Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2024-03-25 (public-webappsec@w3.org from March 2024)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 25 Mar 2024 17:00:26 +0000
To: public-webappsec@w3.org
Message-Id: <E1rongQ-004Ox1-QA@uranus.w3.org>
Issues
------
* w3c/webappsec (+1/-6/💬12)
  1 issues created:
  - Planning the 2024-04-17. (by mikewest)
    https://github.com/w3c/webappsec/issues/648 

  6 issues received 12 new comments:
  - #648 Planning the 2024-04-17. (1 by camillelamy)
    https://github.com/w3c/webappsec/issues/648 
  - #646 "End-to-End Encryption email" is missing an actual proposal (3 by marcoscaceres, plehegar)
    https://github.com/w3c/webappsec/issues/646 [charter] 
  - #645 Move OTR to Privacy Working Group (4 by ShivanKaul, mikewest, plehegar)
    https://github.com/w3c/webappsec/issues/645 [charter] 
  - #643 Planning the 2024-03-20 meeting (1 by mikewest)
    https://github.com/w3c/webappsec/issues/643 
  - #602 Stop advising to people use the mailing list (2 by plehegar)
    https://github.com/w3c/webappsec/issues/602 
  - #595 2021-2023 charter feedback (1 by plehegar)
    https://github.com/w3c/webappsec/issues/595 [charter] 

  6 issues closed:
  - "UI Security" is not the correct Shortname https://github.com/w3c/webappsec/issues/553 
  - 2021-2023 charter feedback https://github.com/w3c/webappsec/issues/595 [charter] 
  - Stop advising to people use the mailing list https://github.com/w3c/webappsec/issues/602 
  - Planning 2024-01-17. https://github.com/w3c/webappsec/issues/638 [agenda] 
  - Planning the 2024-03-20 meeting https://github.com/w3c/webappsec/issues/643 
  - Move OTR to Privacy Working Group https://github.com/w3c/webappsec/issues/645 [charter] 

* w3c/webappsec-csp (+0/-2/💬6)
  4 issues received 6 new comments:
  - #648 Google Analytics URLs (1 by gapple)
    https://github.com/w3c/webappsec-csp/issues/648 
  - #647 Confusion revolving around sandbox 'allow-top-navigation' directive (2 by antosart, franklyn07)
    https://github.com/w3c/webappsec-csp/issues/647 
  - #277 Allow CSP-Report-Only in meta tags. (1 by zcorpan)
    https://github.com/w3c/webappsec-csp/issues/277 
  - #92 WebRTC can be used for exfiltration (2 by RealAlphabet, antosart)
    https://github.com/w3c/webappsec-csp/issues/92 

  2 issues closed:
  - WebRTC can be used for exfiltration https://github.com/w3c/webappsec-csp/issues/92 
  - Confusion revolving around sandbox 'allow-top-navigation' directive https://github.com/w3c/webappsec-csp/issues/647 

* w3c/webappsec-permissions-policy (+0/-0/💬7)
  2 issues received 7 new comments:
  - #537 Send reports for Permissions Policy violations in iframe to parent frame's endpoint (5 by clelland, shhnjk, thngkaiyuan)
    https://github.com/w3c/webappsec-permissions-policy/issues/537 
  - #273 Prevent programmatic focus in iframe (2 by SHISME, josephrocca)
    https://github.com/w3c/webappsec-permissions-policy/issues/273 [proposed feature] 

* w3c/webappsec-trusted-types (+1/-1/💬8)
  1 issues created:
  - "Validate the string in context" takes any value and calls "Get Trusted Type compliant string" which requires a TrustedType or a string (by mbrodesser-Igalia)
    https://github.com/w3c/trusted-types/issues/488 

  2 issues received 8 new comments:
  - #488 "Validate the string in context" takes any value and calls "Get Trusted Type compliant string" which requires a TrustedType or a string (7 by annevk, lukewarlow, mbrodesser-Igalia)
    https://github.com/w3c/trusted-types/issues/488 
  - #476 [Meta] Upstream changes (1 by lukewarlow)
    https://github.com/w3c/trusted-types/issues/476 

  1 issues closed:
  - Missing test for SVG href and getAttributeType function https://github.com/w3c/trusted-types/issues/463 



Pull requests
-------------
* w3c/webappsec (+1/-2/💬9)
  1 pull requests submitted:
  - Removes Request-OTR from charter (by plehegar)
    https://github.com/w3c/webappsec/pull/647 

  1 pull requests received 9 new comments:
  - #639 Initial Content for the W3C WebAppSec WG Mitigations Wiki (9 by aaronshim, mikewest, sideshowbarker, simon-friedberger, simoneonofri, wbamberg)
    https://github.com/w3c/webappsec/pull/639 

  2 pull requests merged:
  - Initial Content for the W3C WebAppSec WG Mitigations Wiki
    https://github.com/w3c/webappsec/pull/639 
  - Removes Request-OTR from charter
    https://github.com/w3c/webappsec/pull/647 

* w3c/webappsec-credential-management (+0/-0/💬1)
  1 pull requests received 1 new comments:
  - #224 Add mediation to credential creation options (1 by pascoej)
    https://github.com/w3c/webappsec-credential-management/pull/224 [type:technical] 

* w3c/permissions (+1/-1/💬1)
  1 pull requests submitted:
  - Editorial: fix wrong cddl syntax used for optionality of the user context (by OrKoN)
    https://github.com/w3c/permissions/pull/448 

  1 pull requests received 1 new comments:
  - #448 Editorial: fix wrong cddl syntax used for optionality of the user context (1 by OrKoN)
    https://github.com/w3c/permissions/pull/448 

  1 pull requests merged:
  - Editorial: fix wrong cddl syntax used for optionality of the user context
    https://github.com/w3c/permissions/pull/448 

* w3c/webappsec-cspee (+0/-0/💬1)
  1 pull requests received 1 new comments:
  - #29 Add Trusted Types support to CSP Embedded Enforcement (1 by antosart)
    https://github.com/w3c/webappsec-cspee/pull/29 

* w3c/webappsec-trusted-types (+4/-3/💬1)
  4 pull requests submitted:
  - Remove changes upstreamed to DOM Parsing (by lukewarlow)
    https://github.com/w3c/trusted-types/pull/489 
  - Remove changes upstreamed to SVG (by lukewarlow)
    https://github.com/w3c/trusted-types/pull/487 
  - Remove enforcement from embed and object elements (by lukewarlow)
    https://github.com/w3c/trusted-types/pull/486 
  - Remove IDL changes upstreamed to HTML (by lukewarlow)
    https://github.com/w3c/trusted-types/pull/485 

  1 pull requests received 1 new comments:
  - #486 Remove enforcement from embed and object elements (1 by lukewarlow)
    https://github.com/w3c/trusted-types/pull/486 

  3 pull requests merged:
  - Remove IDL changes upstreamed to HTML
    https://github.com/w3c/trusted-types/pull/485 
  - Remove changes upstreamed to SVG
    https://github.com/w3c/trusted-types/pull/487 
  - Remove changes upstreamed to DOM Parsing
    https://github.com/w3c/trusted-types/pull/489 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 25 March 2024 17:00:28 UTC