Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2025-05-05 (public-webappsec@w3.org from May 2025)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 05 May 2025 17:00:23 +0000
To: public-webappsec@w3.org
Message-Id: <E1uBzB1-001l8Y-33@janus.w3.internal>
Issues
------
* w3c/webappsec-csp (+1/-0/💬4)
  1 issues created:
  - Inline checks in Should navigation request of type be blocked by Content Security Policy? set `blockedURI` to `inline` (by TimvdLippe)
    https://github.com/w3c/webappsec-csp/issues/719 

  3 issues received 4 new comments:
  - #719 Inline checks in Should navigation request of type be blocked by Content Security Policy? set `blockedURI` to `inline` (1 by antosart)
    https://github.com/w3c/webappsec-csp/issues/719 
  - #396 Use of "Get the effective directive for inline checks" in "Should navigation request of type from source in target be blocked by Content Security Policy?" doesn't seem to make sense (2 by TimvdLippe, antosart)
    https://github.com/w3c/webappsec-csp/issues/396 [editorial] 
  - #243 Any protection against dynamic module import? (1 by longzheng)
    https://github.com/w3c/webappsec-csp/issues/243 [needs concrete proposal] 

* w3c/webappsec-permissions-policy (+0/-0/💬1)
  1 issues received 1 new comments:
  - #349 Disable DOM clobbering. (1 by CetinSert)
    https://github.com/w3c/webappsec-permissions-policy/issues/349 [proposed feature] 



Pull requests
-------------
* w3c/webappsec-csp (+3/-1/💬0)
  3 pull requests submitted:
  - Fix effective directive for javascript navigation checks (by antosart)
    https://github.com/w3c/webappsec-csp/pull/722 
  - [Editorial] Disambiguate bikeshed reference for meta (by antosart)
    https://github.com/w3c/webappsec-csp/pull/721 [editorial] 
  - Fix violation's blockedURI for javascript navigations (by antosart)
    https://github.com/w3c/webappsec-csp/pull/720 

  1 pull requests merged:
  - [Editorial] Disambiguate bikeshed reference for meta
    https://github.com/w3c/webappsec-csp/pull/721 [editorial] 

* w3c/webappsec-credential-management (+1/-0/💬0)
  1 pull requests submitted:
  - Add immediate mediation (by kenrb)
    https://github.com/w3c/webappsec-credential-management/pull/272 

* w3c/webappsec-permissions-policy (+1/-0/💬0)
  1 pull requests submitted:
  - [focus-without-user-activation] Add alternative solutions (by ffiori)
    https://github.com/w3c/webappsec-permissions-policy/pull/563 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 5 May 2025 17:00:24 UTC