Skip to content

Issues: w3c/security-review

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clear current search query, filters, and sorts
163 Open 11 Closed
163 Open 11 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Clarifications for getGamepads pending Issue created by the tracker tool and may need to be refined s:gamepad https://w3c.github.io/gamepad/ tracker Security is following a discussion, but doesn't require resolution. wg:webapps https://www.w3.org/groups/wg/webapps
#21 opened Feb 18, 2020 by plehegar
How do connection/disconnection events interact with 'device has been interacted with by the user'? pending Issue created by the tracker tool and may need to be refined s:gamepad https://w3c.github.io/gamepad/ tracker Security is following a discussion, but doesn't require resolution. wg:webapps https://www.w3.org/groups/wg/webapps
#22 opened Feb 18, 2020 by plehegar
Make getGamepads API asyncronous to support permission request close? pending Issue created by the tracker tool and may need to be refined s:gamepad https://w3c.github.io/gamepad/ tracker Security is following a discussion, but doesn't require resolution. wg:webapps https://www.w3.org/groups/wg/webapps
#23 opened Feb 18, 2020 by plehegar
Consider context by reference with metadata pending Issue created by the tracker tool and may need to be refined s:json-ld https://w3c.github.io/json-ld-syntax/ tracker Security is following a discussion, but doesn't require resolution. wg:json-ld https://www.w3.org/groups/wg/json-ld
#24 opened Feb 18, 2020 by plehegar
PING self review close? pending Issue created by the tracker tool and may need to be refined s:pub-manifest https://w3c.github.io/pub-manifest/ tracker Security is following a discussion, but doesn't require resolution. wg:pm https://www.w3.org/groups/wg/pm wg:publishing https://www.w3.org/groups/wg/publishing
#25 opened Feb 18, 2020 by plehegar
Access to magnetometer and potential security & privacy issues pending Issue created by the tracker tool and may need to be refined s:generic-sensor https://w3c.github.io/sensors/ tracker Security is following a discussion, but doesn't require resolution. wg:das https://www.w3.org/groups/wg/das
#26 opened Feb 18, 2020 by plehegar
Relation to Permissions API pending Issue created by the tracker tool and may need to be refined s:generic-sensor https://w3c.github.io/sensors/ tracker Security is following a discussion, but doesn't require resolution. wg:das https://www.w3.org/groups/wg/das
#27 opened Feb 18, 2020 by plehegar
Privacy - identifying parameters pending Issue created by the tracker tool and may need to be refined s:generic-sensor https://w3c.github.io/sensors/ tracker Security is following a discussion, but doesn't require resolution. wg:das https://www.w3.org/groups/wg/das
#28 opened Feb 18, 2020 by plehegar
Javascript 120Hz devicemotion events for high end inertial applications pending Issue created by the tracker tool and may need to be refined s:generic-sensor https://w3c.github.io/sensors/ tracker Security is following a discussion, but doesn't require resolution. wg:das https://www.w3.org/groups/wg/das
#29 opened Feb 18, 2020 by plehegar
Expose sensors to workers pending Issue created by the tracker tool and may need to be refined s:generic-sensor https://w3c.github.io/sensors/ tracker Security is following a discussion, but doesn't require resolution. wg:das https://www.w3.org/groups/wg/das
#30 opened Feb 18, 2020 by plehegar
Add display hints to data model, for example: information to use a Web Component close? pending Issue created by the tracker tool and may need to be refined s:vc-data-model https://w3c.github.io/vc-data-model/ tracker Security is following a discussion, but doesn't require resolution. wg:vc https://www.w3.org/groups/wg/vc
#31 opened Feb 18, 2020 by plehegar
id field in gamepad might have a persistent identifier? pending Issue created by the tracker tool and may need to be refined s:gamepad https://w3c.github.io/gamepad/ tracker Security is following a discussion, but doesn't require resolution. wg:webapps https://www.w3.org/groups/wg/webapps
#19 opened Feb 14, 2020 by plehegar
