赞
踩
From https://chromestatus.com/features
Chrome’s implementation of Web Bluetooth does not have a way for websites to get a list of permitted devices. This feature adds the Bluetooth.getDevices() and BluetoothDevice.forget methods. getDevices() will return a list of BluetoothDevice objects that the current origin has been granted permission to use by the user. forget() will allow web developers to voluntarily revoke a permission to a BluetoothDevice that was granted by a user.
The @property rule is an alternative way to register a custom property without JavaScript.
AVIF is a next generation image format standardized by the Alliance for Open Media. This feature supports adding decode support for AVIF content natively into the browser via existing AV1 decoders.
Lets a web application register shortcuts for common tasks. These would typically be added to the app launcher icon (for a progressive web app) enabling the user to quickly run key tasks.
Chrome CORS checked Access-Control-Allow-Headers and Access-Control-Allow-Methods headers in a relaxed manner and didn’t follow the ABNF that spec defined.
After Chrome 85, CORS checks follow the standardized ABNF.
The color-scheme property from CSS Color Adjustment level 1 spec changed in two ways.
The ‘only’ keyword is no longer special and is treated as a <custom-ident>
as any other unknown color-scheme. The ‘only’ keyword was previously only allowed in combination with ‘light’, but had otherwise no effect in Chrome.
‘color-scheme: dark’ will have a used value of ‘dark’ even when preferred color-scheme is ‘light’. ‘color-scheme: light dark’ still has a used values based on the preferred scheme.
CSS content-visibility property
Adds a CSS property called content-visibility, which allows automatic or script management of content visibility. When hidden, the element’s contents (subtree or replaced element contents) are not drawn or hit-tested and have CSS containment applied, allowing for rendering optimizations. The ‘auto’ keyword allows for the user-agent to manage content visibility based on proximity to the viewport, whereas ‘hidden’ keyword allows full script control of content visibility.
CSS counter-set is an additional property introduced in css-lists-3 to control counters by setting an existing counter to a specified value. This builds upon other implemented counter control properties, specifically counter-reset (which creates a new counter with a specified value) and counter-increment (which increments an existing counter by a specified amount).
Treat cookies as SameSite=Lax by default if no SameSite attribute is specified. Developers are still able to opt-in to the status quo of unrestricted use by explicitly asserting SameSite=None.
This feature is available as of Chrome 76 by enabling the same-site-by-default-cookies flag.
This feature will be rolled out gradually to Stable users starting July 14, 2020. See https://www.chromium.org/updates/same-site for full timeline and more details.
Monitoring event latency requires an event listener. This precludes measuring event latency early in page load, and adds unnecessary performance overhead. The Event Timing API will enable web developers to measure event latency both before and after the page load.
Allow web developers to access pictureInPictureWindow in leavepictureinpicture event.
Adds a feature policy (aka permission policy) flags for the Clipboard API. The flag names will be ‘clipboard-read’ and ‘clipboard-write’, to be consistent with the Clipboard API permissions, as feature policy is now merged with permissions and renamed to permissions policy.
The Get Installed Related Apps API (navigator.getInstalledRelatedApps) provides sites access to if their corresponding related applications are installed. Sites are only allowed to use this API if the native application has an established association with the web origin.
The API was launched in Chrome 80. You can find details here: https://web.dev/get-installed-related-apps/
Change Chrome’s behavior such that when a scrollable element has content overflowing to the left (or to the top) then its horizontal (or vertical) scroll position will be zero at its initial position and negative when scrolled leftward (or upward).
This change only affects DOM API Element.scrollLeft(), Element.scrollTop(), Element.scroll(), Element.scrollTo() when the scrollable element has a non-default writing mode that may invert overflow directions (e.g right to left or vertical modes).
Adds the logical assignment operators ||=, &&=, and ??= to JavaScript.
Adds an API to allow a user agent to discover a media feed provided by a website. When fetched by the user agent the site will return a feed of personalized media recommendations for the user.
Support the ‘page’ CSS property [1], along with named pages support (@page foobar {} selector). Also support the ‘page-orientation’ descriptor [2] for @page, with values ‘upright’ (initial value), ‘rotate-left’, or ‘rotate-right’.
