issues
search
w3c
/
webappsec-secure-contexts
WebAppSec Secure Contexts
https://w3c.github.io/webappsec-secure-contexts/
Other
33
stars
38
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Creator context security used incorrectly
#48
annevk
closed
6 years ago
2
Use pr-review tool
#47
plehegar
closed
7 years ago
0
Consider: isSecureContext should be [Unforgeable]
#46
DigiTec
closed
6 years ago
8
Section "Is origin potentially trustworthy?", step 8 of algorithm returns "Not Trusted"
#45
dbates-wk
closed
7 years ago
1
Section "Is origin potentially trustworthy?", second paragraph, second sentence does not read well
#44
dbates-wk
closed
7 years ago
1
Allow "localhost" as long as it actually resolves to a localhost address
#43
enygren
closed
7 years ago
9
Should opener be taken into consideration when determining if a context is secure?
#42
jakearchibald
closed
6 years ago
20
opener browsing context is not checked in normative text
#41
domenic
closed
7 years ago
2
Examples shouldn't rely on red/green.
#40
mikewest
closed
7 years ago
1
Transition to CR.
#39
mikewest
closed
6 years ago
4
Export the definition of non-secure context.
#38
jyasskin
closed
7 years ago
1
"creator `Document`" doesn't exist anymore.
#37
mikewest
closed
7 years ago
0
isSecureContext definition seems wrong in multi-global situations
#36
domenic
closed
7 years ago
1
Missing ""s when referring to results of "Is origin potentially trustworthy?
#35
domenic
closed
7 years ago
1
Missing " in "Is origin potentially trustworthy?"
#34
domenic
closed
7 years ago
1
Broken links and wrong definitions used
#33
domenic
closed
7 years ago
3
rendering bug: <a>s around [SecureContext]
#32
domenic
closed
7 years ago
1
Upstream shared worker modifications to HTML
#31
domenic
closed
7 years ago
0
Use WindowOrWorkerGlobalScope instead of separate Window and Worker partial interfaces
#30
domenic
closed
7 years ago
1
Request to participate
#29
rapcatcher801
closed
7 years ago
2
Consider whether sandboxed content should automatically be a secure context
#28
jwatt
closed
4 years ago
12
For sandboxed content, allow UAs to use the origin that would have been used if not sandboxed
#27
jwatt
closed
7 years ago
4
Sandboxed data: URI in a localhost page should be a Secure Context
#26
jwatt
closed
6 years ago
18
Respec reference database still lists this as "POWERFUL-FEATURES"
#25
mwatson2
closed
8 years ago
21
webappsec-secure-contexts
#24
m0ct3zum4
closed
8 years ago
0
SecureContext on attributes produces prototype mutations during realm creation
#23
esprehn
closed
7 years ago
7
Various fixes/improvements to the notes on the algorithms
#22
jwatt
closed
8 years ago
1
Remove the section on document.domain
#21
jwatt
closed
8 years ago
1
Rewrite and simpify algorithms to avoid iteration
#20
jwatt
closed
8 years ago
2
Update generated markup to that produced by the latest bikeshed
#19
jwatt
closed
8 years ago
0
Checking the opener browsing context is broken
#18
jwatt
closed
8 years ago
16
Example describing window.opener is garbled.
#17
jyasskin
closed
8 years ago
1
Clarification of changes to WebIDL
#16
deian
closed
8 years ago
4
Check that 'incumbent' is the right settings object.
#15
jyasskin
closed
8 years ago
8
Threat Model missing a treatment of user phishing
#14
noloader
closed
8 years ago
2
Public Key Pinning with Overrides breaks the presumptions of Secure Contexts
#13
noloader
closed
7 years ago
5
Fix non-secure schemes from https to http
#12
hashedhyphen
closed
8 years ago
2
The "This version" link at the top of the spec is broken
#11
jwatt
closed
8 years ago
1
Remove the risk of `document.domain`.
#10
mikewest
closed
8 years ago
24
Figure out how to manage normative dependencies to WHATWG HTML for features not in W3C HTML for CR/REC
#9
hillbrad
closed
4 years ago
11
Behavior of accessing properties in non-secure contexts
#8
jungkees
closed
8 years ago
1
Fix typo in ED URL
#7
molnarg
closed
8 years ago
1
Reconsider popups as secure contexts.
#6
mikewest
closed
8 years ago
9
<iframe sandbox srcdoc="foo"> on a secure page should be secure
#5
bzbarsky
closed
8 years ago
20
"Is origin potentially trustworthy" algorithm assumes origins have scheme and host components
#4
bzbarsky
closed
8 years ago
8
Consider linking to just the WHATWG version of HTML5 or just the W3C version
#3
jwatt
closed
8 years ago
1
Specification does not justify its necessity for existence
#2
IanKemp
closed
7 years ago
3
Consider changing the link for 'origin'
#1
jwatt
closed
8 years ago
4
Previous