Weekly github digest (WebAppSec specs) from W3C Webmaster via GitHub API on 2024-02-19 (public-webappsec@w3.org from February 2024)

From: W3C Webmaster via GitHub API <sysbot+gh@w3.org>
Date: Mon, 19 Feb 2024 17:00:25 +0000
To: public-webappsec@w3.org
Message-Id: <E1rc70D-008vbo-EN@uranus.w3.org>
Issues
------
* w3c/webappsec-csp (+1/-1/💬4)
  1 issues created:
  - [TIMING]  references broken  (by bkardell)
    https://github.com/w3c/webappsec-csp/issues/644 

  2 issues received 4 new comments:
  - #640 Why is the Content-Security-Policy-Report-Only header field not supported in `<meta>` elements? (2 by annevk, gapple)
    https://github.com/w3c/webappsec-csp/issues/640 
  - #277 Allow CSP-Report-Only in meta tags. (2 by annevk, lukewarlow)
    https://github.com/w3c/webappsec-csp/issues/277 

  1 issues closed:
  - Why is the Content-Security-Policy-Report-Only header field not supported in `<meta>` elements? https://github.com/w3c/webappsec-csp/issues/640 

* w3c/webappsec-credential-management (+1/-0/💬0)
  1 issues created:
  - Please PLEASE please auto-publish this spec (by marcoscaceres)
    https://github.com/w3c/webappsec-credential-management/issues/226 

* w3c/permissions (+1/-1/💬1)
  1 issues created:
  - Turn PermissionSetParameters.descriptor into an object (by saschanaz)
    https://github.com/w3c/permissions/issues/443 

  1 issues received 1 new comments:
  - #414 Add another permission state "always-ask" (from one-time grants)? (1 by jan-ivar)
    https://github.com/w3c/permissions/issues/414 

  1 issues closed:
  - Add another permission state "always-ask" (from one-time grants)? https://github.com/w3c/permissions/issues/414 

* w3c/webappsec-secure-contexts (+0/-0/💬1)
  1 issues received 1 new comments:
  - #60 Using secure-context gated features with local devices (1 by aerik)
    https://github.com/w3c/webappsec-secure-contexts/issues/60 

* w3c/webappsec-permissions-policy (+0/-0/💬6)
  2 issues received 6 new comments:
  - #537 Send reports for Permissions Policy violations in iframe to parent frame's endpoint (1 by shhnjk)
    https://github.com/w3c/webappsec-permissions-policy/issues/537 
  - #410 Proposal: Transition 'sync-xhr' feature to Document Policy (5 by RByers, arturjanc, yoavweiss)
    https://github.com/w3c/webappsec-permissions-policy/issues/410 

* w3c/webappsec-trusted-types (+2/-4/💬13)
  2 issues created:
  - Issue with script enforcement (by lukewarlow)
    https://github.com/w3c/trusted-types/issues/437 
  - "Prepare the script URL and text" algorithm badly named (by lukewarlow)
    https://github.com/w3c/trusted-types/issues/435 

  6 issues received 13 new comments:
  - #437 Issue with script enforcement (6 by koto, lukewarlow, mbrodesser-Igalia, otherdaniel)
    https://github.com/w3c/trusted-types/issues/437 [bug] [spec] 
  - #432 TrustedTypePolicyFactory getTypeMapping() missing from spec. (1 by koto)
    https://github.com/w3c/trusted-types/issues/432 [proposed-removal] 
  - #424 Can lowercasing be removed from getAttributeType()? (1 by lukewarlow)
    https://github.com/w3c/trusted-types/issues/424 
  - #423 getAttributeType() needs a rewrite (1 by lukewarlow)
    https://github.com/w3c/trusted-types/issues/423 
  - #398 Defer `fromLiteral`? (3 by lukewarlow, mbrodesser-Igalia)
    https://github.com/w3c/trusted-types/issues/398 [proposed-removal] 
  - #384 Are `getAttributeType` and `getPropertyType` methods neccessary? (1 by mozfreddyb)
    https://github.com/w3c/trusted-types/issues/384 [proposed-removal] 

  4 issues closed:
  - "Prepare the script URL and text" algorithm badly named https://github.com/w3c/trusted-types/issues/435 
  - TrustedHTML.fromLiteral is exposed in workers but assumes the current global is a Window https://github.com/w3c/trusted-types/issues/374 [proposed-removal] 
  - Either remove `fromLiteral` from v1 of the spec or add a note to the spec that it'll be implemented later https://github.com/w3c/trusted-types/issues/412 
  - Are `getAttributeType` and `getPropertyType` methods neccessary? https://github.com/w3c/trusted-types/issues/384 [proposed-removal] 



Pull requests
-------------
* w3c/permissions (+1/-0/💬1)
  1 pull requests submitted:
  - Editorial: Use `object` for PermissionSetParameters.descriptor (by saschanaz)
    https://github.com/w3c/permissions/pull/444 

  1 pull requests received 1 new comments:
  - #442 Tidied up document using tidy-html5 (1 by w3cbot)
    https://github.com/w3c/permissions/pull/442 

* w3c/webappsec-trusted-types (+1/-2/💬0)
  1 pull requests submitted:
  - Rename prepare script url and text algorithm (by lukewarlow)
    https://github.com/w3c/trusted-types/pull/436 

  2 pull requests merged:
  - Rename prepare script url and text algorithm
    https://github.com/w3c/trusted-types/pull/436 
  - Remove `fromLiteral` from spec.
    https://github.com/w3c/trusted-types/pull/405 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/w3c/webappsec
* https://github.com/w3c/webappsec-subresource-integrity
* https://github.com/w3c/webappsec-csp
* https://github.com/w3c/webappsec-mixed-content
* https://github.com/w3c/webappsec-upgrade-insecure-requests
* https://github.com/w3c/webappsec-credential-management
* https://github.com/w3c/permissions
* https://github.com/w3c/permissions-registry
* https://github.com/w3c/webappsec-referrer-policy
* https://github.com/w3c/webappsec-secure-contexts
* https://github.com/w3c/webappsec-clear-site-data
* https://github.com/w3c/webappsec-cowl
* https://github.com/w3c/webappsec-epr
* https://github.com/w3c/webappsec-suborigins
* https://github.com/w3c/webappsec-cspee
* https://github.com/w3c/webappsec-permissions-policy
* https://github.com/w3c/webappsec-fetch-metadata
* https://github.com/w3c/webappsec-trusted-types
* https://github.com/w3c/webappsec-change-password-url
* https://github.com/w3c/webappsec-post-spectre-webdev


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 19 February 2024 17:00:26 UTC