issues
search
w3c
/
webappsec
Web Application Security Working Group repo
https://www.w3.org/groups/wg/webappsec/
Other
605
stars
148
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Spelling corrections
#548
wseltzer
closed
5 years ago
0
What about Same-Origin Resource Sharing?
#546
pak0s
closed
5 years ago
7
Merge pull request #541 from w3c/wseltzer-patch-8
#545
ghost
closed
5 years ago
0
CSP and HTML Modules
#544
dandclark
opened
5 years ago
9
Prevent programmatic focus in iframe
#543
marian-r
closed
5 years ago
13
Updated the page title to 2019
#542
Dilski
closed
3 years ago
1
update link to Feature Policy
#541
wseltzer
closed
5 years ago
0
propose 2-year charter
#540
wseltzer
closed
5 years ago
0
Add Feature Policy to deliverables
#539
wseltzer
closed
5 years ago
0
Distrusting the web server
#538
llebout
opened
5 years ago
33
Report Iframe nesting level instead of using frame-ancestors directive
#537
moonyowl
opened
5 years ago
1
Restricting JavaScript from accessing secrets
#536
craigfrancis
opened
6 years ago
2
Added testing policy and fixed a few links
#535
plehegar
closed
6 years ago
0
'strict-dynamic' should not be bound to only nonces/hashes
#534
april
closed
6 years ago
2
Intersection Observer review
#533
LJWatson
opened
6 years ago
0
Content-Security-Policy didn't get into the IANA message header registry
#532
jyasskin
closed
2 years ago
2
[SRI] Clarification regarding "Parse metadata" algorithm
#531
hrj
opened
7 years ago
2
#CredAPI Signing-Out: maybe user agent MUST provide UI for changing mediation?
#530
yackermann
opened
7 years ago
1
Recommendations from charter review
#529
wseltzer
closed
7 years ago
0
CSP3: Provide a mechanism to override previous directives
#528
jwatt
closed
7 years ago
3
Clear-Site-Data header, typo in spec
#527
ScottHelme
closed
7 years ago
2
HPKP: Set Content-Type header field in reports
#526
ScottHelme
opened
7 years ago
4
[upgrade-insecure-requests] doc reference to wrong document
#525
elinesterov
opened
7 years ago
1
more realistic team-contact time
#524
wseltzer
closed
7 years ago
0
update IETF ref
#523
wseltzer
closed
7 years ago
0
Editorial changes
#522
wseltzer
closed
7 years ago
0
CSP: Specification of report-uri misleading
#521
sbrewell
closed
7 years ago
6
Clarify CSP header recommendations for non-HTML pages
#520
kravietz
opened
7 years ago
8
CSP in single-page applications
#519
MaceWindu
closed
4 years ago
0
update implementation report
#518
hillbrad
closed
7 years ago
1
Way to disown window.opener and become a secure context
#517
jakearchibald
closed
5 years ago
5
Fix Broken Link for Credential Management L1 TR
#516
JamesMilazzo
closed
8 years ago
1
CSP3: The effect of multiple policies
#515
april
opened
8 years ago
3
CSP2: Default value of default-src is incorrect
#514
april
opened
8 years ago
11
CSP: Consider dot-prefix domains for wildcard matching
#513
007
closed
6 years ago
1
Update csp impl report
#512
hillbrad
closed
8 years ago
2
Usage of referrerpolicy="no-referrer" for DoS attacks
#511
Yaffle
opened
8 years ago
0
Mark plugin-types as a non-default source
#510
oreoshake
closed
8 years ago
2
Improving preventDefault implementation
#509
paul-matthews
opened
8 years ago
1
CSP: Consider a flag to turn off console logging for Report-Only
#508
millisecond
opened
8 years ago
14
uisecurity bikeshed
#507
hillbrad
closed
8 years ago
2
[CSP] `keyword-source` rule's 'self' definition should allow for websocket connections to the same origin
#506
zdexter
closed
8 years ago
1
Definition of "potentially secure origin" says nonsensical things about "about", and makes about: URLs not potentially secure URLs
#505
bzbarsky
opened
8 years ago
0
[SRI] Shared Cache through `sharedcache` attribute
#504
brillout
closed
5 years ago
3
CSP: ECMA-262 does not define "operator eval"
#503
shekyan
closed
8 years ago
1
CSP: ECMA-262 doesn
#502
shekyan
closed
8 years ago
0
CSP: make available a reliable method for obtaining a reference to the global object
#501
michaelficarra
closed
8 years ago
4
CSP: Function called via [[Construct]] is the same as Function called via [[Call]]
#500
michaelficarra
closed
8 years ago
1
CSP: Identify enforced or report only policy in JSON
#499
ScottHelme
closed
8 years ago
2
CSP: clarify whitespace characters
#498
michaelficarra
closed
8 years ago
3
Previous
Next