Skip to content

Issues: w3c/webappsec-csp

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

174 Open 255 Closed
174 Open 255 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Strict-Dynamic CSP doesn't prevent execution of parser inserted scripts via document.createRange().createContextualFragment
#708 opened Feb 26, 2025 by andreituicu
"source file" lacks a real defintion clarification The standard is unclear or ambiguous interop Implementations are not interoperable with each other
#707 opened Feb 14, 2025 by evilpie
2
connect-src test suite allows multiple non-interopable implementations. interop Implementations are not interoperable with each other
#706 opened Jan 30, 2025 by lukewarlow
7
Clipping of violation’s sample to the 40 first characters needs tests Moving the issue forward requires someone to write tests
#704 opened Jan 23, 2025 by fred-wang
6
How to specify 2 endpoints for Reporting-Endpoints? meta Tasks and questions outside the content of the standard
#701 opened Jan 15, 2025 by SwiftExtender
2
EnsureCSPDoesNotBlockStringCompilation: calling "Get Trusted Type compliant string" editorial Changes that do not affect how the standard is understood
#698 opened Dec 4, 2024 by fred-wang
EnsureCSPDoesNotBlockStringCompilation: Explain why we need to check TrustedScript's data (and add tests)
#697 opened Dec 4, 2024 by fred-wang
https://w3c.github.io/webappsec-csp/#report-violation invokes "Queue a task" without passing a task source
#696 opened Dec 2, 2024 by mbrodesser-Igalia
Allow RFC3986 scheme relative URIs in host-source
#694 opened Nov 27, 2024 by Mahoney
2
Consider recommending the usage of events instead of CSP reports for CSP WPTs editorial Changes that do not affect how the standard is understood
#690 opened Nov 19, 2024 by mbrodesser-Igalia
Should "Should navigation request of type be blocked by Content Security Policy?" set the violation object's element? clarification The standard is unclear or ambiguous editorial Changes that do not affect how the standard is understood
#687 opened Oct 24, 2024 by mbrodesser-Igalia
5
Introduce 'connect-certificate-hash' for WebTransport needs concrete proposal Moving the issue forward requires someone to figure out a detailed plan
#683 opened Oct 8, 2024 by jan-ivar
3
port-part being null is not handled editorial Changes that do not affect how the standard is understood
#680 opened Sep 13, 2024 by evilpie
Feedback request on not capturing the caller in new Function and indirect eval addition/proposal New features or enhancements needs concrete proposal Moving the issue forward requires someone to figure out a detailed plan
#679 opened Sep 4, 2024 by nicolo-ribaudo
Should font-src reporting kick in on font-face reference or font request? agenda+ To be discussed at a triage meeting
#677 opened Aug 22, 2024 by robinwhittleton
6
loading local stylesheets without self source needs concrete proposal Moving the issue forward requires someone to figure out a detailed plan
#676 opened Aug 13, 2024 by nizos
2
Consider using SecurityPolicyViolationEvent.sourceFile a USVString needs concrete proposal Moving the issue forward requires someone to figure out a detailed plan
#674 opened Jul 31, 2024 by emilio
1
CSP spec not user-friendly needs concrete proposal Moving the issue forward requires someone to figure out a detailed plan
#673 opened Jul 23, 2024 by galund
CSP Report Does Not Reflect Redirected Blocked Domains wontfix This proposal or request will not be implemented
#672 opened Jul 15, 2024 by ConardLi
8
Add new CSP sandbox directive to allow SameSite=None cookies on top-level frames agenda+ To be discussed at a triage meeting
#664 opened May 24, 2024 by DCtheTall
7
frame-src is not effective in restricting the possible origins of subframes needs concrete proposal Moving the issue forward requires someone to figure out a detailed plan
#662 opened May 21, 2024 by antosart
3
Possibility to block all javascript: URLs needs concrete proposal Moving the issue forward requires someone to figure out a detailed plan
#658 opened Apr 30, 2024 by Sjord
3
Upstream trusted type changes agenda+ To be discussed at a triage meeting needs concrete proposal Moving the issue forward requires someone to figure out a detailed plan
#651 opened Mar 14, 2024 by lukewarlow
1
Document columnNumber format editorial Changes that do not affect how the standard is understood
#649 opened Mar 13, 2024 by stefnotch
1
Google Analytics URLs needs concrete proposal Moving the issue forward requires someone to figure out a detailed plan
#648 opened Feb 29, 2024 by cristiandelgadod
1
ProTip! Find all open issues with in progress development work with linked:pr.