[1] https://www.w3.org/TR/css-page-3/#using-named-pages
[2] https://drafts.csswg.org/css-page-3/#page-orientation-prop
Promise.any() accepts an iterable of promises and returns a promise that is fulfilled by the first given promise to be fulfilled, or rejected with an AggregateError holding the rejection reasons if all of the given promises are rejected.
AggregateError is a support class that aggregates one or more errors into a single object.
Web developers may specify a referrer policy on their documents, which impacts the Referer
header sent on outgoing requests and navigations. When no policy is specified, Chrome will now use strict-origin-when-cross-origin as the default policy, instead of no-referrer-when-downgrade. On cross-origin requests made from documents without a specified referrer policy, this reduces the Referer
header to the initiating origin and retains its usefulness while mitigating the risk of leaking data.
Deprecate and remove the use of cookies with the SameSite=None attribute but without the Secure attribute. Any cookie that requests SameSite=None but is not marked Secure will be rejected.
This feature is available as of Chrome 76 by enabling the cookies-without-same-site-must-be-secure flag.
This feature will be rolled out gradually to Stable users starting July 14, 2020. See https://www.chromium.org/updates/same-site for full timeline and more details.
JavaScript now has first-class support for global substring replacement through the new String.prototype.replaceAll()
method.
Adds support signed exchange subresource prefetching and loading by extending the HTTP link header.
Previously, there have been inconsistencies on the implementation of fallback content and its treatment as a replaced element for ImageInputType and HTMLImageElement. This led to interoperable issues between implementors.
Examples:
<input style="display: inline;" type=image alt="ALT">
<img title="foo">
<img src="foo" width=10 height=10 alt>
Please see, https://github.com/yuzhe-han/images-fallback-content-1094763, for visual comparison.
Previously, Chromium had intermittent behavior with respect to the “disabled” attribute:
<link id=foo rel="stylesheet" disabled>
would not show up in document.styleSheets.<link rel="alternate stylesheet">
cannot be enabled, except by disabling and re-enabling it.The above issues are being resolved.
Implements two APIs for writing to GATT characteristics that will allow an app to ignore a response from the device or to expect a response from the device.
The currently implemented writeValue() method will remain for backwards compatibility, but is discouraged.
Allow WebAssembly to import and export WebAssembly function parameters of type i64 using BigInt.
Adds two accessors from the Web Authentication Level 2 spec that save sites from parsing Concise Binary Object Representation (CBOR) and CBOR Object Signing and Encryption (COSE) in order to use security keys.
Touch events sent to a page can be either blocking or non-blocking. A blocking touch event means that the page calls preventDefault() to prevent the browser from turning the touch into a scroll. TouchMove events start out blocking until the first event in a sequence isn’t preventDefaulted and causes scrolling. Chromium currently reverts the touchevent stream back to blocking so that pages can override browser default overscrolling behavior. This feature causes overscrolling to be non-blocking.
The following display properties will no longer work when -webkit-box and -webkit-box-clamp are combined: -webkit-box-flex, -webkit-box-ordinal-group, -webkit-box-align, -webkit-box-pack, -webkit-box-direction.
Chrome will unload ad iframes that use an egregious amount of CPU or network bandwidth.
An ad will be subject to unload if it has not received a user gesture and:
Websites can set a well-known URL for changing password /.well-known/change-password
to be redirected to its change password page to help users change their password quickly. Chrome leverages this URL to help users change their passwords when it detects a weak password in the user’s password storage.
Adds Altitude/Azimuth angles to PointerEvents. Adds TiltX/TiltY to Altitude/Azimuth transformation and Altitude/Azimuth to TiltX/TiltY transformation depending which pair is available from the device.
This feature will autoupgrade optionally-blockable mixed content (HTTP content in HTTPS sites) by rewriting the URL to HTTPS, without a fallback to HTTP if the content is not available over HTTPS. Image mixed content autoupgrades by default are targeted for M86.
Audio/Video mixed content autoupgrades are separately tracked in https://www.chromestatus.com/feature/5557268741357568
Creates a cache for pages which allows for instant navigations to previously-visited pages after cross-site navigations.
The ::marker pseudo-element represents the automatically generated marker box of a list item.
Like ::before and ::after, ::marker is a tree-abiding pseudo-element, so it always fit within the box tree.
