Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / w3c/security-review issues and pull requests
#156 - External resources should be loaded securely
Issue -
State: open - Opened by w3cbot over 2 years ago
Labels: needs-resolution, pending, close?
#156 - External resources should be loaded securely
Issue -
State: open - Opened by w3cbot over 2 years ago
Labels: needs-resolution, pending, close?
#155 - epub provides no authenticity or integrity checks
Issue -
State: open - Opened by w3cbot over 2 years ago
Labels: tracker, pending, close?
#154 - review of issues raised in "Reading Between the Lines: An Extensive Evaluation of the Security and Privacy Implications of EPUB Reading Systems"
Issue -
State: open - Opened by w3cbot over 2 years ago
Labels: tracker, pending, close?
#154 - review of issues raised in "Reading Between the Lines: An Extensive Evaluation of the Security and Privacy Implications of EPUB Reading Systems"
Issue -
State: open - Opened by w3cbot over 2 years ago
Labels: tracker, pending, close?
#153 - Revisit: Persisting permissions
Issue -
State: open - Opened by w3cbot over 2 years ago
Labels: tracker, pending, s:mediacapture-viewport
#152 - [Web Assembly] source alternative / auditability
Issue -
State: open - Opened by w3cbot over 2 years ago
Labels: needs-resolution, pending, close?, s:wasm-core
#152 - [Web Assembly] source alternative / auditability
Issue -
State: closed - Opened by w3cbot over 2 years ago
- 1 comment
Labels: needs-resolution, pending, close?, s:wasm-core
#151 - WebAssembly 2022 charter
Issue -
State: open - Opened by w3cbot over 2 years ago
Labels: needs-resolution, pending, close?, s:html
#149 - Self-Review Questionnaire: Security and Privacy
Issue -
State: open - Opened by w3cbot almost 3 years ago
Labels: tracker, pending, close?, s:webnn
#148 - Consolidate Security and Privacy Considerations (moving IANA security considerations)
Issue -
State: open - Opened by w3cbot almost 3 years ago
Labels: tracker, pending, close?, s:wot-thing-description
#147 - Finding a place to put the security paragraph in the bindings chapter
Issue -
State: open - Opened by w3cbot almost 3 years ago
Labels: needs-resolution, pending, close?, s:wot-architecture
#145 - Verifiable Credentials WG Rechartering
Issue -
State: open - Opened by w3cbot almost 3 years ago
Labels: needs-resolution, pending, close?, s:html
#145 - Verifiable Credentials WG Rechartering
Issue -
State: open - Opened by w3cbot almost 3 years ago
Labels: needs-resolution, pending, close?, s:html
#142 - Review Security and Privacy Considerations
Issue -
State: closed - Opened by w3cbot almost 3 years ago
- 1 comment
Labels: needs-resolution, pending, close?, s:wot-architecture, wg:wot
#140 - Review Security and Privacy Considerations
Issue -
State: closed - Opened by w3cbot almost 3 years ago
- 1 comment
Labels: needs-resolution, pending, close?, s:wot-thing-description
#139 - Review Security and Privacy Considerations
Issue -
State: open - Opened by w3cbot almost 3 years ago
Labels: tracker, pending, close?, s:wot-thing-description
#139 - Review Security and Privacy Considerations
Issue -
State: open - Opened by w3cbot almost 3 years ago
Labels: tracker, pending, close?, s:wot-thing-description
#138 - Review Security and Privacy Considerations
Issue -
State: open - Opened by w3cbot almost 3 years ago
Labels: needs-resolution, pending, close?, s:wot-discovery
#138 - Review Security and Privacy Considerations
Issue -
State: closed - Opened by w3cbot almost 3 years ago
- 1 comment
Labels: needs-resolution, pending, close?, s:wot-discovery, wg:wot
#137 - Review Security and Privacy Considerations
Issue -
State: open - Opened by w3cbot almost 3 years ago
Labels: tracker, pending, close?, s:wot-discovery
#137 - Review Security and Privacy Considerations
Issue -
State: open - Opened by w3cbot almost 3 years ago
Labels: tracker, pending, close?, s:wot-discovery
#135 - Guidelines/philosophy for new operations, including security principles
Issue -
State: open - Opened by w3cbot almost 3 years ago
Labels: tracker, pending, close?, s:webnn
#134 - op metadata that helps avoid implementation mistakes
Issue -
State: open - Opened by w3cbot almost 3 years ago
Labels: tracker, pending, close?, s:webnn
#132 - Add some security considerations for sites using this API
Issue -
State: closed - Opened by w3cbot almost 3 years ago
- 1 comment
Labels: needs-resolution, pending, s:contact-picker
#126 - should VARY be a cors-safelisted header?
Issue -
State: open - Opened by w3cbot almost 3 years ago
Labels: tracker, pending, s:fetch, whatwg
#125 - Canonicalization Bug in sample
Issue -
State: open - Opened by w3cbot almost 3 years ago
Labels: tracker, pending, close?, s:wot-thing-description
#125 - Canonicalization Bug in sample
Issue -
State: open - Opened by w3cbot almost 3 years ago
Labels: tracker, pending, close?, s:wot-thing-description
#124 - Canonicalization - Step 6 w.r.t. single value needed?
Issue -
State: open - Opened by w3cbot almost 3 years ago
Labels: tracker, pending, close?, s:wot-thing-description
#123 - Canonicalization - array vs. single value
Issue -
State: open - Opened by w3cbot almost 3 years ago
Labels: tracker, pending, close?, s:wot-thing-description
#123 - Canonicalization - array vs. single value
Issue -
State: open - Opened by w3cbot almost 3 years ago
Labels: tracker, pending, close?, s:wot-thing-description
#122 - A security review; some nits
Issue -
State: closed - Opened by w3cbot about 3 years ago
- 3 comments
Labels: needs-resolution, pending, close?, s:web-share
#122 - A security review; some nits
Issue -
State: closed - Opened by w3cbot about 3 years ago
- 3 comments
Labels: needs-resolution, pending, close?, s:web-share
#121 - Split security & privacy considerations
Issue -
State: closed - Opened by w3cbot about 3 years ago
Labels: tracker, pending, s:web-share
#121 - Split security & privacy considerations
Issue -
State: closed - Opened by w3cbot about 3 years ago
Labels: tracker, pending, s:web-share
#120 - Supporting roaming authenticators
Issue -
State: open - Opened by w3cbot about 3 years ago
- 1 comment
Labels: needs-resolution, s:secure-payment-confirmation
#120 - Supporting roaming authenticators
Issue -
State: open - Opened by w3cbot about 3 years ago
- 1 comment
Labels: needs-resolution, s:secure-payment-confirmation
#118 - Privacy and Security Considerations section review for Personalization Semantics Content
Issue -
State: open - Opened by w3cbot about 3 years ago
Labels: tracker, pending, s:adapt
#117 - Security considerations
Issue -
State: open - Opened by w3cbot about 3 years ago
Labels: needs-resolution, pending, close?, s:dom, whatwg
#116 - Privacy/Security considerations section
Issue -
State: open - Opened by w3cbot about 3 years ago
Labels: needs-resolution, pending, close?, s:dom, whatwg
#115 - HTML WG 2021
Issue -
State: open - Opened by w3cbot about 3 years ago
Labels: needs-resolution, pending, close?, s:html
#115 - HTML WG 2021
Issue -
State: open - Opened by w3cbot about 3 years ago
Labels: needs-resolution, pending, close?, s:html
#114 - Limiting to http/https is limiting
Issue -
State: closed - Opened by w3cbot over 3 years ago
- 2 comments
Labels: tracker, pending, close?, s:web-share
#114 - Limiting to http/https is limiting
Issue -
State: closed - Opened by w3cbot over 3 years ago
- 2 comments
Labels: tracker, pending, close?, s:web-share
#110 - Add a CSP check to RTCPeerConnection.constructor().
Issue -
State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, close?, s:webrtc-extensions
#110 - Add a CSP check to RTCPeerConnection.constructor().
Issue -
State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, close?, s:webrtc-extensions
#107 - Related WebGPU/GL Security and Privacy Considerations
Issue -
State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, close?, s:webnn
#107 - Related WebGPU/GL Security and Privacy Considerations
Issue -
State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, close?, s:webnn
#104 - Agent Certificate has a circular dependency on itself
Issue -
State: open - Opened by w3cbot over 3 years ago
Labels: tracker, s:openscreenprotocol, pending, wg:secondscreen
#103 - Consider removing support for P-521
Issue -
State: open - Opened by w3cbot over 3 years ago
Labels: tracker, s:openscreenprotocol, pending, close?, wg:secondscreen
#103 - Consider removing support for P-521
Issue -
State: open - Opened by w3cbot over 3 years ago
Labels: tracker, s:openscreenprotocol, pending, close?
#102 - Do not use Distinguished Name to convey protocol details
Issue -
State: open - Opened by w3cbot over 3 years ago
Labels: tracker, s:openscreenprotocol, pending, wg:secondscreen
#101 - The keyUsage name is digitalSignature, not signing
Issue -
State: open - Opened by w3cbot over 3 years ago
Labels: tracker, s:openscreenprotocol, pending, close?
