Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / w3c/security-review issues and pull requests

#139 - Review Security and Privacy Considerations

Issue - State: open - Opened by w3cbot over 2 years ago
Labels: tracker, pending, close?, s:wot-thing-description

#139 - Review Security and Privacy Considerations

Issue - State: open - Opened by w3cbot over 2 years ago
Labels: tracker, pending, close?, s:wot-thing-description

#138 - Review Security and Privacy Considerations

Issue - State: open - Opened by w3cbot over 2 years ago
Labels: needs-resolution, pending, close?, s:wot-discovery

#138 - Review Security and Privacy Considerations

Issue - State: open - Opened by w3cbot over 2 years ago
Labels: needs-resolution, pending, close?, s:wot-discovery

#137 - Review Security and Privacy Considerations

Issue - State: open - Opened by w3cbot over 2 years ago
Labels: tracker, pending, close?, s:wot-discovery

#137 - Review Security and Privacy Considerations

Issue - State: open - Opened by w3cbot over 2 years ago
Labels: tracker, pending, close?, s:wot-discovery

#135 - Guidelines/philosophy for new operations, including security principles

Issue - State: open - Opened by w3cbot over 2 years ago
Labels: tracker, pending, close?, s:webnn

#134 - op metadata that helps avoid implementation mistakes

Issue - State: open - Opened by w3cbot over 2 years ago
Labels: tracker, pending, close?, s:webnn

#132 - Add some security considerations for sites using this API

Issue - State: closed - Opened by w3cbot over 2 years ago - 1 comment
Labels: needs-resolution, pending, s:contact-picker

#126 - should VARY be a cors-safelisted header?

Issue - State: open - Opened by w3cbot over 2 years ago
Labels: tracker, pending, s:fetch, whatwg

#125 - Canonicalization Bug in sample

Issue - State: open - Opened by w3cbot over 2 years ago
Labels: tracker, pending, close?, s:wot-thing-description

#125 - Canonicalization Bug in sample

Issue - State: open - Opened by w3cbot over 2 years ago
Labels: tracker, pending, close?, s:wot-thing-description

#124 - Canonicalization - Step 6 w.r.t. single value needed?

Issue - State: open - Opened by w3cbot over 2 years ago
Labels: tracker, pending, close?, s:wot-thing-description

#123 - Canonicalization - array vs. single value

Issue - State: open - Opened by w3cbot over 2 years ago
Labels: tracker, pending, close?, s:wot-thing-description

#123 - Canonicalization - array vs. single value

Issue - State: open - Opened by w3cbot over 2 years ago
Labels: tracker, pending, close?, s:wot-thing-description

#122 - A security review; some nits

Issue - State: closed - Opened by w3cbot over 2 years ago - 3 comments
Labels: needs-resolution, pending, close?, s:web-share

#122 - A security review; some nits

Issue - State: closed - Opened by w3cbot over 2 years ago - 3 comments
Labels: needs-resolution, pending, close?, s:web-share

#121 - Split security & privacy considerations

Issue - State: closed - Opened by w3cbot over 2 years ago
Labels: tracker, pending, s:web-share

#121 - Split security & privacy considerations

Issue - State: closed - Opened by w3cbot over 2 years ago
Labels: tracker, pending, s:web-share

#120 - Supporting roaming authenticators

Issue - State: open - Opened by w3cbot over 2 years ago - 1 comment
Labels: needs-resolution, s:secure-payment-confirmation

#120 - Supporting roaming authenticators

Issue - State: open - Opened by w3cbot over 2 years ago - 1 comment
Labels: needs-resolution, s:secure-payment-confirmation

#118 - Privacy and Security Considerations section review for Personalization Semantics Content

Issue - State: open - Opened by w3cbot almost 3 years ago
Labels: tracker, pending, s:adapt

#117 - Security considerations

Issue - State: open - Opened by w3cbot almost 3 years ago
Labels: needs-resolution, pending, close?, s:dom, whatwg

#116 - Privacy/Security considerations section

Issue - State: open - Opened by w3cbot almost 3 years ago
Labels: needs-resolution, pending, close?, s:dom, whatwg

#115 - HTML WG 2021

Issue - State: open - Opened by w3cbot almost 3 years ago
Labels: needs-resolution, pending, close?, s:html

#115 - HTML WG 2021

Issue - State: open - Opened by w3cbot almost 3 years ago
Labels: needs-resolution, pending, close?, s:html

#114 - Limiting to http/https is limiting

Issue - State: closed - Opened by w3cbot almost 3 years ago - 2 comments
Labels: tracker, pending, close?, s:web-share

#114 - Limiting to http/https is limiting

Issue - State: closed - Opened by w3cbot almost 3 years ago - 2 comments
Labels: tracker, pending, close?, s:web-share

#110 - Add a CSP check to RTCPeerConnection.constructor().

