Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2024-03-04 (public-webappsec@w3.org from March 2024)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 04 Mar 2024 17:00:29 +0000
To: public-webappsec@w3.org
Message-Id: <E1rhBfx-00FmQd-E1@uranus.w3.org>
Issues
------
* w3c/webappsec (+2/-1/💬3)
  2 issues created:
  - "End-to-End Encryption email" is missing an actual proposal (by plehegar)
    https://github.com/w3c/webappsec/issues/646 [charter] 
  - Move OTR to Privacy Working Group (by plehegar)
    https://github.com/w3c/webappsec/issues/645 [charter] 

  3 issues received 3 new comments:
  - #646 "End-to-End Encryption email" is missing an actual proposal (1 by plehegar)
    https://github.com/w3c/webappsec/issues/646 [charter] 
  - #645 Move OTR to Privacy Working Group (1 by plehegar)
    https://github.com/w3c/webappsec/issues/645 [charter] 
  - #643 Planning the 2024-03-20 meeting (1 by shhnjk)
    https://github.com/w3c/webappsec/issues/643 

  1 issues closed:
  - "End-to-End Encryption email" is missing an actual proposal https://github.com/w3c/webappsec/issues/646 [charter] 

* w3c/webappsec-csp (+2/-0/💬0)
  2 issues created:
  - Google Analytics URLs (by cristiandelgadod)
    https://github.com/w3c/webappsec-csp/issues/648 
  - Confusion revolving around sandbox 'allow-top-navigation' directive (by franklyn07)
    https://github.com/w3c/webappsec-csp/issues/647 

* w3c/webappsec-mixed-content (+1/-1/💬0)
  1 issues created:
  - Unlawful Server Access  (by rogtheman)
    https://github.com/w3c/webappsec-mixed-content/issues/69 

  1 issues closed:
  - Unlawful Server Access  https://github.com/w3c/webappsec-mixed-content/issues/69 [invalid] 

* w3c/webappsec-credential-management (+0/-1/💬4)
  1 issues received 4 new comments:
  - #226 Please PLEASE please auto-publish this spec (4 by marcoscaceres, nsatragno)
    https://github.com/w3c/webappsec-credential-management/issues/226 

  1 issues closed:
  - Please PLEASE please auto-publish this spec https://github.com/w3c/webappsec-credential-management/issues/226 

* w3c/webappsec-permissions-policy (+1/-0/💬6)
  1 issues created:
  - [clipboard] document.execCommand('copy') and presumably paste bypass permissions policy (by williewillus)
    https://github.com/w3c/webappsec-permissions-policy/issues/543 

  3 issues received 6 new comments:
  - #537 Send reports for Permissions Policy violations in iframe to parent frame's endpoint (1 by shhnjk)
    https://github.com/w3c/webappsec-permissions-policy/issues/537 
  - #349 Disable DOM clobbering. (4 by annevk, mozfreddyb, securityMB)
    https://github.com/w3c/webappsec-permissions-policy/issues/349 [proposed feature] 
  - #208 How do I disable everything? (1 by anarcat)
    https://github.com/w3c/webappsec-permissions-policy/issues/208 [feature question] 

* w3c/webappsec-trusted-types (+5/-1/💬27)
  5 issues created:
  - Missing test for Xlink href and getAttributeType function (by lukewarlow)
    https://github.com/w3c/trusted-types/issues/463 
  - Trusted Types closure to replace fallback policy (by lukewarlow)
    https://github.com/w3c/trusted-types/issues/462 [enhancement] [future] 
  - Can we drop the default policy fallback from Eval and company? (by lukewarlow)
    https://github.com/w3c/trusted-types/issues/461 
  - Why are `policyOptions` an optional argument of `createPolicy`? (by mbrodesser-Igalia)
    https://github.com/w3c/trusted-types/issues/459 
  - Function constructor and default policy (by lukewarlow)
    https://github.com/w3c/trusted-types/issues/458 

