Issues · w3c/webappsec-csp · GitHub

Labels Milestones

Ambiguity regarding frame-src enforcement for <object> and <embed> child navigables

#816

· nikosfanou opened

on May 22, 2026

Clarification RFC 7234 caches for present nonce-sources

#815

· codingjoe opened

on May 7, 2026

Clarify object-src behavior when plugin content has no associated URL

#814

· roberto-apple opened

on May 1, 2026

Embedded enforcement links are broken

#811

· domfarolino opened

on Apr 9, 2026

`frame-src` WPT test expects path to be stripped when loading cross-origin URL

#809

· TimvdLippe opened

on Mar 28, 2026

Proposal: CSP control over interactive HTTP authentication for subresources

#801

· nirmalk401 opened

on Feb 16, 2026

Integration point for WebDriver BiDi CSP bypass

addition/proposal

#798

· juliandescottes opened

on Feb 5, 2026

Providing a directive for XSLT

#797

· Tachi107 opened

on Jan 21, 2026

Attackers can exploit CSP to block requests to legitimate domains

addition/proposal

needs implementer interest

#792

· MartijnCuppens opened

on Nov 25, 2025

Broken links in Content Security Policy Level 3

#789

· dontcallmedom-bot opened

on Nov 3, 2025

Incorrect assertion in Obtain the deprecated serialization of violation

#788

· Lubrsi opened

on Oct 30, 2025

Incorrect assertion in form-action Pre-Navigation Check

#782

· Lubrsi opened

on Jul 28, 2025