#101 - The keyUsage name is digitalSignature, not signing
Issue -
State: open - Opened by w3cbot over 3 years ago
Labels: tracker, s:openscreenprotocol, pending, close?, wg:secondscreen
#100 - Clarify the supported signature algorithms for certificates
Issue -
State: open - Opened by w3cbot over 3 years ago
Labels: tracker, s:openscreenprotocol, pending, close?, wg:secondscreen
#100 - Clarify the supported signature algorithms for certificates
Issue -
State: open - Opened by w3cbot over 3 years ago
Labels: tracker, s:openscreenprotocol, pending, close?
#99 - Certificates should have a maximum lifetime, and SPAKE2 identities should be SPKI not cert fingerprint
Issue -
State: open - Opened by w3cbot over 3 years ago
Labels: tracker, s:openscreenprotocol, pending, close?, wg:secondscreen
#98 - Add some security considerations for sites using this API
Issue -
State: open - Opened by w3cbot over 3 years ago
Labels: needs-resolution, pending, s:contact-picker, wg:das, wg:webapps
#94 - clarify fingerprinting text; perhaps bring sec/priv text into alignment with template
Issue -
State: open - Opened by w3cbot over 3 years ago
Labels: needs-resolution, pending, close?, wg:media
#93 - add security considerations section
Issue -
State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, close?, s:selection-api, wg:webediting
#92 - clarify the issue prompting the suggestion of transcoding images?
Issue -
State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, s:clipboard-apis, wg:webediting
#91 - make pasting/sanitizing section normative?
Issue -
State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, s:clipboard-apis, wg:webediting
#90 - Intentional manipulation of battery status
Issue -
State: closed - Opened by w3cbot over 3 years ago
- 1 comment
Labels: tracker, close?, s:media-capabilities, wg:media
#89 - Privacy review of ARIA in HTML (15th March 2021)
Issue -
State: open - Opened by w3cbot over 3 years ago
Labels: tracker, pending, close?, s:html-aria, wg:webapps
#85 - The "body" location value for security schemes is underspecified
Issue -
State: closed - Opened by w3cbot almost 4 years ago
- 1 comment
Labels: tracker, pending, close?, s:wot-thing-description, wg:wot
#85 - The "body" location value for security schemes is underspecified
Issue -
State: closed - Opened by w3cbot almost 4 years ago
- 1 comment
Labels: tracker, pending, close?, s:wot-thing-description
#84 - The "body" location value for security schemes is underspecified
Issue -
State: open - Opened by w3cbot almost 4 years ago
Labels: tracker, pending, close?, s:wot-thing-description
#84 - The "body" location value for security schemes is underspecified
Issue -
State: open - Opened by w3cbot almost 4 years ago
Labels: tracker, pending, close?, s:wot-thing-description, wg:wot
#83 - Links from sec/priv sections back to normative mitigations?
Issue -
State: open - Opened by w3cbot almost 4 years ago
- 1 comment
Labels: needs-resolution, pending, close?, s:device-posture, wg:das
#82 - Escape "<" and ">" in attributes
Issue -
State: open - Opened by w3cbot almost 4 years ago
Labels: tracker, pending, s:html, whatwg
#81 - Remove Cache-Control and Expires headers from the CORS-safelisted response headers to prevent user tracking
Issue -
State: open - Opened by w3cbot almost 4 years ago
Labels: tracker, pending, s:fetch, whatwg
#80 - [security] API key and PSK security schemes are not referenced or explained
Issue -
State: open - Opened by w3cbot almost 4 years ago
Labels: tracker, pending, close?, s:wot-thing-description, wg:wot
#80 - [security] API key and PSK security schemes are not referenced or explained
Issue -
State: open - Opened by w3cbot almost 4 years ago
Labels: tracker, pending, close?, s:wot-thing-description, wg:wot
#79 - add more discussion of sec and priv analysis; split sections
Issue -
State: open - Opened by w3cbot almost 4 years ago
Labels: needs-resolution, pending, s:battery-status, wg:das
#77 - How is WG authorizing RPCs?
Issue -
State: closed - Opened by w3cbot almost 4 years ago
- 1 comment
Labels: needs-resolution, pending, close?, wg:auto
#74 - IPv4 host parser + site definition seems potentially dangerous.
