Weekly github digest (WebAppSec specs)

Issues
------
* w3c/webappsec-csp (+1/-1/💬5)
  1 issues created:
  - How to set CSP without unsafe-inline for site with ads? (by Wowhere)
    https://github.com/w3c/webappsec-csp/issues/686 

  2 issues received 5 new comments:
  - #686 How to set CSP without unsafe-inline for site with ads? (4 by Wowhere, mikewest)
    https://github.com/w3c/webappsec-csp/issues/686 
  - #628 CSP:EE does not support Trusted Types CSP directives (1 by tosmolka)
    https://github.com/w3c/webappsec-csp/issues/628 

  1 issues closed:
  - How to set CSP without unsafe-inline for site with ads? https://github.com/w3c/webappsec-csp/issues/686 

* w3c/webappsec-permissions-policy (+0/-8/💬19)
  6 issues received 19 new comments:
  - #483 Deny all like alias for the Permission-Policy: Header (1 by clelland)
    https://github.com/w3c/webappsec-permissions-policy/issues/483 
  - #331 HTTP headers not registered with IANA (1 by clelland)
    https://github.com/w3c/webappsec-permissions-policy/issues/331 
  - #208 How do I disable everything? (1 by clelland)
    https://github.com/w3c/webappsec-permissions-policy/issues/208 [feature question] 
  - #189 Proposal: define default for all (14 by Gunni, PeteX, annevk, clelland, darioseidl, ewanm89, jvoisin, kifd, marcoscaceres, vphantom, yahesh)
    https://github.com/w3c/webappsec-permissions-policy/issues/189 [feature question] 
  - #167 Delineate relationship between Feature Policy and Origin Policy (1 by clelland)
    https://github.com/w3c/webappsec-permissions-policy/issues/167 [feedback] 
  - #162 Disable cross-origin features on sandboxed pages (1 by clelland)
    https://github.com/w3c/webappsec-permissions-policy/issues/162 [feedback] 

  8 issues closed:
  - HTTP headers not registered with IANA https://github.com/w3c/webappsec-permissions-policy/issues/331 
  - Disable cross-origin features on sandboxed pages https://github.com/w3c/webappsec-permissions-policy/issues/162 [feedback] 
  - Delineate relationship between Feature Policy and Origin Policy https://github.com/w3c/webappsec-permissions-policy/issues/167 [feedback] 
  - Ensure that 'self' in feature policy syntax is compatible with CSP https://github.com/w3c/webappsec-permissions-policy/issues/124 [duplicate] 
  - "allowlist" https://github.com/w3c/webappsec-permissions-policy/issues/103 [feedback] 
  - What's the meaning of the 'Default allowlist' column? https://github.com/w3c/webappsec-permissions-policy/issues/136 [feature question] 
  - How do I disable everything? https://github.com/w3c/webappsec-permissions-policy/issues/208 [feature question] 
  - Deny all like alias for the Permission-Policy: Header https://github.com/w3c/webappsec-permissions-policy/issues/483 

* w3c/webappsec-trusted-types (+2/-0/💬13)
  2 issues created:
  - Strings from TrustedType columns getPropertyType/getAttributeType tables should be quoted (by fred-wang)
    https://github.com/w3c/trusted-types/issues/552 
  - Step 8 of getAttributeType() is incorrect (by fred-wang)
    https://github.com/w3c/trusted-types/issues/551 

  7 issues received 13 new comments:
  - #552 Strings from TrustedType columns getPropertyType/getAttributeType tables should be quoted (4 by fred-wang, lukewarlow)
    https://github.com/w3c/trusted-types/issues/552 
  - #551 Step 8 of getAttributeType() is incorrect (1 by fred-wang)
    https://github.com/w3c/trusted-types/issues/551 
  - #521 getPropertyType and SVGScriptElement href baseVal property (1 by fred-wang)
    https://github.com/w3c/trusted-types/issues/521 [spec] 
  - #496 Check variable naming inside of getAttributeType and getPropertyType methods (1 by fred-wang)
    https://github.com/w3c/trusted-types/issues/496 [spec] 
  - #429 There's a lack of test coverage over the namespace aspect of getPropertyType (2 by fred-wang)
    https://github.com/w3c/trusted-types/issues/429 
  - #424 Can lowercasing be removed from getAttributeType()? (2 by annevk, fred-wang)
    https://github.com/w3c/trusted-types/issues/424 
  - #381 getAttributeType and getPropertyType should default to HTML namespace, not "" (2 by annevk, fred-wang)
    https://github.com/w3c/trusted-types/issues/381 



Pull requests
-------------
* w3c/webappsec-cspee (+0/-0/💬1)
  1 pull requests received 1 new comments:
  - #29 Add Trusted Types support to CSP Embedded Enforcement (1 by tosmolka)
    https://github.com/w3c/webappsec-cspee/pull/29 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 21 October 2024 17:00:26 UTC