- From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
- Date: Mon, 18 Mar 2024 17:00:27 +0000
- To: public-webappsec@w3.org
- Message-Id: <E1rmGLb-00448d-BQ@uranus.w3.org>
Issues
------
* w3c/webappsec (+0/-0/💬4)
2 issues received 4 new comments:
- #645 Move OTR to Privacy Working Group (2 by plehegar)
https://github.com/w3c/webappsec/issues/645 [charter]
- #643 Planning the 2024-03-20 meeting (2 by lukewarlow)
https://github.com/w3c/webappsec/issues/643
* w3c/webappsec-csp (+2/-0/💬3)
2 issues created:
- Upstream trusted type changes (by lukewarlow)
https://github.com/w3c/webappsec-csp/issues/651
- Document columnNumber format (by stefnotch)
https://github.com/w3c/webappsec-csp/issues/649
2 issues received 3 new comments:
- #649 Document columnNumber format (1 by nicolo-ribaudo)
https://github.com/w3c/webappsec-csp/issues/649
- #628 CSP:EE does not support Trusted Types CSP directives (2 by shhnjk, tosmolka)
https://github.com/w3c/webappsec-csp/issues/628
* w3c/permissions (+1/-0/💬0)
1 issues created:
- Dynamic options for "prompt the user to choose" (by reillyeon)
https://github.com/w3c/permissions/issues/447
* w3c/webappsec-permissions-policy (+1/-0/💬1)
1 issues created:
- Permissions Policy "deferred-fetch" (by mingyc)
https://github.com/w3c/webappsec-permissions-policy/issues/544
1 issues received 1 new comments:
- #410 Proposal: Transition 'sync-xhr' feature to Document Policy (1 by annevk)
https://github.com/w3c/webappsec-permissions-policy/issues/410
* w3c/webappsec-trusted-types (+5/-1/💬15)
5 issues created:
- New `[[ScriptText]]` slot and associated mechanisms need adding to SVGScriptElement (by lukewarlow)
https://github.com/w3c/trusted-types/issues/483
- Callback IDL types (by lukewarlow)
https://github.com/w3c/trusted-types/issues/482
- HTML timers as specced won't work (by lukewarlow)
https://github.com/w3c/trusted-types/issues/480
- [Meta] Upstream changes (by lukewarlow)
https://github.com/w3c/trusted-types/issues/476
- Event handler enforcement section wrong (by lukewarlow)
https://github.com/w3c/trusted-types/issues/474
10 issues received 15 new comments:
- #482 Callback IDL types (1 by annevk)
https://github.com/w3c/trusted-types/issues/482 [spec]
- #480 HTML timers as specced won't work (2 by lukewarlow)
https://github.com/w3c/trusted-types/issues/480
- #476 [Meta] Upstream changes (1 by lukewarlow)
https://github.com/w3c/trusted-types/issues/476
- #471 Developer-centric research results about Trusted Types (1 by caridy)
https://github.com/w3c/trusted-types/issues/471
- #466 Creating a policy with policyName="" is possible, but can't be referred to by the "trusted-types" CSP directive (3 by bkardell, koto, otherdaniel)
https://github.com/w3c/trusted-types/issues/466
- #461 Can we drop the default policy value changing from Eval, new Function() (and other usages of the dynamic code brand checks proposal)? (1 by lukewarlow)
https://github.com/w3c/trusted-types/issues/461
- #455 Ensure spec PR's diffs are generated correctly (2 by annevk, mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/455
- #454 https://w3c.github.io/trusted-types/dist/spec/#webidl-validate-the-string-in-context should link to the HTML standard's definition of how the validation is performed (1 by lukewarlow)
https://github.com/w3c/trusted-types/issues/454
- #305 Maybe remove plugin enforcement from Trusted Types? (1 by lukewarlow)
https://github.com/w3c/trusted-types/issues/305 [future]
- #221 Figure out if we need `'trusted-script'` in `script-src` (2 by annevk, caridy)
https://github.com/w3c/trusted-types/issues/221
1 issues closed:
- https://w3c.github.io/trusted-types/dist/spec/#webidl-validate-the-string-in-context should link to the HTML standard's definition of how the validation is performed https://github.com/w3c/trusted-types/issues/454
Pull requests
-------------
* w3c/webappsec-csp (+1/-0/💬4)
1 pull requests submitted:
- Update EnsureCSPDoesNotBlockStringCompilation to match updated HostEnsureCanCompileStrings definition (by lukewarlow)
https://github.com/w3c/webappsec-csp/pull/650
1 pull requests received 4 new comments:
- #650 Update EnsureCSPDoesNotBlockStringCompilation to match updated HostEnsureCanCompileStrings definition (4 by annevk, lukewarlow)
https://github.com/w3c/webappsec-csp/pull/650
* w3c/webappsec-referrer-policy (+0/-0/💬1)
1 pull requests received 1 new comments:
- #156 Omit referrers on cross-origin requests from an .onion address (1 by domfarolino)
https://github.com/w3c/webappsec-referrer-policy/pull/156
* w3c/webappsec-cspee (+1/-0/💬1)
1 pull requests submitted:
- Add Trusted Types support to CSP Embedded Enforcement (by shhnjk)
https://github.com/w3c/webappsec-cspee/pull/29
1 pull requests received 1 new comments:
- #29 Add Trusted Types support to CSP Embedded Enforcement (1 by shhnjk)
https://github.com/w3c/webappsec-cspee/pull/29
* w3c/webappsec-trusted-types (+7/-4/💬5)
7 pull requests submitted:
- Update IDL for script enforcement (by lukewarlow)
https://github.com/w3c/trusted-types/pull/484
- Update handling of timer functions (by lukewarlow)
https://github.com/w3c/trusted-types/pull/481
- Add export attr to [[Data]] slot dfns (by lukewarlow)
https://github.com/w3c/trusted-types/pull/479
- Add dfn for [[Data]] internal slot (by lukewarlow)
https://github.com/w3c/trusted-types/pull/478
- Correct the location of some IDL (by lukewarlow)
https://github.com/w3c/trusted-types/pull/477
- Replace WebIDL section with a link to new PR (by lukewarlow)
https://github.com/w3c/trusted-types/pull/475
- Add new `trusted-eval` source expression to 'script-src' directive. (by lukewarlow)
https://github.com/w3c/trusted-types/pull/473
5 pull requests received 5 new comments:
- #484 Update IDL for script enforcement (1 by lukewarlow)
https://github.com/w3c/trusted-types/pull/484
- #481 Update handling of timer functions (1 by lukewarlow)
https://github.com/w3c/trusted-types/pull/481
- #473 Add new `trusted-eval` source expression to 'script-src' directive. (1 by lukewarlow)
https://github.com/w3c/trusted-types/pull/473 [spec]
- #460 Fix IDL of getAttributeType and getPropertyType (1 by lukewarlow)
https://github.com/w3c/trusted-types/pull/460
- #440 Add missing IDL changes to Parent and Child Node mixins from dom spec (1 by lukewarlow)
https://github.com/w3c/trusted-types/pull/440
4 pull requests merged:
- Correct the location of some IDL
https://github.com/w3c/trusted-types/pull/477
- Add export attr to [[Data]] slot dfns
https://github.com/w3c/trusted-types/pull/479
- Replace WebIDL section with a link to new PR
https://github.com/w3c/trusted-types/pull/475
- Add dfn for [[Data]] internal slot
https://github.com/w3c/trusted-types/pull/478
Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 18 March 2024 17:00:28 UTC