Ecosyste.ms: Issues
An open API service for providing issue and pull request metadata for open source projects.
GitHub / w3c/webappsec-csp issues and pull requests
#681 - Dany
Issue -
State: closed - Opened by Dannyss18 9 days ago
Labels: invalid
#680 - port-part being null is not handled
Issue -
State: open - Opened by evilpie 19 days ago
#679 - Feedback request on not capturing the caller in `new Function` and indirect `eval`
Issue -
State: open - Opened by nicolo-ribaudo 28 days ago
#678 - "pre-navigation-check"
Issue -
State: closed - Opened by mbrodesser-Igalia about 1 month ago
#677 - Should font-src reporting kick in on font-face reference or font request?
Issue -
State: open - Opened by robinwhittleton about 1 month ago
- 6 comments
#676 - loading local stylesheets without self source
Issue -
State: open - Opened by nizos about 2 months ago
- 2 comments
#674 - Consider using SecurityPolicyViolationEvent.sourceFile a USVString
Issue -
State: open - Opened by emilio 2 months ago
- 1 comment
#673 - CSP spec not user-friendly
Issue -
State: open - Opened by galund 2 months ago
#672 - CSP Report Does Not Reflect Redirected Blocked Domains
Issue -
State: open - Opened by ConardLi 3 months ago
- 7 comments
#671 - Queries about exfiltration?
Issue -
State: closed - Opened by Blason 3 months ago
- 2 comments
#670 - Even though I have domains specified in the CSP policy violations still appear
Issue -
State: closed - Opened by Blason 3 months ago
- 2 comments
#669 - `report-sample` is not checked when firing "securitypolicyviolation" events
Issue -
State: closed - Opened by mbrodesser-Igalia 3 months ago
- 1 comment
#668 - Fix .pr-preview.json
Pull Request -
State: closed - Opened by lukewarlow 4 months ago
- 2 comments
#667 - [Meta] PR Previews not working
Issue -
State: closed - Opened by lukewarlow 4 months ago
#666 - "trusted-types-policy" missing from a violation's resource
Issue -
State: closed - Opened by mbrodesser-Igalia 4 months ago
- 1 comment
#665 - Add `trusted-types-eval` source expression for `script-src`
Pull Request -
State: open - Opened by lukewarlow 4 months ago
- 2 comments
#664 - Add new CSP sandbox directive to allow SameSite=None cookies on top-level frames
Issue -
State: open - Opened by DCtheTall 4 months ago
- 7 comments
#663 - Fix check of request initiator being "fetch"
Pull Request -
State: open - Opened by antosart 4 months ago
#662 - frame-src is not effective in restricting the possible origins of subframes
Issue -
State: open - Opened by antosart 4 months ago
#661 - Qqqq
Issue -
State: closed - Opened by Nik12325 5 months ago
#660 - Request's initiator can't be "fetch"
Issue -
State: open - Opened by zcorpan 5 months ago
#659 - Upstream Trusted Types enforcement in EnsureCSPDoesNotBlockStringCompilation
Pull Request -
State: closed - Opened by lukewarlow 5 months ago
- 5 comments
#658 - Possibility to block all javascript: URLs
Issue -
State: open - Opened by Sjord 5 months ago
- 3 comments
#657 - Correctly match `*` as a `host-part`.
Pull Request -
State: closed - Opened by mikewest 5 months ago
- 3 comments
#656 - host-part match doesn't handle *
Issue -
State: closed - Opened by evilpie 6 months ago
- 1 comment
#655 - Add notes about non-normativity.
Pull Request -
State: closed - Opened by mikewest 6 months ago
- 1 comment
#654 - Fix script post-request check for scripts allowed by hashes
Pull Request -
State: closed - Opened by antosart 6 months ago
#653 - strict-dynamic and SRI
Issue -
State: closed - Opened by annevk 6 months ago
- 3 comments
#652 - Content Security Policy (CSP) Bypass via Same-Origin iFrames
Issue -
State: closed - Opened by RedYetiDev 6 months ago
- 1 comment
#651 - Upstream trusted type changes
Issue -
State: open - Opened by lukewarlow 7 months ago
- 1 comment
#650 - Update EnsureCSPDoesNotBlockStringCompilation to match updated HostEnsureCanCompileStrings definition
Pull Request -
State: closed - Opened by lukewarlow 7 months ago
- 4 comments
#649 - Document columnNumber format
Issue -
State: open - Opened by stefnotch 7 months ago
- 1 comment
#648 - Google Analytics URLs
Issue -
State: open - Opened by cristiandelgadod 7 months ago
- 1 comment
#647 - Confusion revolving around sandbox 'allow-top-navigation' directive
Issue -
State: closed - Opened by franklyn07 7 months ago
- 2 comments
#646 - Fix reference link for [TIMING]
Pull Request -
State: closed - Opened by antosart 7 months ago
#645 - Remove required condition on the attributes fror SecurityPolicyViolationEventInit dict
Pull Request -
State: closed - Opened by SaeidEid 7 months ago
#644 - [TIMING] references broken
Issue -
State: closed - Opened by bkardell 8 months ago
#643 - "Is element nonceable" not applied to non-<script> elements in Chrome?