But unlike ::before and ::after, currently it only accepts a small subset of safe properties, because the marker box layout is mostly undefined.
Note this intent only covers ::marker, not ::before::marker nor ::after::marker (see crbug.com/1097992).
The :focus-visible pseudo-class makes it easier for developers to create focus styles that appropriately match the user’s input modality. It is designed to help prevent a common anti-pattern where developers remove focus outlines for mouse users, and inadvertently make their sites inaccessible to keyboard users.
Aggregates and logs media settings ranges and photo capabilities in JSON.
Changing MediaSettingsRange and PhotoCapabilities interfaces to dictionaries will improve developer ergonomics by allowing web developers to easily log and aggregate exposureCompensation, exposureTime, colorTemperature, iso, brightness, contrast, saturation, sharpness, focusDistance, pan, tilt, zoom, and photo capabilities (redEyeReduction, imageHeight, imageWidth, fillLightMode).
Document Policy restricts the surface area of the web platform on a per-document basis, similar to iframe sandboxing, but more flexibly. It can do things like:
This is just the HTTP header used to set a policy on a document, separate from any features.
ForceLoadAtTop provides an opt-out for Scroll To Text (and other load-on-scroll behaviors as they are also affected by the issues raised in https://github.com/WICG/scroll-to-text-fragment/issues/76) for privacy sensitive sites, as discussed in https://github.com/WICG/scroll-to-text-fragment/issues/80. The ForceLoadAtTop feature allows sites to indicate that they should always be loaded at the top of the page, blocking any scroll-on-load behaviors including text fragments, element fragments, and
A FetchEvent dispatched to a service worker is in a loading pipeline, which is performance sensitive. The new FetchEvent.handled property returns a promise that resolves when a response is returned from a service worker to its client. This enables a service worker to delay tasks that can only run after responses are complete.
This API enables developers to build powerful apps that interact with other (non-Web) apps on the user’s device via the device’s file system. After a user grants a web app access, this API allows the app to read or save changes directly to files and folders selected by the user. Beyond reading and writing files, this API provides the ability to open a directory and enumerate its contents, as well as store file and directory handles in IndexedDB to later regain access to the same content.
Adds a property to determine whether the pitch of an audio or video element should be preserved when adjusting the playback rate.
Web developers can specify node-to-slot assignments imperatively in Shadow DOM slotting.
Please see the spec discussion [1] and the explainer [2].
In a Window whose top Window has been hidden for 5 minutes and which is not opted out from intensive wake up throttling, a timer task with non-zero timeout can run:
< 5
, or,Replaces all children of the ParentNode with the passed-in nodes.
When parsing URLs, encode the character U+007F DELETE as “%7F”.
This improves readability, reduces spoofing risk, makes Chrome’s behavior more consistent, interoperable with other browsers and compliant with the specification.
Extend the list of URL schemes that can be overridden via registerProtocolHandler() to include “cabal”, “dat”, “did”, “dweb”, “ethereum”, “hyper”, “ipfs”, “ipns”, and “ssb”.
Origin trials can now be enabled by embedded scripts, based on tokens matching their third-party origin. Previously, it was possible for scripts to enable origin trials, but only when the token matches the origin of the containing document.
This API enables the insertion of user-defined processing steps in the encoding and decoding of a WebRTC MediaStreamTrack.
<fieldset>
The FIELDSET element will support ‘inline-grid’, ‘grid’, ‘inline-flex’ and ‘flex’ keywords for CSS ‘display’ property.
This change moves window.location.fragmentDirective to document.fragmentDirective which seems like a more appropriate and safer place. It is a small change to the text-fragments feature in https://chromestatus.com/feature/4733392803332096.
Text-fragments introduced an empty object at window.location.fragmentDirective as a means to feature detect the newly added text-fragment capability. window.location turns out to be a bad place for this functionality, see https://crbug.com/1057795.
The async clipboard api currently does not support the text/html format. This feature adds support for copying and pasting html from the clipboard. The HTML is sanitized when it is read and written to the clipboard.
Support a new MediaKeySessionType “persistent-usage-record session”, for which the license and key(s) are not persisted and for which a record of key usage is persisted when the keys available within the session are destroyed.
