- From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
- Date: Mon, 04 Nov 2024 17:00:23 +0000
- To: public-webappsec@w3.org
- Message-Id: <E1t80RD-007PEv-2Y@janus.w3.internal>
Issues
------
* w3c/webappsec (+0/-0/💬1)
1 issues received 1 new comments:
- #662 Planning 2024-11-20. (1 by kmonsen)
https://github.com/w3c/webappsec/issues/662
* w3c/webappsec-csp (+0/-0/💬3)
2 issues received 3 new comments:
- #633 Resource hint blocking / "least restrictive" as specified does nothing? (1 by jonathanKingston)
https://github.com/w3c/webappsec-csp/issues/633
- #322 Handling of javascript: navigations is not interoperable, spec doesn't match most implementations (2 by dinofx, mbrodesser-Igalia)
https://github.com/w3c/webappsec-csp/issues/322
* w3c/webappsec-clear-site-data (+0/-0/💬3)
1 issues received 3 new comments:
- #82 Clear a specific cookie (3 by stolendata, yoavweiss)
https://github.com/w3c/webappsec-clear-site-data/issues/82
* w3c/webappsec-permissions-policy (+0/-0/💬1)
1 issues received 1 new comments:
- #481 Proposal: allow grouping permissions by year (1 by Seirdy)
https://github.com/w3c/webappsec-permissions-policy/issues/481
* w3c/webappsec-trusted-types (+0/-6/💬13)
9 issues received 13 new comments:
- #554 Add tests for getAttributeType()/getPropertyType() for embed@src, object@codebase and object@data (2 by fred-wang, koto)
https://github.com/w3c/trusted-types/issues/554
- #553 getPropertyType/getAttributeType when null namespaces are passed. (2 by fred-wang, koto)
https://github.com/w3c/trusted-types/issues/553
- #549 WPTs for pre-navigation check of form-submission should be added (1 by koto)
https://github.com/w3c/trusted-types/issues/549
- #541 "stringifying" in "Process value with a default policy" needs to be defined (2 by koto)
https://github.com/w3c/trusted-types/issues/541 [spec]
- #534 Should "Get Trusted Type compliant string" check `isHTML`/`isScript`/`isScriptURL`? (1 by koto)
https://github.com/w3c/trusted-types/issues/534
- #509 "Should Trusted Type policy creation be blocked by Content Security Policy?" passes "directive" instead of directive's name to "Create a violation object for global, policy, and directive" (1 by koto)
https://github.com/w3c/trusted-types/issues/509
- #504 `createPolicy`'s permitted policy names are inconsistent with CSP's permitted policy names (1 by koto)
https://github.com/w3c/trusted-types/issues/504 [spec]
- #466 Creating a policy with policyName="" is possible, but can't be referred to by the "trusted-types" CSP directive (2 by koto)
https://github.com/w3c/trusted-types/issues/466
- #449 Add test to <block-string-assignment-to-Element-setAttribute.html> which checks trusted types can be assigned to non-injection sinks (1 by koto)
https://github.com/w3c/trusted-types/issues/449
6 issues closed:
- WPTs for pre-navigation check of form-submission should be added https://github.com/w3c/trusted-types/issues/549
- "Should Trusted Type policy creation be blocked by Content Security Policy?" passes "directive" instead of directive's name to "Create a violation object for global, policy, and directive" https://github.com/w3c/trusted-types/issues/509
- Should the default policy be invoked when trusted types are not required? https://github.com/w3c/trusted-types/issues/536
- getPropertyType/getAttributeType when null namespaces are passed. https://github.com/w3c/trusted-types/issues/553
- Add tests for getAttributeType()/getPropertyType() for embed@src, object@codebase and object@data https://github.com/w3c/trusted-types/issues/554
- There's a lack of test coverage over the namespace aspect of getPropertyType https://github.com/w3c/trusted-types/issues/429
Pull requests
-------------
* w3c/webappsec-referrer-policy (+1/-1/💬1)
1 pull requests submitted:
- Update a step number referenced in the fetch spec (by shanehandley)
https://github.com/w3c/webappsec-referrer-policy/pull/173
1 pull requests received 1 new comments:
- #173 Update a step number referenced in the fetch spec (1 by w3cbot)
https://github.com/w3c/webappsec-referrer-policy/pull/173
1 pull requests merged:
- Update a step number referenced in the fetch spec
https://github.com/w3c/webappsec-referrer-policy/pull/173
* w3c/webappsec-fetch-metadata (+0/-0/💬1)
1 pull requests received 1 new comments:
- #89 Define `Sec-Fetch-Frame-Ancestors`. (1 by mozfreddyb)
https://github.com/w3c/webappsec-fetch-metadata/pull/89
* w3c/webappsec-trusted-types (+2/-0/💬1)
2 pull requests submitted:
- Disallow empty policy names on creation. (by koto)
https://github.com/w3c/trusted-types/pull/560
- Replace 'has type' with less confusing 'is an instance of'. (by koto)
https://github.com/w3c/trusted-types/pull/559
1 pull requests received 1 new comments:
- #545 Export the two CSP directives (1 by robbiemc)
https://github.com/w3c/trusted-types/pull/545
Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 4 November 2024 17:00:24 UTC