-
-
rfc9421-sri-profile Public
A profile of HTTP Message Signatures appropriate for integrity/provenance validation.
-
-
ServiceWorker Public
Forked from w3c/ServiceWorkerService Workers
Bikeshed Other UpdatedMar 12, 2026 -
sanitizer-playground Public
A demonstration of the HTML Sanitizer API.
-
install-element Public
Forked from WICG/install-elementAn `<install>` element might be nice.
JavaScript Creative Commons Attribution 4.0 International UpdatedFeb 16, 2026 -
-
origin-api Public archive
An `Origin` object might be nice to have.
-
-
Explainer for the PEPC feature
Bikeshed Other UpdatedNov 18, 2025 -
-
-
a-priori-resource-assertions Public
Wouldn't it be nice if we could know things about a server's response _before_ we receive it?
-
webappsec-dbsc Public
Forked from w3c/webappsec-dbscDevice Bound Session Credentials: A Protocol for Protecting From Cookie Theft
Bikeshed Other UpdatedAug 21, 2025 -
incentivize-origin-checks Public
Perhaps we can help developers prioritize origin checks in `MessageEvent` handlers.
1 UpdatedJul 23, 2025 -
-
-
observable Public
Forked from WICG/observableObservable API proposal
Bikeshed Other UpdatedFeb 27, 2025 -
draft-pardue-http-identity-digest Public
Forked from LPardue/draft-pardue-http-identity-digestA field to send the unencoded digest of HTTP things
Makefile Other UpdatedDec 6, 2024 -
-
-
securer-contexts Public archive
Secure Contexts, but with _more_ secureness!
-
-
-
-
content Public
Forked from mdn/contentThe content behind MDN Web Docs
Markdown Other UpdatedNov 9, 2023 -
deprecating-document-domain Public
`document.domain` intentionally weakens the only security boundary we have. Perhaps we can dump it?
-
summernote Public
Forked from summernote/summernoteSuper simple WYSIWYG editor
JavaScript MIT License UpdatedSep 20, 2023 -
-
baseline-header Public
What if developers could opt-into better default behaviors en masse, forcing them to pick and choose the legacy risks they want to enable.
19 UpdatedJan 9, 2023
{{ message }}