Issue -
State: open - Opened by evilpie 8 months ago
#642 - Add `[SecureContext]` tag to the interfaces
Pull Request -
State: closed - Opened by OnkarRuikar 8 months ago
- 1 comment
#640 - Why is the Content-Security-Policy-Report-Only header field not supported in `<meta>` elements?
Issue -
State: closed - Opened by mbrodesser-Igalia 8 months ago
- 5 comments
#639 - Add optional trailing dot to host-part
Pull Request -
State: closed - Opened by SaeidEid 8 months ago
- 1 comment
#638 - `service-worker-src` directive
Issue -
State: open - Opened by bakkot 9 months ago
#637 - Resource hint: check directives explicitly
Pull Request -
State: open - Opened by noamr 9 months ago
#636 - Is-element-nonceable should check if the attribute's name |contains| <script or <style>
Pull Request -
State: closed - Opened by evilpie 9 months ago
#635 - Does "Is Element Nonceable" apply to non-inline scripts?
Issue -
State: open - Opened by evilpie 9 months ago
- 1 comment
#634 - Chrome/Safari trim nonces
Issue -
State: open - Opened by evilpie 9 months ago
- 11 comments
#633 - Resource hint blocking / "least restrictive" as specified does nothing?
Issue -
State: open - Opened by evilpie 9 months ago
- 4 comments
#632 - Some way to allow workers other than URL and strict-dynamic
Issue -
State: open - Opened by bakkot 10 months ago
#631 - Problem with SecurityPolicyViolationEvent constructor and optional init dict
Issue -
State: closed - Opened by evilpie 10 months ago
- 9 comments
#630 - Replace RFC7231 with RFC9110
Pull Request -
State: closed - Opened by antosart 10 months ago
#629 - Normative references to discontinued specs in Content Security Policy Level 3
Issue -
State: closed - Opened by dontcallmedom-bot 10 months ago
#628 - CSP:EE does not support Trusted Types CSP directives
Issue -
State: open - Opened by tosmolka 10 months ago
- 4 comments
#625 - Allow 'strict-dynamic' scripts to inject styles
Issue -
State: open - Opened by vejja 11 months ago
- 3 comments
#624 - frame-src using the fetch instead of the navigational check - can end up checking the wrong policies
Issue -
State: open - Opened by antosart 11 months ago
#624 - frame-src using the fetch instead of the navigational check - can end up checking the wrong policies
Issue -
State: open - Opened by antosart 11 months ago
#623 - Allow `script-src 'unsafe-hashes'` for `eval()` and `new Function`
Issue -
State: open - Opened by nicolo-ribaudo 11 months ago
- 8 comments
#623 - Allow `script-src 'unsafe-hashes'` for `eval()` and `new Function`
Issue -
State: open - Opened by nicolo-ribaudo 11 months ago
- 8 comments
#622 - Remove RECOMMENDATION to not send multiple CSP headers
Pull Request -
State: closed - Opened by JannisBush about 1 year ago
- 2 comments
#622 - Remove RECOMMENDATION to not send multiple CSP headers
Pull Request -
State: closed - Opened by JannisBush about 1 year ago
- 2 comments
#621 - [editorial] Make algorithm headers clickable
Pull Request -
State: open - Opened by antosart about 1 year ago
- 2 comments
#621 - [editorial] Make algorithm headers clickable
Pull Request -
State: open - Opened by antosart about 1 year ago
- 1 comment
#620 - CSP not working for certain hostnames
Issue -
State: closed - Opened by enexusde about 1 year ago
- 18 comments
#619 - [editorial] Add missing semicolons in example CSP
Pull Request -
State: closed - Opened by antosart about 1 year ago
#619 - [editorial] Add missing semicolons in example CSP
Pull Request -
State: closed - Opened by antosart about 1 year ago
#618 - Algorithms should be <dfn> in prose instead of linked to headers
Issue -
State: open - Opened by johnathan79717 about 1 year ago
- 6 comments
#618 - Algorithms should be <dfn> in prose instead of linked to headers
Issue -
State: open - Opened by johnathan79717 about 1 year ago
- 6 comments
#617 - Example 26 syntax error - missing 2 semicolons
Issue -
State: closed - Opened by AlbertWiersch about 1 year ago
#617 - Example 26 syntax error - missing 2 semicolons
Issue -
State: closed - Opened by AlbertWiersch about 1 year ago
#616 - [editorial] Fix typo
Pull Request -
State: closed - Opened by antosart about 1 year ago
#616 - [editorial] Fix typo
Pull Request -
State: closed - Opened by antosart about 1 year ago
#615 - Typo in 8.4 Allowing external JavaScript via hashes
Issue -
State: closed - Opened by mauke about 1 year ago
- 1 comment
#615 - Typo in 8.4 Allowing external JavaScript via hashes
Issue -
State: closed - Opened by mauke about 1 year ago
- 1 comment
#614 - [editorial] Change fallback effective directive to connect-src
Pull Request -
State: closed - Opened by antosart about 1 year ago
- 1 comment
#614 - [editorial] Change fallback effective directive to connect-src
Pull Request -
State: closed - Opened by antosart about 1 year ago
- 1 comment
#613 - [editorial] Fix reference to url
Pull Request -
State: closed - Opened by antosart about 1 year ago
#613 - [editorial] Fix reference to url
Pull Request -
State: closed - Opened by antosart about 1 year ago
#612 - Reference the strict-dynamic issue for inline scripts
Pull Request -
State: closed - Opened by evilpie about 1 year ago
- 1 comment
#612 - Reference the strict-dynamic issue for inline scripts
Pull Request -
State: closed - Opened by evilpie about 1 year ago
- 1 comment
#611 - Add `"json"` destination for `"connect-src"`
Pull Request -
State: closed - Opened by nicolo-ribaudo about 1 year ago
- 8 comments
#611 - Add `"json"` destination for `"connect-src"`
Pull Request -
State: closed - Opened by nicolo-ribaudo about 1 year ago
- 8 comments
#610 - CSP: Embedded Enforcement Links for issue 16 and 17 are dead
Issue -
State: open - Opened by JannisBush about 1 year ago
#610 - CSP: Embedded Enforcement Links for issue 16 and 17 are dead
Issue -
State: open - Opened by JannisBush about 1 year ago
#609 - Behavior of `worker-src 'strict-dynamic'`
Issue -
State: open - Opened by evilpie about 1 year ago
- 8 comments
#608 - Remove WPTs for spec-removed `navigate-to` directive
Issue -
State: open - Opened by CanadaHonk over 1 year ago
- 4 comments
#608 - Remove WPTs for spec-removed `navigate-to` directive
Issue -
State: open - Opened by CanadaHonk over 1 year ago
- 4 comments
#607 - Export DFNs used in Permissions-Policy
Pull Request -
State: closed - Opened by arichiv over 1 year ago
- 1 comment
#607 - Export DFNs used in Permissions-Policy
Pull Request -
State: closed - Opened by arichiv over 1 year ago
- 1 comment
#606 - [Editorial] Fix link to published CSP 2
Pull Request -
State: closed - Opened by bwbroersma over 1 year ago
- 1 comment
#606 - [Editorial] Fix link to published CSP 2
Pull Request -
State: closed - Opened by bwbroersma over 1 year ago
- 1 comment
#605 - [Editorial] Fix link to published CSP 2 in README.md
Issue -
State: closed - Opened by bwbroersma over 1 year ago
#605 - [Editorial] Fix link to published CSP 2 in README.md
Issue -
State: closed - Opened by bwbroersma over 1 year ago
#604 - Export DFNs used in Permissions-Policy
Issue -
State: closed - Opened by arichiv over 1 year ago
#604 - Export DFNs used in Permissions-Policy
Issue -
State: closed - Opened by arichiv over 1 year ago
#603 - GIAO DICH. NHAN. TIEN CHUYEN? TIEN TREN KHAP' THE' GIOI'
Issue -
State: closed - Opened by 0924249460 over 1 year ago
#603 - GIAO DICH. NHAN. TIEN CHUYEN? TIEN TREN KHAP' THE' GIOI'
Issue -
State: closed - Opened by 0924249460 over 1 year ago
#602 - [editorial] Fix reference to navigable
Pull Request -
State: closed - Opened by antosart over 1 year ago
- 2 comments
#602 - [editorial] Fix reference to navigable
Pull Request -
State: closed - Opened by antosart over 1 year ago
- 2 comments
#601 - [editorial] Remove backticks around null
Pull Request -
State: closed - Opened by antosart over 1 year ago
#601 - [editorial] Remove backticks around null
Pull Request -
State: closed - Opened by antosart over 1 year ago
#600 - [editorial] Add backticks around null
Pull Request -
State: closed - Opened by antosart over 1 year ago
- 2 comments