-
https://github.com/w3c/webappsec/pull/630
-
CSP:EE spec defines [Effective Directive Value](https://w3c.github.io/webappsec-cspee/#effective-directive) as a static list of supported CSP directives. CSP:EE was written before Trusted Types and th…
-
The `[[Create]]` internal method for `PublicKeyCredential` has the following [text](https://w3c.github.io/webauthn/#sctn-discover-from-external-source:~:text=If%20the%20relevant,relevant%20global%20ob…
-
## Request for Mozilla Position on an Emerging Web Specification
* Specification Title: Credential Management Level 1
* Specification or proposal URL (if available): https://w3c.github.io/webappse…
-
Currently, local schemes (such as `about:srcdoc`) do not inherit the PP header of their parents. This poses an issue if we have an origin A with a PP header of `microphone=(self)` which includes a `ab…
-
In https://w3c.github.io/webappsec-feature-policy/document-policy.html#relation-to-feature-policy, you suggest that a core distinction between FP and DP is the cascading inheritance model. In https://…
-
In [4.2.5 Should navigation request of type from source in target be blocked by Content Security Policy?](https://w3c.github.io/webappsec-csp/#should-block-navigation-request) step 3.1.1.1 is
> Let…
-
https://w3c.github.io/webappsec-credential-management/, especially the password mode, but possibly the federated mode.
@mikewest
-
Brief Summary: Assume a srcdoc iframe which applies a meta CSP using the keyword 'self'. What should 'self' resolve to?
Details from a discussion with Boris:
what's supposed to happen here per spe…
-
I've done some triage to figure out if there are additional items that warrant discussion. Building on #16 and what did not get addressed in yesterday's meeting, that gives:
4. Interaction of cross…