Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2024-11-18 (public-webappsec@w3.org from November 2024)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 18 Nov 2024 17:00:26 +0000
To: public-webappsec@w3.org
Message-Id: <E1tD56w-00DdLZ-1w@janus.w3.internal>
Issues
------
* w3c/webappsec (+0/-1/💬4)
  2 issues received 4 new comments:
  - #662 Planning 2024-11-20. (1 by yoavweiss)
    https://github.com/w3c/webappsec/issues/662 
  - #653 Note for Standardizing Security Semantics of Cross-Site Cookies (3 by DCtheTall, simoneonofri)
    https://github.com/w3c/webappsec/issues/653 

  1 issues closed:
  - Note for Standardizing Security Semantics of Cross-Site Cookies https://github.com/w3c/webappsec/issues/653 

* w3c/webappsec-subresource-integrity (+0/-0/💬1)
  1 issues received 1 new comments:
  - #113 Apply subresource integrity to <img> tags (1 by edsu)
    https://github.com/w3c/webappsec-subresource-integrity/issues/113 

* w3c/webappsec-csp (+1/-1/💬5)
  1 issues created:
  - Getting "Refused to execute inline script because it violates the following Content Security Policy directive:" Error (by JyotiPMallick)
    https://github.com/w3c/webappsec-csp/issues/689 

  1 issues received 5 new comments:
  - #689 Getting "Refused to execute inline script because it violates the following Content Security Policy directive:" Error (5 by JyotiPMallick, antosart)
    https://github.com/w3c/webappsec-csp/issues/689 

  1 issues closed:
  - Getting "Refused to execute inline script because it violates the following Content Security Policy directive:" Error https://github.com/w3c/webappsec-csp/issues/689 

* w3c/webappsec-trusted-types (+1/-2/💬5)
  1 issues created:
  - Endless loop of `DOMParser.parseFromString` when used with Trusted Types polyfill (by orazioedoardo)
    https://github.com/w3c/trusted-types/issues/563 

  3 issues received 5 new comments:
  - #563 Endless loop of `DOMParser.parseFromString` when used with Trusted Types polyfill (2 by koto, orazioedoardo)
    https://github.com/w3c/trusted-types/issues/563 [polyfill] 
  - #534 Should "Get Trusted Type compliant string" check `isHTML`/`isScript`/`isScriptURL`? (1 by mbrodesser-Igalia)
    https://github.com/w3c/trusted-types/issues/534 
  - #449 Add test to <block-string-assignment-to-Element-setAttribute.html> which checks trusted types can be assigned to non-injection sinks (2 by mbrodesser-Igalia)
    https://github.com/w3c/trusted-types/issues/449 

  2 issues closed:
  - Endless loop of `DOMParser.parseFromString` when used with Trusted Types polyfill https://github.com/w3c/trusted-types/issues/563 [polyfill] 
  - Add test to <block-string-assignment-to-Element-setAttribute.html> which checks trusted types can be assigned to non-injection sinks https://github.com/w3c/trusted-types/issues/449 



Pull requests
-------------
* w3c/webappsec-trusted-types (+1/-1/💬2)
  1 pull requests submitted:
  - Put trusted type first when declaring union in IDL files (by fred-wang)
    https://github.com/w3c/trusted-types/pull/564 

  2 pull requests received 2 new comments:
  - #564 Put trusted type first when declaring union in IDL files (1 by fred-wang)
    https://github.com/w3c/trusted-types/pull/564 
  - #559 Replace 'has type' with less confusing 'is an instance of'. (1 by mbrodesser-Igalia)
    https://github.com/w3c/trusted-types/pull/559 

  1 pull requests merged:
  - Put trusted type first when declaring union in IDL files
    https://github.com/w3c/trusted-types/pull/564 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 18 November 2024 17:00:27 UTC