- From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
- Date: Mon, 11 Mar 2024 17:00:27 +0000
- To: public-webappsec@w3.org
- Message-Id: <E1rjj0l-003eCb-5g@uranus.w3.org>
Issues
------
* w3c/webappsec (+0/-0/💬6)
2 issues received 6 new comments:
- #645 Move OTR to Privacy Working Group (2 by mikewest, plehegar)
https://github.com/w3c/webappsec/issues/645 [charter]
- #643 Planning the 2024-03-20 meeting (4 by aaronshim, plehegar)
https://github.com/w3c/webappsec/issues/643
* w3c/webappsec-credential-management (+2/-0/💬2)
2 issues created:
- Common checks (by marcoscaceres)
https://github.com/w3c/webappsec-credential-management/issues/228
- Fully active checks? (by marcoscaceres)
https://github.com/w3c/webappsec-credential-management/issues/227
1 issues received 2 new comments:
- #227 Fully active checks? (2 by marcoscaceres)
https://github.com/w3c/webappsec-credential-management/issues/227
* w3c/permissions (+0/-3/💬0)
3 issues closed:
- WebDriver BiDi: support user contexts in setPermission https://github.com/w3c/permissions/issues/439
- Align internal states with enums https://github.com/w3c/permissions/issues/392
- Turn PermissionSetParameters.descriptor into an object https://github.com/w3c/permissions/issues/443
* w3c/webappsec-permissions-policy (+0/-0/💬7)
2 issues received 7 new comments:
- #537 Send reports for Permissions Policy violations in iframe to parent frame's endpoint (2 by annevk, arturjanc)
https://github.com/w3c/webappsec-permissions-policy/issues/537
- #208 How do I disable everything? (5 by Dreamsorcerer, anarcat, nextgenthemes)
https://github.com/w3c/webappsec-permissions-policy/issues/208 [feature question]
* w3c/webappsec-trusted-types (+7/-3/💬31)
7 issues created:
- Adopt Infra syntax throughout (by annevk)
https://github.com/w3c/trusted-types/issues/472
- Developer-centric research results about Trusted Types (by rothsn)
https://github.com/w3c/trusted-types/issues/471
- Create a Trusted Type Policy seems to directly set properties to callbacks (by annevk)
https://github.com/w3c/trusted-types/issues/470
- Section 3.2. "Create a Trusted Type" doesn't need to stringify because `policyValue` already is a string (by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/469
- Why is "callback **this** value set to null" required in step 5 of "Get Trusted Type policy value"? (by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/468
- Is parseFromString where the type is "application/xml" an actual risk? (by technion)
https://github.com/w3c/trusted-types/issues/467
- Creating a policy with policyName="" is possible, but can't be referred to by the "trusted-types" CSP directive (by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/466
10 issues received 31 new comments:
- #471 Developer-centric research results about Trusted Types (1 by annevk)
https://github.com/w3c/trusted-types/issues/471
- #470 Create a Trusted Type Policy seems to directly set properties to callbacks (2 by annevk, lukewarlow)
https://github.com/w3c/trusted-types/issues/470
- #469 Section 3.2. "Create a Trusted Type" should specify how a `policyValue=null/undefined` is stringified (9 by annevk, mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/469
- #468 Why is "callback **this** value set to null" required in step 5 of "Get Trusted Type policy value"? (1 by petervanderbeken)
https://github.com/w3c/trusted-types/issues/468
- #467 Is parseFromString where the type is "application/xml" an actual risk? (3 by Sora2455, annevk, technion)
https://github.com/w3c/trusted-types/issues/467
- #466 Creating a policy with policyName="" is possible, but can't be referred to by the "trusted-types" CSP directive (3 by lukewarlow, mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/466
- #461 Can we drop the default policy value changing from Eval, new Function() (and other usages of the dynamic code brand checks proposal)? (7 by caridy, koto, lukewarlow, otherdaniel)
https://github.com/w3c/trusted-types/issues/461
- #425 Improve test coverage for DOM integration in WPT (1 by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/425
- #398 Defer `fromLiteral`? (3 by erights, littledan, lukewarlow)
https://github.com/w3c/trusted-types/issues/398 [proposed-removal]
- #207 Finalize the integrations that guard eval & Function.constructor (1 by lukewarlow)
https://github.com/w3c/trusted-types/issues/207 [tc39]
3 issues closed:
- Is parseFromString where the type is "application/xml" an actual risk? https://github.com/w3c/trusted-types/issues/467
- Improve test coverage for DOM integration in WPT https://github.com/w3c/trusted-types/issues/425
- Create a Trusted Type Policy seems to directly set properties to callbacks https://github.com/w3c/trusted-types/issues/470
Pull requests
-------------
* w3c/permissions (+2/-6/💬9)
2 pull requests submitted:
- Tidied up document using tidy-html5 (by github-actions)
https://github.com/w3c/permissions/pull/446
- Tidied up document using tidy-html5 (by github-actions)
https://github.com/w3c/permissions/pull/445
5 pull requests received 9 new comments:
- #446 Tidied up document using tidy-html5 (1 by w3cbot)
https://github.com/w3c/permissions/pull/446
- #445 Tidied up document using tidy-html5 (1 by w3cbot)
https://github.com/w3c/permissions/pull/445
- #444 Use `object` for PermissionSetParameters.descriptor (3 by marcoscaceres, miketaylr)
https://github.com/w3c/permissions/pull/444
- #438 Add userContext field to WebDriver BiDi's setPermission (3 by OrKoN, miketaylr)
https://github.com/w3c/permissions/pull/438
- #402 Add additional automation error checks (1 by marcoscaceres)
https://github.com/w3c/permissions/pull/402
6 pull requests merged:
- Add userContext field to WebDriver BiDi's setPermission
https://github.com/w3c/permissions/pull/438
- Editorial: define permission states consistently
https://github.com/w3c/permissions/pull/400
- Tidied up document using tidy-html5
https://github.com/w3c/permissions/pull/446
- Tidied up document using tidy-html5
https://github.com/w3c/permissions/pull/445
- Use `object` for PermissionSetParameters.descriptor
https://github.com/w3c/permissions/pull/444
- Tidied up document using tidy-html5
https://github.com/w3c/permissions/pull/442
* w3c/webappsec-trusted-types (+0/-2/💬0)
2 pull requests merged:
- Update support for dynamic code compilation
https://github.com/w3c/trusted-types/pull/464
- Remove default policy manipulating eval
https://github.com/w3c/trusted-types/pull/465
Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 11 March 2024 17:00:28 UTC