  11 issues received 27 new comments:
  - #463 Missing test for SVG href and getAttributeType function (1 by lukewarlow)
    https://github.com/w3c/trusted-types/issues/463 
  - #462 Trusted Types closure to replace fallback policy (6 by Sora2455, koto, lukewarlow)
    https://github.com/w3c/trusted-types/issues/462 [enhancement] [future] 
  - #461 Can we drop the default policy value changing from Eval and company? (6 by koto, lukewarlow, mbrodesser-Igalia)
    https://github.com/w3c/trusted-types/issues/461 
  - #459 Why are `policyOptions` an optional argument of `createPolicy`? (2 by koto, mbrodesser-Igalia)
    https://github.com/w3c/trusted-types/issues/459 
  - #458 Function constructor and default policy (3 by koto, lukewarlow)
    https://github.com/w3c/trusted-types/issues/458 
  - #455 Ensure spec PR's diffs are generated correctly (1 by domenic)
    https://github.com/w3c/trusted-types/issues/455 
  - #447 <Element-setAttributeNS.html> contains commented out test and seems to duplicate other tests (2 by lukewarlow)
    https://github.com/w3c/trusted-types/issues/447 
  - #442 Integration with Shadow Realms? (3 by caridy, lukewarlow, nicolo-ribaudo)
    https://github.com/w3c/trusted-types/issues/442 
  - #437 Issue with script enforcement (1 by lukewarlow)
    https://github.com/w3c/trusted-types/issues/437 [bug] [spec] 
  - #221 Figure out if we need `'trusted-script'` in `script-src` (1 by lukewarlow)
    https://github.com/w3c/trusted-types/issues/221 
  - #207 Finalize the integrations that guard eval & Function.constructor (1 by lukewarlow)
    https://github.com/w3c/trusted-types/issues/207 [tc39] 

  1 issues closed:
  - Why are `policyOptions` an optional argument of `createPolicy`? https://github.com/w3c/trusted-types/issues/459 



Pull requests
-------------
* w3c/webappsec (+1/-1/💬0)
  1 pull requests submitted:
  - Fix typo in charter 2023 (by dontcallmedom)
    https://github.com/w3c/webappsec/pull/644 

  1 pull requests merged:
  - Fix typo in charter 2023
    https://github.com/w3c/webappsec/pull/644 

* w3c/permissions (+0/-0/💬2)
  1 pull requests received 2 new comments:
  - #438 Add userContext field to WebDriver BiDi's setPermission (2 by OrKoN)
    https://github.com/w3c/permissions/pull/438 

* w3c/webappsec-trusted-types (+3/-1/💬6)
  3 pull requests submitted:
  - Update support for dynamic code compilation (by lukewarlow)
    https://github.com/w3c/trusted-types/pull/465 
  - Update support for dynamic code compilation (by lukewarlow)
    https://github.com/w3c/trusted-types/pull/464 
  - Fix IDL of getAttributeType and getPropertyType (by lukewarlow)
    https://github.com/w3c/trusted-types/pull/460 

  4 pull requests received 6 new comments:
  - #464 Update support for dynamic code compilation (1 by lukewarlow)
    https://github.com/w3c/trusted-types/pull/464 
  - #460 Fix IDL of getAttributeType and getPropertyType (1 by lukewarlow)
    https://github.com/w3c/trusted-types/pull/460 
  - #457 Rewrite metadata functions (3 by lukewarlow, mbrodesser-Igalia)
    https://github.com/w3c/trusted-types/pull/457 
  - #440 Add missing IDL changes to Parent and Child Node mixins from dom spec (1 by koto)
    https://github.com/w3c/trusted-types/pull/440 

  1 pull requests merged:
  - Update dynamic code compilation support
    https://github.com/w3c/trusted-types/pull/445 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 4 March 2024 17:00:31 UTC