

  1 issues received 2 new comments:
  - #508 WPT for CSP header `trusted-types 'none' 'none'` missing (2 by mbrodesser-Igalia, ziransun)
    https://github.com/w3c/trusted-types/issues/508 [spec] 

  1 issues closed:
  - Stringification of TrustedHTML with `null`-data needs to be specified https://github.com/w3c/trusted-types/issues/469 



Pull requests
-------------
* w3c/webappsec-csp (+1/-1/💬3)
  1 pull requests submitted:
  - Fix .pr-preview.json (by lukewarlow)
    https://github.com/w3c/webappsec-csp/pull/668 

  2 pull requests received 3 new comments:
  - #668 Fix .pr-preview.json (2 by antosart, lukewarlow)
    https://github.com/w3c/webappsec-csp/pull/668 
  - #363 Specify behavior in case of malformed policies (1 by mozfreddyb)
    https://github.com/w3c/webappsec-csp/pull/363 

  1 pull requests merged:
  - Fix .pr-preview.json
    https://github.com/w3c/webappsec-csp/pull/668 

* w3c/webappsec-permissions-policy (+0/-3/💬4)
  3 pull requests received 4 new comments:
  - #549 Add digital-credential-get experimental permission to features.md (1 by clelland)
    https://github.com/w3c/webappsec-permissions-policy/pull/549 
  - #545 Include feature status of some directives (2 by clelland, w3cbot)
    https://github.com/w3c/webappsec-permissions-policy/pull/545 
  - #431 Default allowlists only effect child browsing contexts (1 by clelland)
    https://github.com/w3c/webappsec-permissions-policy/pull/431 

  3 pull requests merged:
  - Include feature status of some directives
    https://github.com/w3c/webappsec-permissions-policy/pull/545 
  - Add smart-card
    https://github.com/w3c/webappsec-permissions-policy/pull/496 
  - Propose identity-credential-get permission policy
    https://github.com/w3c/webappsec-permissions-policy/pull/488 

* w3c/webappsec-trusted-types (+3/-3/💬0)
  3 pull requests submitted:
  - Update `<wpt>` block (by lukewarlow)
    https://github.com/w3c/trusted-types/pull/529 
  - Update TrustedTypePolicyOptions usages to use map syntax. (by lukewarlow)
    https://github.com/w3c/trusted-types/pull/528 
  - Handle null policyValue in Create a Trusted Type (by lukewarlow)
    https://github.com/w3c/trusted-types/pull/527 

  3 pull requests merged:
  - Handle null policyValue in Create a Trusted Type
    https://github.com/w3c/trusted-types/pull/527 
  - Update `<wpt>` block
    https://github.com/w3c/trusted-types/pull/529 
  - Remove HostEnsureCanCompileStrings and HostGetCodeForEval
    https://github.com/w3c/trusted-types/pull/523 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 24 June 2024 17:00:25 UTC