-
The Note on [Privacy and Security Considerations](https://www.w3.org/TR/mediacapture-streams/#privacy-and-security-considerations) describes an onus on "developers of sites” that is muddied by the ori…
-
## Description
Brave returns an unexpected `document location.origin` when browsing on pages through the `ipfs:` and `ipns:` protocol schemes. Other properties in the location object (e.g. .protocol…
da2x updated
8 months ago
-
## Request for Mozilla Position on intent to ship an Emerging Web Specification
* Specification Title: Content Security Policy (update for WebAssembly)
* Specification or proposal URL: Minimal spe…
-
https://w3c.github.io/webappsec-trusted-types/dist/spec/ (Trusted Types) is a dead link
-
Since `clear-site-data` is "[only respected on responses fetched over network, and not those served by a service worker](https://w3c.github.io/webappsec-clear-site-data/#service-workers)", it can't be…
-
currently the notion of a "[policy-controlled feature token](https://w3c.github.io/webappsec-permissions-policy/#:~:text=policy-controlled%20features%20are%20identified%20by%20tokens)" (related: "name…
-
This might split off into a dozen issues, but let's start with one.
In solid today, every application has the same access to your pod. It can read all your data, delete all your data, and write new …
-
JavaScript is capable of loading other scripts (e.g. [static and dynamic import](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/import)).
But it can also load modules li…
-
Part of this is tracked by #5168 where I think we have good solutions for initial about:blank. #4916 tracks this for COEP.
`data:` cannot work as it's not a secure context.
`about:blank` and `bl…
-
## Request for Mozilla Position on an Emerging Web Specification
* Specification Title: Credential Management Level 1
* Specification or proposal URL: https://w3c.github.io/webappsec-credential-ma…