Issue - State: open - Opened by w3cbot about 3 years ago
Labels: tracker, pending, close?, s:webrtc-extensions

#110 - Add a CSP check to RTCPeerConnection.constructor().

Issue - State: open - Opened by w3cbot about 3 years ago
Labels: tracker, pending, close?, s:webrtc-extensions

#107 - Related WebGPU/GL Security and Privacy Considerations

Issue - State: open - Opened by w3cbot about 3 years ago
Labels: tracker, pending, close?, s:webnn

#107 - Related WebGPU/GL Security and Privacy Considerations

Issue - State: open - Opened by w3cbot about 3 years ago
Labels: tracker, pending, close?, s:webnn

#104 - Agent Certificate has a circular dependency on itself

Issue - State: open - Opened by w3cbot about 3 years ago
Labels: tracker, s:openscreenprotocol, pending, wg:secondscreen

#103 - Consider removing support for P-521

Issue - State: open - Opened by w3cbot about 3 years ago
Labels: tracker, s:openscreenprotocol, pending, close?

#103 - Consider removing support for P-521

Issue - State: open - Opened by w3cbot about 3 years ago
Labels: tracker, s:openscreenprotocol, pending, close?, wg:secondscreen

#102 - Do not use Distinguished Name to convey protocol details

Issue - State: open - Opened by w3cbot about 3 years ago
Labels: tracker, s:openscreenprotocol, pending, wg:secondscreen

#101 - The keyUsage name is digitalSignature, not signing

Issue - State: open - Opened by w3cbot about 3 years ago
Labels: tracker, s:openscreenprotocol, pending, close?

#101 - The keyUsage name is digitalSignature, not signing

Issue - State: open - Opened by w3cbot about 3 years ago
Labels: tracker, s:openscreenprotocol, pending, close?, wg:secondscreen

#100 - Clarify the supported signature algorithms for certificates

Issue - State: open - Opened by w3cbot about 3 years ago
Labels: tracker, s:openscreenprotocol, pending, close?

#100 - Clarify the supported signature algorithms for certificates

Issue - State: open - Opened by w3cbot about 3 years ago
Labels: tracker, s:openscreenprotocol, pending, close?, wg:secondscreen

#99 - Certificates should have a maximum lifetime, and SPAKE2 identities should be SPKI not cert fingerprint

Issue - State: open - Opened by w3cbot about 3 years ago
Labels: tracker, s:openscreenprotocol, pending, wg:secondscreen

#98 - Add some security considerations for sites using this API

Issue - State: open - Opened by w3cbot about 3 years ago
Labels: needs-resolution, pending, s:contact-picker, wg:das, wg:webapps

#94 - clarify fingerprinting text; perhaps bring sec/priv text into alignment with template

Issue - State: open - Opened by w3cbot over 3 years ago
Labels: needs-resolution, pending, close?, wg:media

#93 - add security considerations section

Issue - State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, close?, s:selection-api, wg:webediting

#92 - clarify the issue prompting the suggestion of transcoding images?

Issue - State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, s:clipboard-apis, wg:webediting

#91 - make pasting/sanitizing section normative?

Issue - State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, s:clipboard-apis, wg:webediting

#90 - Intentional manipulation of battery status

Issue - State: closed - Opened by w3cbot over 3 years ago - 1 comment
Labels: tracker, close?, s:media-capabilities, wg:media

#89 - Privacy review of ARIA in HTML (15th March 2021)

Issue - State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, close?, s:html-aria, wg:webapps

#85 - The "body" location value for security schemes is underspecified

Issue - State: closed - Opened by w3cbot over 3 years ago - 1 comment
Labels: tracker, pending, close?, s:wot-thing-description

#85 - The "body" location value for security schemes is underspecified

Issue - State: closed - Opened by w3cbot over 3 years ago - 1 comment
Labels: tracker, pending, close?, s:wot-thing-description, wg:wot

#84 - The "body" location value for security schemes is underspecified

Issue - State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, close?, s:wot-thing-description

#84 - The "body" location value for security schemes is underspecified

Issue - State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, close?, s:wot-thing-description, wg:wot

#83 - Links from sec/priv sections back to normative mitigations?

Issue - State: open - Opened by w3cbot over 3 years ago - 1 comment
Labels: needs-resolution, pending, s:device-posture, wg:das

#82 - Escape "<" and ">" in attributes

Issue - State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, s:html, whatwg

#81 - Remove Cache-Control and Expires headers from the CORS-safelisted response headers to prevent user tracking

Issue - State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, s:fetch, whatwg

#80 - [security] API key and PSK security schemes are not referenced or explained

Issue - State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, close?, s:wot-thing-description, wg:wot

#80 - [security] API key and PSK security schemes are not referenced or explained

Issue - State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, close?, s:wot-thing-description, wg:wot

#79 - add more discussion of sec and priv analysis; split sections

Issue - State: open - Opened by w3cbot over 3 years ago
Labels: needs-resolution, pending, s:battery-status, wg:das

#77 - How is WG authorizing RPCs?

Issue - State: closed - Opened by w3cbot over 3 years ago - 1 comment
Labels: needs-resolution, pending, close?, wg:auto

#74 - IPv4 host parser + site definition seems potentially dangerous.

Issue - State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, close?, s:url, whatwg

#73 - Normative security requirements ("ISSUE 1")

Issue - State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, close?, s:screen-capture, wg:webrtc

#72 - Origin isolation

Issue - State: open - Opened by w3cbot over 3 years ago - 1 comment
Labels: tracker, pending, s:mediacapture-streams, moved?, wg:webrtc

#71 - Expand on captureStream() for CORS-cross-origin media data

Issue - State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, s:mediacapture-fromelement, wg:webrtc

#70 - Consider how to sign TDs in a directory service

Issue - State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, s:wot-discovery, wg:wot

#69 - Decide how to securely do notifications from a Directory

Issue - State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, s:wot-discovery, wg:wot

#68 - Should security be mandatory on directories for WoT Discovery?

Issue - State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, close?, s:wot-discovery

#68 - Should security be mandatory on directories for WoT Discovery?

Issue - State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, close?, s:wot-discovery, wg:wot

#67 - Disable prompting in third parties

Issue - State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, s:storage, whatwg

#66 - Mention Intersection Observer v2 in sec considerations

Issue - State: open - Opened by w3cbot over 3 years ago
Labels: tracker, s:webauthn, pending, close?, wg:webauthn

#64 - Security review for Web Audio API 1.0

Issue - State: open - Opened by w3cbot almost 4 years ago - 1 comment
Labels: tracker, pending, close?, s:webaudio, wg:audio

#63 - [css-conditional-3] Security review answers

Issue - State: open - Opened by w3cbot almost 4 years ago
Labels: tracker, pending, close?, s:css-conditional, wg:css

#62 - [css-color-4] Security: handling of color-profiles

Issue - State: closed - Opened by w3cbot almost 4 years ago
Labels: needs-resolution, pending, close?, s:css-color, wg:css

#61 - [CSS-COLOR-4] Security/Privacy: Incognito mode

Issue - State: closed - Opened by w3cbot almost 4 years ago
Labels: needs-resolution, pending, close?, s:css-color, wg:css

#60 - Remove hasEnrolledInstrument() from version 1.0

Issue - State: open - Opened by w3cbot almost 4 years ago - 1 comment
Labels: tracker, s:payment-request, pending, close?, wg:payments

#59 - Consider using JOSE in Directory service to support object security

Issue - State: open - Opened by w3cbot almost 4 years ago
Labels: tracker, pending, s:wot-discovery, wg:wot

#58 - Review resurrected Cert, Public, and PoP SecuritySchemes

Issue - State: open - Opened by w3cbot almost 4 years ago
Labels: tracker, pending, close?, s:wot-thing-description, wg:wot

#57 - Create OAuth2 subclasses for each flow

Issue - State: open - Opened by w3cbot almost 4 years ago
Labels: tracker, pending, s:wot-thing-description, wg:wot