Security and privacy considerations for DOMHighResTimeStamp resolution pending Issue created by the tracker tool and may need to be refined s:hr-time https://w3c.github.io/hr-time/ tracker Security is following a discussion, but doesn't require resolution. wg:webperf https://www.w3.org/groups/wg/webperf
#20 opened Feb 14, 2020 by plehegar
Disable prompting in third parties pending Issue created by the tracker tool and may need to be refined s:storage https://storage.spec.whatwg.org/ tracker Security is following a discussion, but doesn't require resolution. whatwg https://whatwg.org/
#67 opened Nov 9, 2020 by w3cbot
Should security be mandatory on directories for WoT Discovery? close? pending Issue created by the tracker tool and may need to be refined s:wot-discovery https://w3c.github.io/wot-discovery/ tracker Security is following a discussion, but doesn't require resolution. wg:wot https://www.w3.org/groups/wg/wot
#68 opened Nov 17, 2020 by w3cbot
Decide how to securely do notifications from a Directory pending Issue created by the tracker tool and may need to be refined s:wot-discovery https://w3c.github.io/wot-discovery/ tracker Security is following a discussion, but doesn't require resolution. wg:wot https://www.w3.org/groups/wg/wot
#69 opened Nov 17, 2020 by w3cbot
Consider how to sign TDs in a directory service pending Issue created by the tracker tool and may need to be refined s:wot-discovery https://w3c.github.io/wot-discovery/ tracker Security is following a discussion, but doesn't require resolution. wg:wot https://www.w3.org/groups/wg/wot
#70 opened Nov 17, 2020 by w3cbot
Expand on captureStream() for CORS-cross-origin media data pending Issue created by the tracker tool and may need to be refined s:mediacapture-fromelement https://w3c.github.io/mediacapture-fromelement/ tracker Security is following a discussion, but doesn't require resolution. wg:webrtc https://www.w3.org/groups/wg/webrtc
#71 opened Nov 30, 2020 by w3cbot
Origin isolation moved? pending Issue created by the tracker tool and may need to be refined s:mediacapture-streams https://w3c.github.io/mediacapture-main/ tracker Security is following a discussion, but doesn't require resolution. wg:webrtc https://www.w3.org/groups/wg/webrtc
#72 opened Nov 30, 2020 by w3cbot
1
Normative security requirements ("ISSUE 1") close? pending Issue created by the tracker tool and may need to be refined s:screen-capture https://w3c.github.io/mediacapture-screen-share/ tracker Security is following a discussion, but doesn't require resolution. wg:webrtc https://www.w3.org/groups/wg/webrtc
#73 opened Nov 30, 2020 by w3cbot
IPv4 host parser + site definition seems potentially dangerous. close? pending Issue created by the tracker tool and may need to be refined s:url https://url.spec.whatwg.org/ tracker Security is following a discussion, but doesn't require resolution. whatwg https://whatwg.org/
#74 opened Nov 30, 2020 by w3cbot
Remove Cache-Control and Expires headers from the CORS-safelisted response headers to prevent user tracking pending Issue created by the tracker tool and may need to be refined s:fetch https://fetch.spec.whatwg.org/ tracker Security is following a discussion, but doesn't require resolution. whatwg https://whatwg.org/
#81 opened Dec 19, 2020 by w3cbot
Escape "<" and ">" in attributes pending Issue created by the tracker tool and may need to be refined s:html https://html.spec.whatwg.org/multipage/ tracker Security is following a discussion, but doesn't require resolution. whatwg https://whatwg.org/
#82 opened Dec 19, 2020 by w3cbot
[security] API key and PSK security schemes are not referenced or explained close? pending Issue created by the tracker tool and may need to be refined s:wot-thing-description https://w3c.github.io/wot-thing-description/ tracker Security is following a discussion, but doesn't require resolution. wg:wot https://www.w3.org/groups/wg/wot
#80 opened Dec 8, 2020 by w3cbot
The "body" location value for security schemes is underspecified close? pending Issue created by the tracker tool and may need to be refined s:wot-thing-description https://w3c.github.io/wot-thing-description/ tracker Security is following a discussion, but doesn't require resolution. wg:wot https://www.w3.org/groups/wg/wot
#84 opened Jan 21, 2021 by w3cbot
ProTip! Adding no:label will show everything without a label.