Issue -
State: open - Opened by w3cbot almost 4 years ago
Labels: tracker, pending, close?, s:url, whatwg
#73 - Normative security requirements ("ISSUE 1")
Issue -
State: open - Opened by w3cbot almost 4 years ago
Labels: tracker, pending, close?, s:screen-capture, wg:webrtc
#72 - Origin isolation
Issue -
State: open - Opened by w3cbot almost 4 years ago
- 1 comment
Labels: tracker, pending, s:mediacapture-streams, moved?, wg:webrtc
#71 - Expand on captureStream() for CORS-cross-origin media data
Issue -
State: open - Opened by w3cbot almost 4 years ago
Labels: tracker, pending, s:mediacapture-fromelement, wg:webrtc
#70 - Consider how to sign TDs in a directory service
Issue -
State: open - Opened by w3cbot about 4 years ago
Labels: tracker, pending, s:wot-discovery, wg:wot
#69 - Decide how to securely do notifications from a Directory
Issue -
State: open - Opened by w3cbot about 4 years ago
Labels: tracker, pending, s:wot-discovery, wg:wot
#68 - Should security be mandatory on directories for WoT Discovery?
Issue -
State: open - Opened by w3cbot about 4 years ago
Labels: tracker, pending, close?, s:wot-discovery
#68 - Should security be mandatory on directories for WoT Discovery?
Issue -
State: open - Opened by w3cbot about 4 years ago
Labels: tracker, pending, close?, s:wot-discovery, wg:wot
#67 - Disable prompting in third parties
Issue -
State: open - Opened by w3cbot about 4 years ago
Labels: tracker, pending, s:storage, whatwg
#66 - Mention Intersection Observer v2 in sec considerations
Issue -
State: open - Opened by w3cbot about 4 years ago
Labels: tracker, s:webauthn, pending, close?, wg:webauthn
#64 - Security review for Web Audio API 1.0
Issue -
State: open - Opened by w3cbot about 4 years ago
- 1 comment
Labels: tracker, pending, close?, s:webaudio, wg:audio
#63 - [css-conditional-3] Security review answers
Issue -
State: open - Opened by w3cbot about 4 years ago
Labels: tracker, pending, close?, s:css-conditional, wg:css
#62 - [css-color-4] Security: handling of color-profiles
Issue -
State: closed - Opened by w3cbot about 4 years ago
Labels: needs-resolution, pending, close?, s:css-color, wg:css
#61 - [CSS-COLOR-4] Security/Privacy: Incognito mode
Issue -
State: closed - Opened by w3cbot about 4 years ago
Labels: needs-resolution, pending, close?, s:css-color, wg:css
#60 - Remove hasEnrolledInstrument() from version 1.0
Issue -
State: open - Opened by w3cbot about 4 years ago
- 1 comment
Labels: tracker, s:payment-request, pending, close?, wg:payments
#59 - Consider using JOSE in Directory service to support object security
Issue -
State: open - Opened by w3cbot about 4 years ago
Labels: tracker, pending, s:wot-discovery, wg:wot
#58 - Review resurrected Cert, Public, and PoP SecuritySchemes
Issue -
State: open - Opened by w3cbot about 4 years ago
Labels: tracker, pending, close?, s:wot-thing-description, wg:wot
#57 - Create OAuth2 subclasses for each flow
Issue -
State: open - Opened by w3cbot about 4 years ago
Labels: tracker, pending, s:wot-thing-description, wg:wot
#56 - Security Review
Issue -
State: open - Opened by w3cbot about 4 years ago
Labels: needs-resolution, pending, close?, s:screen-wake-lock, wg:das
#55 - [css-color-4] Security Self-Review answers
Issue -
State: open - Opened by w3cbot about 4 years ago
Labels: tracker, pending, close?, s:css-color, wg:css
#54 - Add details about generic XRSpace and XRInputSource threats
Issue -
State: open - Opened by w3cbot about 4 years ago
Labels: tracker, pending, s:webxr, wg:immersive-web
#53 - Add appendix to privacy & security explainer showing table of threat vectors & mitigations
Issue -
State: open - Opened by w3cbot about 4 years ago
- 2 comments
Labels: tracker, pending, s:webxr, wg:immersive-web
#52 - Do not use allow="screen-wake-lock" for iframes
Issue -
State: open - Opened by w3cbot over 4 years ago
Labels: needs-resolution, pending, close?, s:screen-wake-lock, wg:das
#51 - User prompts to show an active screen-lock should have an associated domain
Issue -
State: open - Opened by w3cbot over 4 years ago
Labels: needs-resolution, pending, close?, s:screen-wake-lock, wg:das
#50 - How to specify desired accuracy / resolution of data?
Issue -
State: open - Opened by w3cbot over 4 years ago
- 2 comments
Labels: tracker, s:geolocation, wg:das