- From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
- Date: Mon, 13 Jan 2025 17:00:24 +0000
- To: public-webappsec@w3.org
- Message-Id: <E1tXNnc-002Xan-38@janus.w3.internal>
Issues
------
* w3c/webappsec (+2/-1/💬2)
2 issues created:
- Planning 2025-02-19 (by mikewest)
https://github.com/w3c/webappsec/issues/666
- Planning 2025-01-15 (by mikewest)
https://github.com/w3c/webappsec/issues/665
1 issues received 2 new comments:
- #665 Planning 2025-01-15 (2 by mikewest)
https://github.com/w3c/webappsec/issues/665
1 issues closed:
- Planning 2025-01-15 https://github.com/w3c/webappsec/issues/665
* w3c/webappsec-csp (+0/-1/💬3)
1 issues received 3 new comments:
- #523 Hashes bypass source-based allowlisting only on pre-request, not on post-request (3 by antosart, ciaramcmullin, dveditz)
https://github.com/w3c/webappsec-csp/issues/523 [agenda+]
1 issues closed:
- Hashes bypass source-based allowlisting only on pre-request, not on post-request https://github.com/w3c/webappsec-csp/issues/523 [agenda+]
* w3c/webappsec-trusted-types (+1/-0/💬3)
1 issues created:
- Add test for event handler content attribute handling for false positive event handler attributes (by lukewarlow)
https://github.com/w3c/trusted-types/issues/573
3 issues received 3 new comments:
- #567 Add tests for worker constructors called from worker global scope (1 by fred-wang)
https://github.com/w3c/trusted-types/issues/567
- #507 Script element protection model (1 by Sawsqr68)
https://github.com/w3c/trusted-types/issues/507
- #494 Improve test coverage of sink values (1 by fred-wang)
https://github.com/w3c/trusted-types/issues/494
Pull requests
-------------
* w3c/webappsec-csp (+0/-0/💬5)
4 pull requests received 5 new comments:
- #693 Hash reporting for scripts (2 by sysrqb, yoavweiss)
https://github.com/w3c/webappsec-csp/pull/693
- #692 Use "navigation request's policy container's CSP list" instead of "navigation request's client's global object's CSP list" (1 by ciaramcmullin)
https://github.com/w3c/webappsec-csp/pull/692 [blocked]
- #665 Add `trusted-types-eval` source expression for `script-src` (1 by lukewarlow)
https://github.com/w3c/webappsec-csp/pull/665 [addition/proposal]
- #377 Use the duplicate attribute flag is nonceable check (1 by dveditz)
https://github.com/w3c/webappsec-csp/pull/377 [blocked]
* w3c/webappsec-permissions-policy (+1/-0/💬0)
1 pull requests submitted:
- Add `ch-ua-high-entropy-values` feature (by miketaylr)
https://github.com/w3c/webappsec-permissions-policy/pull/558
* w3c/webappsec-trusted-types (+0/-1/💬0)
1 pull requests merged:
- Add an |includeReportOnlyPolicies| boolean argument to Does sink type require trusted types?
https://github.com/w3c/trusted-types/pull/518
Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 13 January 2025 17:00:25 UTC