#56 - Security Review

Issue - State: open - Opened by w3cbot almost 4 years ago
Labels: needs-resolution, pending, close?, s:screen-wake-lock, wg:das

#55 - [css-color-4] Security Self-Review answers

Issue - State: open - Opened by w3cbot almost 4 years ago
Labels: tracker, pending, close?, s:css-color, wg:css

#54 - Add details about generic XRSpace and XRInputSource threats

Issue - State: open - Opened by w3cbot almost 4 years ago
Labels: tracker, pending, s:webxr, wg:immersive-web

#53 - Add appendix to privacy & security explainer showing table of threat vectors & mitigations

Issue - State: open - Opened by w3cbot almost 4 years ago - 2 comments
Labels: tracker, pending, s:webxr, wg:immersive-web

#52 - Do not use allow="screen-wake-lock" for iframes

Issue - State: open - Opened by w3cbot almost 4 years ago
Labels: needs-resolution, pending, close?, s:screen-wake-lock, wg:das

#51 - User prompts to show an active screen-lock should have an associated domain

Issue - State: open - Opened by w3cbot almost 4 years ago
Labels: needs-resolution, pending, close?, s:screen-wake-lock, wg:das

#50 - How to specify desired accuracy / resolution of data?

Issue - State: open - Opened by w3cbot almost 4 years ago - 2 comments
Labels: tracker, s:geolocation, wg:das

#49 - Section 6: Non-normative but containing implementation requirements?

Issue - State: closed - Opened by w3cbot almost 4 years ago - 3 comments
Labels: needs-resolution, s:geolocation, pending, close?, wg:das

#48 - Security review: General observations

Issue - State: closed - Opened by w3cbot almost 4 years ago - 1 comment
Labels: tracker, s:geolocation, pending, close?, wg:das

#47 - Define a permission model?

Issue - State: open - Opened by w3cbot almost 4 years ago
Labels: tracker, pending, s:miniapp, wg:miniapps, ig:chinese-web

#46 - Elements and APIs in the charter scope

Issue - State: closed - Opened by w3cbot about 4 years ago - 1 comment
Labels: needs-resolution, close?, s:miniapp, wg:miniapps, ig:chinese-web

#45 - Add security section to PTZ explainer

Issue - State: open - Opened by w3cbot about 4 years ago
Labels: tracker, pending, close?, s:image-capture, wg:webrtc

#44 - register() lacks same origin check

Issue - State: open - Opened by w3cbot about 4 years ago
Labels: tracker, pending, close?, s:service-workers, wg:service-workers

#43 - Should network state be keyed beyond the top-level site

Issue - State: open - Opened by w3cbot about 4 years ago
Labels: tracker, pending, whatwg

#42 - Charter: expand WebAppSec citation?

Issue - State: open - Opened by w3cbot about 4 years ago
Labels: needs-resolution, pending, close?, s:miniapp, wg:miniapps, ig:chinese-web

#41 - Consider dropping declarative scope for subresource loading.

Issue - State: open - Opened by w3cbot about 4 years ago
Labels: tracker, pending, close?, s:webpackage, cg:wicg

#40 - Describe what happens with administratively prohibited candidates

Issue - State: open - Opened by w3cbot about 4 years ago
Labels: tracker, s:webrtc, pending, close?, wg:webrtc

#38 - Consider allowing downloads by user interaction within a sandboxed iframe

Issue - State: open - Opened by w3cbot about 4 years ago
Labels: tracker, pending, s:html, whatwg

#37 - Blob URL store partitioning

Issue - State: open - Opened by w3cbot about 4 years ago
Labels: tracker, pending, s:fileapi, wg:webapps

#36 - Add portscanning warning to the spec

Issue - State: open - Opened by w3cbot about 4 years ago
Labels: tracker, s:webrtc, pending, close?, wg:webrtc

#35 - Make high resolution time dependant on cross-origin isolated

Issue - State: open - Opened by w3cbot about 4 years ago
Labels: tracker, s:hr-time, pending, close?, wg:webperf

#34 - Service workers allow for more responses to be executed as script

Issue - State: open - Opened by plehegar over 4 years ago
Labels: tracker, pending, s:service-workers, wg:service-workers

#32 - Requirements for CORS safe-list

Issue - State: open - Opened by plehegar over 4 years ago
Labels: tracker, pending, s:trace-context, wg:distributed-tracing