- From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
- Date: Mon, 11 Nov 2024 17:00:24 +0000
- To: public-webappsec@w3.org
- Message-Id: <E1tAXm4-00AOif-2A@janus.w3.internal>
Issues ------ * w3c/webappsec (+0/-0/💬4) 2 issues received 4 new comments: - #656 CSP and data exfiltration (2 by benatkin) https://github.com/w3c/webappsec/issues/656 - #653 Note for Standardizing Security Semantics of Cross-Site Cookies (2 by DCtheTall, simoneonofri) https://github.com/w3c/webappsec/issues/653 * w3c/webappsec-csp (+1/-0/💬6) 1 issues created: - Assigning `location.href` to a `javascript:...` is a form of eval (by dinofx) https://github.com/w3c/webappsec-csp/issues/688 1 issues received 6 new comments: - #688 Assigning `location.href` to a `javascript:...` is a form of eval (6 by annevk, dinofx) https://github.com/w3c/webappsec-csp/issues/688 * w3c/webappsec-clear-site-data (+0/-0/💬1) 1 issues received 1 new comments: - #82 Clear a specific cookie (1 by annevk) https://github.com/w3c/webappsec-clear-site-data/issues/82 * w3c/webappsec-permissions-policy (+0/-0/💬1) 1 issues received 1 new comments: - #349 Disable DOM clobbering. (1 by securityMB) https://github.com/w3c/webappsec-permissions-policy/issues/349 [proposed feature] Pull requests ------------- * w3c/webappsec-trusted-types (+1/-1/💬0) 1 pull requests submitted: - Sink group should be single-quoted only in CSP syntax. (by koto) https://github.com/w3c/trusted-types/pull/561 1 pull requests merged: - Replace 'has type' with less confusing 'is an instance of'. https://github.com/w3c/trusted-types/pull/559 Repositories tracked by this digest: ----------------------------------- * https://github.com/w3c/webappsec * https://github.com/w3c/webappsec-subresource-integrity * https://github.com/w3c/webappsec-csp * https://github.com/w3c/webappsec-mixed-content * https://github.com/w3c/webappsec-upgrade-insecure-requests * https://github.com/w3c/webappsec-credential-management * https://github.com/w3c/permissions * https://github.com/w3c/permissions-registry * https://github.com/w3c/webappsec-referrer-policy * https://github.com/w3c/webappsec-secure-contexts * https://github.com/w3c/webappsec-clear-site-data * https://github.com/w3c/webappsec-cowl * https://github.com/w3c/webappsec-epr * https://github.com/w3c/webappsec-suborigins * https://github.com/w3c/webappsec-cspee * https://github.com/w3c/webappsec-permissions-policy * https://github.com/w3c/webappsec-fetch-metadata * https://github.com/w3c/webappsec-trusted-types * https://github.com/w3c/webappsec-change-password-url * https://github.com/w3c/webappsec-post-spectre-webdev -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 11 November 2024 17:00:25 UTC