Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / w3c/webappsec-csp issues and pull requests

#681 - Dany

Issue - State: closed - Opened by Dannyss18 9 days ago
Labels: invalid

#680 - port-part being null is not handled

Issue - State: open - Opened by evilpie 19 days ago

#678 - "pre-navigation-check"

Issue - State: closed - Opened by mbrodesser-Igalia about 1 month ago

#676 - loading local stylesheets without self source

Issue - State: open - Opened by nizos about 2 months ago - 2 comments

#674 - Consider using SecurityPolicyViolationEvent.sourceFile a USVString

Issue - State: open - Opened by emilio 2 months ago - 1 comment

#673 - CSP spec not user-friendly

Issue - State: open - Opened by galund 2 months ago

#672 - CSP Report Does Not Reflect Redirected Blocked Domains

Issue - State: open - Opened by ConardLi 3 months ago - 7 comments

#671 - Queries about exfiltration?

Issue - State: closed - Opened by Blason 3 months ago - 2 comments

#668 - Fix .pr-preview.json

Pull Request - State: closed - Opened by lukewarlow 4 months ago - 2 comments

#667 - [Meta] PR Previews not working

Issue - State: closed - Opened by lukewarlow 4 months ago

#666 - "trusted-types-policy" missing from a violation's resource

Issue - State: closed - Opened by mbrodesser-Igalia 4 months ago - 1 comment

#665 - Add `trusted-types-eval` source expression for `script-src`

Pull Request - State: open - Opened by lukewarlow 4 months ago - 2 comments

#663 - Fix check of request initiator being "fetch"

Pull Request - State: open - Opened by antosart 4 months ago

#661 - Qqqq

Issue - State: closed - Opened by Nik12325 5 months ago

#660 - Request's initiator can't be "fetch"

Issue - State: open - Opened by zcorpan 5 months ago

#659 - Upstream Trusted Types enforcement in EnsureCSPDoesNotBlockStringCompilation

Pull Request - State: closed - Opened by lukewarlow 5 months ago - 5 comments

#658 - Possibility to block all javascript: URLs

Issue - State: open - Opened by Sjord 5 months ago - 3 comments

#657 - Correctly match `*` as a `host-part`.

Pull Request - State: closed - Opened by mikewest 5 months ago - 3 comments

#656 - host-part match doesn't handle *

Issue - State: closed - Opened by evilpie 6 months ago - 1 comment

#655 - Add notes about non-normativity.

Pull Request - State: closed - Opened by mikewest 6 months ago - 1 comment

#654 - Fix script post-request check for scripts allowed by hashes

Pull Request - State: closed - Opened by antosart 6 months ago

#653 - strict-dynamic and SRI

Issue - State: closed - Opened by annevk 6 months ago - 3 comments

#652 - Content Security Policy (CSP) Bypass via Same-Origin iFrames

Issue - State: closed - Opened by RedYetiDev 6 months ago - 1 comment

#651 - Upstream trusted type changes

Issue - State: open - Opened by lukewarlow 7 months ago - 1 comment

#649 - Document columnNumber format

Issue - State: open - Opened by stefnotch 7 months ago - 1 comment

#648 - Google Analytics URLs

Issue - State: open - Opened by cristiandelgadod 7 months ago - 1 comment

#647 - Confusion revolving around sandbox 'allow-top-navigation' directive

Issue - State: closed - Opened by franklyn07 7 months ago - 2 comments

#646 - Fix reference link for [TIMING]

Pull Request - State: closed - Opened by antosart 7 months ago

#644 - [TIMING] references broken

Issue - State: closed - Opened by bkardell 8 months ago

#642 - Add `[SecureContext]` tag to the interfaces

Pull Request - State: closed - Opened by OnkarRuikar 8 months ago - 1 comment

#639 - Add optional trailing dot to host-part

Pull Request - State: closed - Opened by SaeidEid 8 months ago - 1 comment

#638 - `service-worker-src` directive

Issue - State: open - Opened by bakkot 9 months ago

#637 - Resource hint: check directives explicitly

Pull Request - State: open - Opened by noamr 9 months ago

#635 - Does "Is Element Nonceable" apply to non-inline scripts?

Issue - State: open - Opened by evilpie 9 months ago - 1 comment

#634 - Chrome/Safari trim nonces

Issue - State: open - Opened by evilpie 9 months ago - 11 comments

#633 - Resource hint blocking / "least restrictive" as specified does nothing?

Issue - State: open - Opened by evilpie 9 months ago - 4 comments

#631 - Problem with SecurityPolicyViolationEvent constructor and optional init dict

Issue - State: closed - Opened by evilpie 10 months ago - 9 comments

#630 - Replace RFC7231 with RFC9110

Pull Request - State: closed - Opened by antosart 10 months ago

#628 - CSP:EE does not support Trusted Types CSP directives

Issue - State: open - Opened by tosmolka 10 months ago - 4 comments

#625 - Allow 'strict-dynamic' scripts to inject styles

Issue - State: open - Opened by vejja 11 months ago - 3 comments

#623 - Allow `script-src 'unsafe-hashes'` for `eval()` and `new Function`

Issue - State: open - Opened by nicolo-ribaudo 11 months ago - 8 comments

#623 - Allow `script-src 'unsafe-hashes'` for `eval()` and `new Function`

Issue - State: open - Opened by nicolo-ribaudo 11 months ago - 8 comments

#622 - Remove RECOMMENDATION to not send multiple CSP headers

Pull Request - State: closed - Opened by JannisBush about 1 year ago - 2 comments

