Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2025-06-02 (public-webappsec@w3.org from June 2025)

From: W3C Webmaster via GitHub API <noreply@w3.org>
Date: Mon, 02 Jun 2025 17:00:26 +0000
To: public-webappsec@w3.org
Message-Id: <E1uM8WQ-003ga6-1I@janus.w3.internal>
Issues
------
* w3c/webappsec-csp (+3/-1/💬8)
  3 issues created:
  - Conflicting SRI test cases for integrity checks and cross-origin hosts. (by TimvdLippe)
    https://github.com/w3c/webappsec-csp/issues/728 
  - Inconsistency between script pre- and post-request checks for `strict-dynamic` ASCII case-sensitivity (by TimvdLippe)
    https://github.com/w3c/webappsec-csp/issues/727 
  - Inconsistent report type naming (by Synchro)
    https://github.com/w3c/webappsec-csp/issues/726 

  4 issues received 8 new comments:
  - #728 Conflicting SRI test cases for integrity checks and cross-origin hosts. (3 by TimvdLippe)
    https://github.com/w3c/webappsec-csp/issues/728 
  - #727 Inconsistency between script pre- and post-request checks for `strict-dynamic` ASCII case-sensitivity (3 by TimvdLippe, annevk)
    https://github.com/w3c/webappsec-csp/issues/727 
  - #726 Inconsistent report type naming (1 by antosart)
    https://github.com/w3c/webappsec-csp/issues/726 
  - #673 CSP spec not user-friendly (1 by Synchro)
    https://github.com/w3c/webappsec-csp/issues/673 [needs concrete proposal] 

  1 issues closed:
  - Inconsistent report type naming https://github.com/w3c/webappsec-csp/issues/726 

* w3c/webappsec-trusted-types (+1/-0/💬0)
  1 issues created:
  - Do importmaps really need TT enforcement? (by lukewarlow)
    https://github.com/w3c/trusted-types/issues/586 



Pull requests
-------------
* w3c/webappsec-subresource-integrity (+1/-1/💬1)
  1 pull requests submitted:
  - Integrity-Policy - Fix up the discrepancy with Fetch integrity metadata (by yoavweiss)
    https://github.com/w3c/webappsec-subresource-integrity/pull/135 

  1 pull requests received 1 new comments:
  - #135 Integrity-Policy - Fix up the discrepancy with Fetch integrity metadata (1 by mozfreddyb)
    https://github.com/w3c/webappsec-subresource-integrity/pull/135 

  1 pull requests merged:
  - Integrity-Policy - Fix up the discrepancy with Fetch integrity metadata
    https://github.com/w3c/webappsec-subresource-integrity/pull/135 

* w3c/webappsec-csp (+4/-3/💬4)
  4 pull requests submitted:
  - [Editorial] Fix missing input param of match-response-source-list (by antosart)
    https://github.com/w3c/webappsec-csp/pull/732 
  - Fix URL in report-uri request (by TimvdLippe)
    https://github.com/w3c/webappsec-csp/pull/731 
  - Further clarify post-request check (by TimvdLippe)
    https://github.com/w3c/webappsec-csp/pull/730 
  - [Editorial] Fix csp-hash report type in example (by antosart)
    https://github.com/w3c/webappsec-csp/pull/729 [editorial] 

  2 pull requests received 4 new comments:
  - #731 Fix URL in report-uri request (3 by TimvdLippe, antosart, mikewest)
    https://github.com/w3c/webappsec-csp/pull/731 
  - #725 Export strip-url-for-use-in-reports (1 by yoavweiss)
    https://github.com/w3c/webappsec-csp/pull/725 

  3 pull requests merged:
  - Fix URL in report-uri request
    https://github.com/w3c/webappsec-csp/pull/731 
  - [Editorial] Fix missing input param of match-response-source-list
    https://github.com/w3c/webappsec-csp/pull/732 
  - [Editorial] Fix csp-hash report type in example
    https://github.com/w3c/webappsec-csp/pull/729 [editorial] 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 2 June 2025 17:00:27 UTC