w3c / webappsec Public

Notifications You must be signed in to change notification settings
Fork 148
Star 607

Code
Issues 92
Pull requests 3
Actions
Projects
Wiki
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Wiki
Security
Insights

Issues: w3c/webappsec

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

92 Open 244 Closed

Author

Filter by author

Label

Filter by label

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Milestones

Filter by milestone

Assignee

Filter by who’s assigned

Assigned to nobody

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Issues list

Planning 2024-11-20.

#662 opened Oct 24, 2024 by mikewest

Surfacing capability URLs

#657 opened Sep 11, 2024 by yoavweiss

CSP and data exfiltration

#656 opened Sep 11, 2024 by yoavweiss

Revive require-sri-for?

#655 opened Sep 11, 2024 by yoavweiss

Note for Standardizing Security Semantics of Cross-Site Cookies

#653 opened Jul 8, 2024 by DCtheTall

Planning 2024-06-19 agenda

#652 opened May 15, 2024 by dveditz

"End-to-End Encryption email" is missing an actual proposal charter

#646 opened Mar 4, 2024 by plehegar

Support for clearing Client Hints in Clear-Site-Data header

#628 opened Jul 7, 2023 by arichiv

Different behavior with CSP and HTML imports

#616 opened Oct 22, 2022 by lmuntaner

Transfer issues to appropriate repos?

#601 opened Aug 12, 2021 by marcoscaceres

Move to auto-publish

#600 opened Aug 12, 2021 by marcoscaceres

[meta] Adopting the Sanitizer API charter

#596 opened Jul 12, 2021 by mozfreddyb

Concerns with moving to living standard model

#580 opened Apr 26, 2021 by pes10k

Web Applications should not have internet access by default

#578 opened Mar 30, 2021 by ghost

CSP: Allow precise control of cookies

#561 opened Dec 22, 2019 by sindastra

New permission to access a resource even when CORS headers are not set in the response

#560 opened Dec 19, 2019 by jarrodek

CSP and HTML Modules

#544 opened Jan 25, 2019 by dandclark

Distrusting the web server

#538 opened Nov 18, 2018 by llebout

Report Iframe nesting level instead of using frame-ancestors directive

#537 opened Oct 28, 2018 by moonyowl

Restricting JavaScript from accessing secrets

#536 opened Nov 14, 2017 by craigfrancis

Intersection Observer review

#533 opened Sep 15, 2017 by LJWatson

[SRI] Clarification regarding "Parse metadata" algorithm

#531 opened Jun 24, 2017 by hrj

#CredAPI Signing-Out: maybe user agent MUST provide UI for changing mediation?

#530 opened May 30, 2017 by yackermann

HPKP: Set Content-Type header field in reports

#526 opened Jan 30, 2017 by ScottHelme

[upgrade-insecure-requests] doc reference to wrong document

#525 opened Jan 9, 2017 by elinesterov

Previous 1 2 3 4 Next

Previous Next

ProTip! Follow long discussions with comments:>50.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly