-
```
What steps will reproduce the problem?
1. Add the following string to a URL that loads rsh.js:
#foobar'onload='alert("XSS")
What is the expected output? What do you see instead?
Expected b…
-
**update 18-Nov-2021**: a good portion of the problems identified by this issue were fixed with merging of PR #100, although more work remains as @mikewest notes at a high level in https://github.com…
-
Spec says that lineNumber and columnNumber in FeaturePolicyViolationReportBody interface are "long?". They should be "unsigned long?" to be consistent with DeprecationReportBody and InterventionRepor…
-
**Describe the bug**
`Error with Permissions-Policy header: Unrecognized feature: 'ch-ua-form-factor'.`
This warning is shown in console on all pages that have a Google Pay element loaded. It se…
-
I can see that the original `webrtc` feature got pulled into two separate things (`getUserMedia` and `webrtc`) but now `webrtc` doesn't exist? Can someone explain why? Came across some third party cod…
-
## :rocket: Feature
Set a redirect from `/.well-known/change-password` to the change password page (`/settings/security`). This will enable password managers to navigate your users directly to that p…
-
### Steps to reproduce the problem
1. Add ONE_CLICK_SSO_LOGIN=true as a setting
2. Click "login or register"
...
### Expected behaviour
Redirect to the SAML IdP
### Actual behaviour
Nothing
…
-
Edit, see:
> the proposal
https://github.com/w3c/webappsec-feature-policy/issues/175#issuecomment-458842319
[Spatial navigation](https://wicg.github.io/spatial-navigation/) give users the a…
-
A simple use case that I can't figure out how to implement with the current spec is: "require integrity for all script loads"
I am beginning to think that instead of a new "integrity-policy" directiv…
-
wrt https://github.com/w3c/webauthn/issues/911 "integrate with feature policy..." (see also https://github.com/w3c/webappsec-feature-policy/issues/168 and https://github.com/w3c/webappsec-feature-poli…