Weekly github digest (WebAppSec specs)

Issues
------
* w3c/webappsec (+1/-0/💬1)
  1 issues created:
  - Planning 2024-11-20. (by mikewest)
    https://github.com/w3c/webappsec/issues/662 

  1 issues received 1 new comments:
  - #662 Planning 2024-11-20. (1 by simoneonofri)
    https://github.com/w3c/webappsec/issues/662 

* w3c/webappsec-csp (+1/-0/💬4)
  1 issues created:
  - Should "Should navigation request of type be blocked by Content Security Policy?" set the violation object's element? (by mbrodesser-Igalia)
    https://github.com/w3c/webappsec-csp/issues/687 

  2 issues received 4 new comments:
  - #686 How to set CSP without unsafe-inline for site with ads? (2 by Wowhere, dveditz)
    https://github.com/w3c/webappsec-csp/issues/686 
  - #322 Handling of javascript: navigations is not interoperable, spec doesn't match most implementations (2 by dinofx, mbrodesser-Igalia)
    https://github.com/w3c/webappsec-csp/issues/322 

* w3c/webappsec-credential-management (+1/-0/💬0)
  1 issues created:
  - Key active credential types by top-level browsing context (by npm1)
    https://github.com/w3c/webappsec-credential-management/issues/265 

* w3c/webappsec-trusted-types (+2/-6/💬7)
  2 issues created:
  - getAttributeType() for embed@src, object@codebase and object@data (by fred-wang)
    https://github.com/w3c/trusted-types/issues/554 
  - Add tests for getPropertyType/getAttributeType when null namespaces are passed. (by fred-wang)
    https://github.com/w3c/trusted-types/issues/553 

  5 issues received 7 new comments:
  - #554 getAttributeType()/getPropertyType() for embed@src, object@codebase and object@data (3 by fred-wang, lukewarlow)
    https://github.com/w3c/trusted-types/issues/554 
  - #553 Add tests for getPropertyType/getAttributeType when null namespaces are passed. (1 by fred-wang)
    https://github.com/w3c/trusted-types/issues/553 
  - #520 Finalise spec mechanism for event handlers (1 by fred-wang)
    https://github.com/w3c/trusted-types/issues/520 [spec] 
  - #496 Check variable naming inside of getAttributeType and getPropertyType methods (1 by fred-wang)
    https://github.com/w3c/trusted-types/issues/496 [spec] 
  - #429 There's a lack of test coverage over the namespace aspect of getPropertyType (1 by fred-wang)
    https://github.com/w3c/trusted-types/issues/429 

  6 issues closed:
  - Export the 'require-trusted-types-for' dfn https://github.com/w3c/trusted-types/issues/538 
  - Export the 'require-trusted-types-for' dfn https://github.com/w3c/trusted-types/issues/538 
  - Step 8 of getAttributeType() is incorrect https://github.com/w3c/trusted-types/issues/551 
  - Step 8 of getAttributeType() is incorrect https://github.com/w3c/trusted-types/issues/551 
  - Dead link to "HTML imports" https://github.com/w3c/trusted-types/issues/550 
  - Dead link to "HTML imports" https://github.com/w3c/trusted-types/issues/550 



Pull requests
-------------
* w3c/webappsec (+0/-1/💬0)
  1 pull requests merged:
  - Add missing attendee
    https://github.com/w3c/webappsec/pull/660 

* w3c/webappsec-trusted-types (+0/-4/💬2)
  2 pull requests received 2 new comments:
  - #558 Fix dead link to "HTML imports" spec (1 by fred-wang)
    https://github.com/w3c/trusted-types/pull/558 
  - #486 Remove enforcement from embed and object elements (1 by fred-wang)
    https://github.com/w3c/trusted-types/pull/486 

  4 pull requests merged:
  - Treat a null elementNs in getPropertyType/geAtributeType as the HTML …
    https://github.com/w3c/trusted-types/pull/557 
  - Export the two CSP directives
    https://github.com/w3c/trusted-types/pull/545 
  - Fix column indices for callers of "Get Trusted Type data for attribute"
    https://github.com/w3c/trusted-types/pull/555 
  - Fix dead link to "HTML imports" spec
    https://github.com/w3c/trusted-types/pull/558 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 28 October 2024 17:00:23 UTC