#622 - Remove RECOMMENDATION to not send multiple CSP headers

Pull Request - State: closed - Opened by JannisBush about 1 year ago - 2 comments

#621 - [editorial] Make algorithm headers clickable

Pull Request - State: open - Opened by antosart about 1 year ago - 2 comments

#621 - [editorial] Make algorithm headers clickable

Pull Request - State: open - Opened by antosart about 1 year ago - 1 comment

#620 - CSP not working for certain hostnames

Issue - State: closed - Opened by enexusde about 1 year ago - 18 comments

#619 - [editorial] Add missing semicolons in example CSP

Pull Request - State: closed - Opened by antosart about 1 year ago

#619 - [editorial] Add missing semicolons in example CSP

Pull Request - State: closed - Opened by antosart about 1 year ago

#618 - Algorithms should be <dfn> in prose instead of linked to headers

Issue - State: open - Opened by johnathan79717 about 1 year ago - 6 comments

#618 - Algorithms should be <dfn> in prose instead of linked to headers

Issue - State: open - Opened by johnathan79717 about 1 year ago - 6 comments

#617 - Example 26 syntax error - missing 2 semicolons

Issue - State: closed - Opened by AlbertWiersch about 1 year ago

#617 - Example 26 syntax error - missing 2 semicolons

Issue - State: closed - Opened by AlbertWiersch about 1 year ago

#616 - [editorial] Fix typo

Pull Request - State: closed - Opened by antosart about 1 year ago

#616 - [editorial] Fix typo

Pull Request - State: closed - Opened by antosart about 1 year ago

#615 - Typo in 8.4 Allowing external JavaScript via hashes

Issue - State: closed - Opened by mauke about 1 year ago - 1 comment

#615 - Typo in 8.4 Allowing external JavaScript via hashes

Issue - State: closed - Opened by mauke about 1 year ago - 1 comment

#614 - [editorial] Change fallback effective directive to connect-src

Pull Request - State: closed - Opened by antosart about 1 year ago - 1 comment

#614 - [editorial] Change fallback effective directive to connect-src

Pull Request - State: closed - Opened by antosart about 1 year ago - 1 comment

#613 - [editorial] Fix reference to url

Pull Request - State: closed - Opened by antosart about 1 year ago

#613 - [editorial] Fix reference to url

Pull Request - State: closed - Opened by antosart about 1 year ago

#612 - Reference the strict-dynamic issue for inline scripts

Pull Request - State: closed - Opened by evilpie about 1 year ago - 1 comment

#612 - Reference the strict-dynamic issue for inline scripts

Pull Request - State: closed - Opened by evilpie about 1 year ago - 1 comment

#611 - Add `"json"` destination for `"connect-src"`

Pull Request - State: closed - Opened by nicolo-ribaudo about 1 year ago - 8 comments

#611 - Add `"json"` destination for `"connect-src"`

Pull Request - State: closed - Opened by nicolo-ribaudo about 1 year ago - 8 comments

#609 - Behavior of `worker-src 'strict-dynamic'`

Issue - State: open - Opened by evilpie about 1 year ago - 8 comments

#608 - Remove WPTs for spec-removed `navigate-to` directive

Issue - State: open - Opened by CanadaHonk over 1 year ago - 4 comments

#608 - Remove WPTs for spec-removed `navigate-to` directive

Issue - State: open - Opened by CanadaHonk over 1 year ago - 4 comments

#607 - Export DFNs used in Permissions-Policy

Pull Request - State: closed - Opened by arichiv over 1 year ago - 1 comment

#607 - Export DFNs used in Permissions-Policy

Pull Request - State: closed - Opened by arichiv over 1 year ago - 1 comment

#606 - [Editorial] Fix link to published CSP 2

Pull Request - State: closed - Opened by bwbroersma over 1 year ago - 1 comment

#606 - [Editorial] Fix link to published CSP 2

Pull Request - State: closed - Opened by bwbroersma over 1 year ago - 1 comment

#605 - [Editorial] Fix link to published CSP 2 in README.md

Issue - State: closed - Opened by bwbroersma over 1 year ago

#605 - [Editorial] Fix link to published CSP 2 in README.md

Issue - State: closed - Opened by bwbroersma over 1 year ago

#604 - Export DFNs used in Permissions-Policy

Issue - State: closed - Opened by arichiv over 1 year ago

#604 - Export DFNs used in Permissions-Policy

Issue - State: closed - Opened by arichiv over 1 year ago

#603 - GIAO DICH. NHAN. TIEN CHUYEN? TIEN TREN KHAP' THE' GIOI'

Issue - State: closed - Opened by 0924249460 over 1 year ago

#603 - GIAO DICH. NHAN. TIEN CHUYEN? TIEN TREN KHAP' THE' GIOI'

Issue - State: closed - Opened by 0924249460 over 1 year ago

#602 - [editorial] Fix reference to navigable

Pull Request - State: closed - Opened by antosart over 1 year ago - 2 comments

#602 - [editorial] Fix reference to navigable

Pull Request - State: closed - Opened by antosart over 1 year ago - 2 comments

#601 - [editorial] Remove backticks around null

Pull Request - State: closed - Opened by antosart over 1 year ago

#601 - [editorial] Remove backticks around null

Pull Request - State: closed - Opened by antosart over 1 year ago

#600 - [editorial] Add backticks around null

Pull Request - State: closed - Opened by antosart over 1 year ago - 2 comments