Web Application Security Working Group
Issue Tracking
Summary
Issues:
Raised
Open
Pending Review
Closed
Postponed
All
Create
Actions:
Open
Overdue
Closed
Pending Review
Raise
Users
My
Tracker
Products
Agenda planning
Recent activity
Pending review Actions
Apply the following changes to selected action items:
Mark as
No status change
Open
Pending review
Closed
Update due date to:
Associate to issue:
No change
ISSUE-5
ISSUE-22
ISSUE-28
ISSUE-29
ISSUE-34
ISSUE-44
ISSUE-57
ISSUE-64
ISSUE-65
ISSUE-66
ISSUE-67
ISSUE-68: 401 prompting by subresources
ISSUE-69: Overt channel control in CSP
ISSUE-70: Using ni:/// as CSP source
ISSUE-71: JSONP directives
ISSUE-72: Streaming Integrity
ISSUE-73: CSP path matching
ISSUE-74: plugin-types 'none'
ISSUE-1
ISSUE-2
ISSUE-3
ISSUE-4
ISSUE-6: sandbox
ISSUE-7: policy-uri
ISSUE-8
ISSUE-9
ISSUE-10
ISSUE-11: Violation report privacy
ISSUE-12
ISSUE-13: URI Fragments in 1.1
ISSUE-14: META tag for CSP
ISSUE-15: SRCDOC, BLOB, ETC
ISSUE-16: CSP informs client, cannot restrict it
ISSUE-17: Extension compat
ISSUE-18: CSP as risk assessment score
ISSUE-19: Interaction of CSP and IRIs
ISSUE-20
ISSUE-21
ISSUE-23
ISSUE-24
ISSUE-25
ISSUE-26
ISSUE-27
ISSUE-30
ISSUE-31
ISSUE-32
ISSUE-33
ISSUE-35
ISSUE-36
ISSUE-37
ISSUE-38
ISSUE-39
ISSUE-40: X-XSS-Protection
ISSUE-41: CSP and malicious extensions
ISSUE-42: CSS Nonce
ISSUE-43: Custom Elements in CSP 1.1
ISSUE-45: 'top-only'
ISSUE-46: Does nonce make CSP header security-sensitive
ISSUE-47
ISSUE-48: base uri
ISSUE-49
ISSUE-50
ISSUE-51
ISSUE-52: unsafe DOM API
ISSUE-53: UI Security model for composited drawing models
ISSUE-54: uri vs url
ISSUE-55: input-protection and seamless iframes
ISSUE-56: child src navigation
ISSUE-58: Late binding of CSP
ISSUE-59: SVG rules for CSP
ISSUE-60: CSP and META
ISSUE-61
ISSUE-62
ISSUE-63
Associate to product:
No change
CORS
CSP Level 1
CSP Level 2
CSP Level 3
Mixed Content
Referrer Policy
Subresource Integrity Level 1
Subresource Integrity Level 2
UI Security
There are 7 pending review actions.
↓
ID
↓
State
Title
↓
Person
↓
Due Date
Associated with
ACTION-115
pending review
Make proposal on handling of srcdoc, blob, etc. (ISSUE-15)
Adam Barth
2013-05-07
SRCDOC, BLOB, ETC
ACTION-155
pending review
Update csp to reflect that workers use policy resource is delivered with
Mike West
2013-11-26
ACTION-156
pending review
CSP: Clarify plugin-src behavior: if able to determine resource, self or none
Mike West
2014-11-01
CSP Level 2
ACTION-200
pending review
Investigate git issue tooling with other w3c groups
Brad Hill
2014-11-24
ACTION-204
pending review
Reply to mark watson that 1/2 of his issue is a last call comment to mix
Brad Hill
2014-11-24
ACTION-205
pending review
Does link really violate csp guarantees?
Brad Hill
2014-11-24
ACTION-206
pending review
Reply on referrer suggest imperative policy controls in serviceworker
Brad Hill
2014-11-24
Add a new action item
. See
all the action items
Daniel Veditz <
dveditz@mozilla.com
>, Mike West <
mkwst@google.com
>, Chairs, Wendy Seltzer <
wseltzer@w3.org
>, Samuel Weiler <
weiler@w3.org
>, Staff Contacts
Tracker:
documentation
, (
configuration for this group
), originally developed by
Dean Jackson
, is developed and maintained by the Systems Team <
w3t-sys@w3.org
>.
$Id: pendingreview.html,v 1.1 2020/01/17 08:52:18 carcone Exp $