Web Application Security Working Group
Issue Tracking
Summary
Issues:
Raised
Open
Pending Review
Closed
Postponed
All
Create
Actions:
Open
Overdue
Closed
Pending Review
Raise
Users
My
Tracker
Products
Agenda planning
Recent activity
Open Actions
Apply the following changes to selected action items:
Mark as
No status change
Open
Pending review
Closed
Update due date to:
Associate to issue:
No change
ISSUE-5
ISSUE-22
ISSUE-28
ISSUE-29
ISSUE-34
ISSUE-44
ISSUE-57
ISSUE-64
ISSUE-65
ISSUE-66
ISSUE-67
ISSUE-68: 401 prompting by subresources
ISSUE-69: Overt channel control in CSP
ISSUE-70: Using ni:/// as CSP source
ISSUE-71: JSONP directives
ISSUE-72: Streaming Integrity
ISSUE-73: CSP path matching
ISSUE-74: plugin-types 'none'
ISSUE-1
ISSUE-2
ISSUE-3
ISSUE-4
ISSUE-6: sandbox
ISSUE-7: policy-uri
ISSUE-8
ISSUE-9
ISSUE-10
ISSUE-11: Violation report privacy
ISSUE-12
ISSUE-13: URI Fragments in 1.1
ISSUE-14: META tag for CSP
ISSUE-15: SRCDOC, BLOB, ETC
ISSUE-16: CSP informs client, cannot restrict it
ISSUE-17: Extension compat
ISSUE-18: CSP as risk assessment score
ISSUE-19: Interaction of CSP and IRIs
ISSUE-20
ISSUE-21
ISSUE-23
ISSUE-24
ISSUE-25
ISSUE-26
ISSUE-27
ISSUE-30
ISSUE-31
ISSUE-32
ISSUE-33
ISSUE-35
ISSUE-36
ISSUE-37
ISSUE-38
ISSUE-39
ISSUE-40: X-XSS-Protection
ISSUE-41: CSP and malicious extensions
ISSUE-42: CSS Nonce
ISSUE-43: Custom Elements in CSP 1.1
ISSUE-45: 'top-only'
ISSUE-46: Does nonce make CSP header security-sensitive
ISSUE-47
ISSUE-48: base uri
ISSUE-49
ISSUE-50
ISSUE-51
ISSUE-52: unsafe DOM API
ISSUE-53: UI Security model for composited drawing models
ISSUE-54: uri vs url
ISSUE-55: input-protection and seamless iframes
ISSUE-56: child src navigation
ISSUE-58: Late binding of CSP
ISSUE-59: SVG rules for CSP
ISSUE-60: CSP and META
ISSUE-61
ISSUE-62
ISSUE-63
Associate to product:
No change
CORS
CSP Level 1
CSP Level 2
CSP Level 3
Mixed Content
Referrer Policy
Subresource Integrity Level 1
Subresource Integrity Level 2
UI Security
There are 28 open actions.
↓
ID
↓
State
Title
↓
Person
↓
Due Date
Associated with
ACTION-141
open
CSP Next: Update default-src language to be more future-proof
Mike West
2015-01-31
CSP Level 3
ACTION-144
open
CSP Next: Propose text on layering of fetch context types with CSP directives
Mike West
2015-01-31
CSP Level 3
ACTION-164
open
CSP Next: Integrate mnot's cookie scope proposal.
Mike West
2015-01-31
CSP Level 3
ACTION-166
open
to add an explicit "privacy considerations" section to sri
Mike West
2014-03-19
Subresource Integrity Level 1
ACTION-167
open
Respond to list queries about hints for content-addressable storage
Devdatta Akhawe
2014-05-30
Subresource Integrity Level 1
ACTION-169
open
Read and respond to use of sri hashes for caching/alternate locations: http://lists.w3.org/archives/public/public-webappsec/2014mar/0103.html
Devdatta Akhawe
2014-05-30
Subresource Integrity Level 1
ACTION-172
open
Review servicewoker issues relevant to csp from github
Mike West
2015-01-31
CSP Level 3
ACTION-181
open
Suggest more clear use case and language around exact behavior for noncanonical-src
Brad Hill
2014-11-17
Subresource Integrity Level 1
ACTION-182
open
Make sure blob origin is discussed further on list
Brad Hill
2014-11-17
CSP Level 3
ACTION-186
open
Do more research on preventing 401 attach http://lists.w3.org/archives/public/public-webappsec/2014aug/0016.html
Brad Hill
2015-01-31
CSP Level 3
ACTION-188
open
Evaluate json-src
Mike West
2015-01-31
CSP Level 3
ACTION-189
open
Evaluate script-ancestors
Mike West
2015-01-31
CSP Level 3
ACTION-190
open
Is reflected-xss directive at risk?
David Walp
2014-11-03
ISSUE-62
ACTION-192
open
Evaluate control over nesting depth.
Mike West
2014-11-03
CSP Level 3
ACTION-198
open
Take bookmarklets discussion back to the list
Brad Hill
2014-11-17
CSP Level 3
ACTION-199
open
Keep topic of internet/intranet connectivity and https on the w3c radar
Wendy Seltzer
2014-11-03
ACTION-207
open
Raise definition of sandboxed worker in html spec
Brad Hill
2014-11-24
ACTION-209
open
Ask open data/linked data groups for info on data publishing for use in secure context
Wendy Seltzer
2015-01-19
ACTION-210
open
Move sri bugs in bugzilla to github
Brad Hill
2015-01-19
ACTION-211
open
Ask github if they prefer fail open / closed on unknown hashes
Brad Hill
2015-01-19
ACTION-212
open
Issue cfc to take mixed content to cr
Brad Hill
2015-02-16
ACTION-213
open
Reply to brian smith re: csp2 to cr
Brad Hill
2015-02-16
ACTION-215
open
Schedule conversation with web platform wg chairs and webappsec re csp3
Wendy Seltzer
2016-01-15
ACTION-218
open
And dveditz to send call for wide review for referrer policy
Mike West
2017-11-13
ACTION-219
open
And dveditz to send call for wide review for secure contexts
Mike West
2017-11-13
ACTION-220
open
File issue on the spec to match firefox behavior
Daniel Veditz
2017-11-13
ACTION-221
open
Figure out new syntax and send to the list
Mike West
2017-11-13
ACTION-222
open
Take a stab a specifying a cors switch "retry without creds on failure"
Mike West
2017-11-14
Add a new action item
. See
all the action items
Daniel Veditz <
dveditz@mozilla.com
>, Mike West <
mkwst@google.com
>, Chairs, Wendy Seltzer <
wseltzer@w3.org
>, Samuel Weiler <
weiler@w3.org
>, Staff Contacts
Tracker:
documentation
, (
configuration for this group
), originally developed by
Dean Jackson
, is developed and maintained by the Systems Team <
w3t-sys@w3.org
>.
$Id: open.html,v 1.1 2020/01/17 08:52:17 carcone Exp $