w3c / webappsec-csp Public

Notifications
Fork 77
Star 200

Code
Issues 159
Pull requests 10
Actions
Projects 1
Wiki
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Wiki
Security
Insights

Issues: w3c/webappsec-csp

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

159 Open 233 Closed

Author

Filter by author

Label

Filter by label

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Milestones

Filter by milestone

Assignee

Filter by who’s assigned

Assigned to nobody

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Issues list

Request's initiator can't be "fetch"

#660 opened May 16, 2024 by zcorpan

Possibility to block all javascript: URLs

#658 opened Apr 30, 2024 by Sjord

Upstream trusted type changes

#651 opened Mar 14, 2024 by lukewarlow

Document columnNumber format

#649 opened Mar 13, 2024 by stefnotch

Google Analytics URLs

#648 opened Feb 29, 2024 by cristiandelgadod

"Is element nonceable" not applied to non-<script> elements in Chrome?

#643 opened Feb 12, 2024 by evilpie

service-worker-src directive

#638 opened Jan 17, 2024 by bakkot

Does "Is Element Nonceable" apply to non-inline scripts?

#635 opened Jan 12, 2024 by evilpie

Chrome/Safari trim nonces

#634 opened Jan 5, 2024 by evilpie

Resource hint blocking / "least restrictive" as specified does nothing?

#633 opened Dec 27, 2023 by evilpie

Some way to allow workers other than URL and strict-dynamic

#632 opened Dec 19, 2023 by bakkot

CSP:EE does not support Trusted Types CSP directives

#628 opened Dec 5, 2023 by tosmolka

Allow 'strict-dynamic' scripts to inject styles

#625 opened Nov 10, 2023 by vejja

frame-src using the fetch instead of the navigational check - can end up checking the wrong policies

#624 opened Nov 7, 2023 by antosart

Allow script-src 'unsafe-hashes' for eval() and new Function

#623 opened Nov 3, 2023 by nicolo-ribaudo

Algorithms should be <dfn> in prose instead of linked to headers

#618 opened Aug 30, 2023 by johnathan79717

CSP: Embedded Enforcement Links for issue 16 and 17 are dead

#610 opened Jul 7, 2023 by JannisBush

Behavior of worker-src 'strict-dynamic'

#609 opened Jul 5, 2023 by evilpie

Remove WPTs for spec-removed navigate-to directive

#608 opened Jun 27, 2023 by CanadaHonk

host-char mismatches with the URL Standard

#592 opened Mar 15, 2023 by annevk

Logic issue with resource hint check with multiple conflicting policies

#587 opened Jan 27, 2023 by noamr

Remove initialization hook

#581 opened Dec 1, 2022 by antosart

'report-hash': Adding hashes of blocked content to violation reports

#575 opened Oct 26, 2022 by arturjanc

Enable CSP3 'unsafe-hashes' for script src attributes

#574 opened Oct 26, 2022 by arturjanc

The editor's draft includes several features that no one has shipped.

#563 opened Sep 15, 2022 by mikewest

Previous 1 2 3 4 5 6 7 Next

Previous Next

ProTip! Type g i on any issue or pull request to go back to the issue listing page.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly