- From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
- Date: Mon, 21 Oct 2024 17:00:25 +0000
- To: public-webappsec@w3.org
- Message-Id: <E1t2vlZ-000A0M-2l@janus.w3.internal>
Issues ------ * w3c/webappsec-csp (+1/-1/💬5) 1 issues created: - How to set CSP without unsafe-inline for site with ads? (by Wowhere) https://github.com/w3c/webappsec-csp/issues/686 2 issues received 5 new comments: - #686 How to set CSP without unsafe-inline for site with ads? (4 by Wowhere, mikewest) https://github.com/w3c/webappsec-csp/issues/686 - #628 CSP:EE does not support Trusted Types CSP directives (1 by tosmolka) https://github.com/w3c/webappsec-csp/issues/628 1 issues closed: - How to set CSP without unsafe-inline for site with ads? https://github.com/w3c/webappsec-csp/issues/686 * w3c/webappsec-permissions-policy (+0/-8/💬19) 6 issues received 19 new comments: - #483 Deny all like alias for the Permission-Policy: Header (1 by clelland) https://github.com/w3c/webappsec-permissions-policy/issues/483 - #331 HTTP headers not registered with IANA (1 by clelland) https://github.com/w3c/webappsec-permissions-policy/issues/331 - #208 How do I disable everything? (1 by clelland) https://github.com/w3c/webappsec-permissions-policy/issues/208 [feature question] - #189 Proposal: define default for all (14 by Gunni, PeteX, annevk, clelland, darioseidl, ewanm89, jvoisin, kifd, marcoscaceres, vphantom, yahesh) https://github.com/w3c/webappsec-permissions-policy/issues/189 [feature question] - #167 Delineate relationship between Feature Policy and Origin Policy (1 by clelland) https://github.com/w3c/webappsec-permissions-policy/issues/167 [feedback] - #162 Disable cross-origin features on sandboxed pages (1 by clelland) https://github.com/w3c/webappsec-permissions-policy/issues/162 [feedback] 8 issues closed: - HTTP headers not registered with IANA https://github.com/w3c/webappsec-permissions-policy/issues/331 - Disable cross-origin features on sandboxed pages https://github.com/w3c/webappsec-permissions-policy/issues/162 [feedback] - Delineate relationship between Feature Policy and Origin Policy https://github.com/w3c/webappsec-permissions-policy/issues/167 [feedback] - Ensure that 'self' in feature policy syntax is compatible with CSP https://github.com/w3c/webappsec-permissions-policy/issues/124 [duplicate] - "allowlist" https://github.com/w3c/webappsec-permissions-policy/issues/103 [feedback] - What's the meaning of the 'Default allowlist' column? https://github.com/w3c/webappsec-permissions-policy/issues/136 [feature question] - How do I disable everything? https://github.com/w3c/webappsec-permissions-policy/issues/208 [feature question] - Deny all like alias for the Permission-Policy: Header https://github.com/w3c/webappsec-permissions-policy/issues/483 * w3c/webappsec-trusted-types (+2/-0/💬13) 2 issues created: - Strings from TrustedType columns getPropertyType/getAttributeType tables should be quoted (by fred-wang) https://github.com/w3c/trusted-types/issues/552 - Step 8 of getAttributeType() is incorrect (by fred-wang) https://github.com/w3c/trusted-types/issues/551 7 issues received 13 new comments: - #552 Strings from TrustedType columns getPropertyType/getAttributeType tables should be quoted (4 by fred-wang, lukewarlow) https://github.com/w3c/trusted-types/issues/552 - #551 Step 8 of getAttributeType() is incorrect (1 by fred-wang) https://github.com/w3c/trusted-types/issues/551 - #521 getPropertyType and SVGScriptElement href baseVal property (1 by fred-wang) https://github.com/w3c/trusted-types/issues/521 [spec] - #496 Check variable naming inside of getAttributeType and getPropertyType methods (1 by fred-wang) https://github.com/w3c/trusted-types/issues/496 [spec] - #429 There's a lack of test coverage over the namespace aspect of getPropertyType (2 by fred-wang) https://github.com/w3c/trusted-types/issues/429 - #424 Can lowercasing be removed from getAttributeType()? (2 by annevk, fred-wang) https://github.com/w3c/trusted-types/issues/424 - #381 getAttributeType and getPropertyType should default to HTML namespace, not "" (2 by annevk, fred-wang) https://github.com/w3c/trusted-types/issues/381 Pull requests ------------- * w3c/webappsec-cspee (+0/-0/💬1) 1 pull requests received 1 new comments: - #29 Add Trusted Types support to CSP Embedded Enforcement (1 by tosmolka) https://github.com/w3c/webappsec-cspee/pull/29 Repositories tracked by this digest: ----------------------------------- * https://github.com/w3c/webappsec * https://github.com/w3c/webappsec-subresource-integrity * https://github.com/w3c/webappsec-csp * https://github.com/w3c/webappsec-mixed-content * https://github.com/w3c/webappsec-upgrade-insecure-requests * https://github.com/w3c/webappsec-credential-management * https://github.com/w3c/permissions * https://github.com/w3c/permissions-registry * https://github.com/w3c/webappsec-referrer-policy * https://github.com/w3c/webappsec-secure-contexts * https://github.com/w3c/webappsec-clear-site-data * https://github.com/w3c/webappsec-cowl * https://github.com/w3c/webappsec-epr * https://github.com/w3c/webappsec-suborigins * https://github.com/w3c/webappsec-cspee * https://github.com/w3c/webappsec-permissions-policy * https://github.com/w3c/webappsec-fetch-metadata * https://github.com/w3c/webappsec-trusted-types * https://github.com/w3c/webappsec-change-password-url * https://github.com/w3c/webappsec-post-spectre-webdev -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 21 October 2024 17:00:26 UTC