- From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
- Date: Mon, 23 Sep 2024 17:00:24 +0000
- To: public-webappsec@w3.org
- Message-Id: <E1ssmQC-005PzV-0H@janus.w3.internal>
Issues
------
* w3c/webappsec (+0/-1/💬6)
2 issues received 6 new comments:
- #656 CSP and data exfiltration (4 by ArcEglos, estark37, lknik, weizman)
https://github.com/w3c/webappsec/issues/656
- #654 Planning TPAC. (2 by mikewest, sanketj)
https://github.com/w3c/webappsec/issues/654
1 issues closed:
- Planning TPAC. https://github.com/w3c/webappsec/issues/654
* w3c/webappsec-csp (+0/-0/💬1)
1 issues received 1 new comments:
- #427 `javascript:` navigation directive-name is always null (1 by mbrodesser-Igalia)
https://github.com/w3c/webappsec-csp/issues/427
* w3c/webappsec-permissions-policy (+0/-14/💬9)
7 issues received 9 new comments:
- #543 [clipboard] document.execCommand('copy') and presumably paste bypass permissions policy (1 by clelland)
https://github.com/w3c/webappsec-permissions-policy/issues/543
- #502 Clarify "Shipped in Chrome" for picture-in-picture in features.md (1 by clelland)
https://github.com/w3c/webappsec-permissions-policy/issues/502
- #442 linkably define term "policy-controlled feature token" (2 by clelland)
https://github.com/w3c/webappsec-permissions-policy/issues/442
- #439 Incorret grammar in Container policies green box (1 by clelland)
https://github.com/w3c/webappsec-permissions-policy/issues/439
- #432 [HEADER-STRUCTURE] reference needs updating (1 by clelland)
https://github.com/w3c/webappsec-permissions-policy/issues/432
- #381 Remove '*' default allowlist (1 by clelland)
https://github.com/w3c/webappsec-permissions-policy/issues/381
- #273 Prevent programmatic focus in iframe (2 by clelland, siliu1)
https://github.com/w3c/webappsec-permissions-policy/issues/273 [proposed feature]
14 issues closed:
- Make policy scope clear and address tracking risks in the privacy section https://github.com/w3c/webappsec-permissions-policy/issues/406
- Remove '*' default allowlist https://github.com/w3c/webappsec-permissions-policy/issues/381
- [HEADER-STRUCTURE] reference needs updating https://github.com/w3c/webappsec-permissions-policy/issues/432
- incorrect grammar: "and in and HTML attributes" https://github.com/w3c/webappsec-permissions-policy/issues/434
- add "otp-credentials" policy-controlled feature token to features.md https://github.com/w3c/webappsec-permissions-policy/issues/443
- Mark "ambient-light-sensor" as behind a flag in features.md https://github.com/w3c/webappsec-permissions-policy/issues/478
- Clarify "Shipped in Chrome" for picture-in-picture in features.md https://github.com/w3c/webappsec-permissions-policy/issues/502
- Add "mediasession" to the list of permission policies https://github.com/w3c/webappsec-permissions-policy/issues/531
- Update features.md (e.g., 'storage-access' is missing) https://github.com/w3c/webappsec-permissions-policy/issues/551
- Permissions Policy "deferred-fetch" https://github.com/w3c/webappsec-permissions-policy/issues/544
- [clipboard] document.execCommand('copy') and presumably paste bypass permissions policy https://github.com/w3c/webappsec-permissions-policy/issues/543
- Query: Can trusted subframe allocate permission to one of it's cross-domain subframe https://github.com/w3c/webappsec-permissions-policy/issues/542
- linkably define term "policy-controlled feature token" https://github.com/w3c/webappsec-permissions-policy/issues/442
- Incorret grammar in Container policies green box https://github.com/w3c/webappsec-permissions-policy/issues/439
* w3c/webappsec-trusted-types (+1/-1/💬4)
1 issues created:
- "pre-navigation check" uses "request’s clients's global object" which is null (by mbrodesser-Igalia)
https://github.com/w3c/trusted-types/issues/548
1 issues received 4 new comments:
- #547 Add WPT for "create navigation params by fetching" step 19.3 (4 by mbrodesser-Igalia, otherdaniel)
https://github.com/w3c/trusted-types/issues/547
1 issues closed:
- Add WPT for "create navigation params by fetching" step 19.3 https://github.com/w3c/trusted-types/issues/547
Pull requests
-------------
* w3c/webappsec (+1/-0/💬0)
1 pull requests submitted:
- Add WK RP Passkey Endpoints (by timcappalli)
https://github.com/w3c/webappsec/pull/658
* w3c/webappsec-credential-management (+1/-0/💬0)
1 pull requests submitted:
- Define with types are allowed in the same get() request (by mohamedamir)
https://github.com/w3c/webappsec-credential-management/pull/261
* w3c/webappsec-permissions-policy (+0/-0/💬1)
1 pull requests received 1 new comments:
- #546 Send reports for Permissions Policy violations in iframe to parent frame's endpoint (1 by clelland)
https://github.com/w3c/webappsec-permissions-policy/pull/546
Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 23 September 2024 17:00:24 UTC