Introduces new @font-face descriptors ascent-override, descent-override and line-gap-override to override metrics of the font. This allows web authors to (i) achieve interoperable text layout across browsers and platforms, and (ii) reduce layout shifting caused by web fonts.
Adds Atomics.waitAsync, the async version of Atomics.wait. Atomics.waitAsync allows programmers to wait on a SharedArrayBuffer location in the same fashion as Atomics.wait but returns a Promise instead.
Connections to HTTP, HTTPS or FTP servers on ports 5060 or 5061 will fail.
This is a mitigation for the slipstream attack: https://samy.pl/slipstream/. It helps developers by keeping the web platform safe for users.
Connections to HTTP, HTTPS or FTP servers on ports 69, 137, 161, 1719, 1720, 1723 or 6566 will fail.
This is a mitigation for the NAT Slipstream 2.0 attack: https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/. It helps developers by keeping the web platform safe for users.
Ship the already implemented properties introduced by CSS Logical Properties.
Specifically:
Support ‘auto’ for the ‘quotes’ property.
CSS2 specified the initial value for ‘quotes’ as UA dependent, but WebKit and Blink returns an invalid value (empty string) which will not round-trip. Setting it to the empty string will remove the declaration instead of setting it to the initial value. css-content-3 instead uses an ‘auto’ keyword for the default UA behavior.
The Cookie Store API exposes HTTP cookies to service workers and offers an asynchronous alternative to document.cookie.
Intl.Segmenter implements methods for finding the location of boundaries in text, including grapheme,word and sentence boundary analysis.
This API enables developers to complete their work as fast as possible if the user isn’t interacting, but respond to user input as fast as possible if input occurs.
We intended to add attributes FontBoundingBoxAscent and fontBoundingBoxDescent to textmetrics in canvas (following spec https://html.spec.whatwg.org/multipage/canvas.html#textmetrics). This feature will help web developers to arrange text better and it has strong user support (https://crbug.com/277215).
This feature allows developers to pan and tilt the camera using media constraints in getUserMedia().
https://w3c.github.io/mediacapture-image/#dom-mediatracksupportedconstraints-pan
https://w3c.github.io/mediacapture-image/#dom-mediatrackcapabilities-tilt
Range request header can be passed through a service worker if it’s not modified. This enables service workers can work with requests made by media elements such as video and audio.
The streams APIs provide ubiquitous, interoperable primitives for creating, composing, and consuming streams of data. A natural thing to do with a stream is to pass it to a web worker. This provides a fluent primitive for offloading work to another thread. Transferable streams add this capability by allowing ReadableStream, WritableStream, and TransformStream objects to be passed as arguments to postMessage().
The WakeLockSentinel object has a new attribute called released
that indicates whether a sentinel has already been released. Its value is initially false, and it changes to true once a “release” event is dispatched.
cross-origin isolation
Use origin instead of site as agent cluster key for cross-origin isolated agent clusters. document.domain mutation is no-op for agents in cross-origin isolated agent clusters.
Introduce cross-origin isolated permission (https://w3c.github.io/webappsec-feature-policy/).
Introduce self.crossOriginIsolated returning whether the surrounding agent cluster is cross-origin isolated and the environment has the cross-origin isolated permission.
ontransition{run, start, cancel} event handler attributes
The ontransitionrun, ontransitionstart, and ontransitioncancel event handler attributes allow developers to add event listeners for ‘transitionrun’, ‘transitionstart’, and ‘transitioncancel’ events on elements, Document objects, and Window objects.
An example of how this might be used:
target.ontransitioncancel = () => { console.log(‘transition was cancelled!’); }
Implement CSS text decoration properties text-decoration-thickness and text-underline-offset.
Add support for the new from-font keyword for text-underline-position.
When from-font keywords are used, support variable font MVAR underline scaling, (tags unds
and undo
in the MVAR table overriding underlinePosition and underlineThickness in the OpenType post
table.
Developers should use font-size to control font size.
Blink will no longer support the rarely used property
-webkit-font-size-delta.
Applications can optionally render to a subset of the WebXR viewport, using a scale factor that can be changed every animation frame.
This is intended to be more efficient than resizing the full framebuffer which requires reallocation, and the UA can supply a recommended scale factor based on internal heuristics.
The CSS transforms level 2 spec requires that any grouping property causes the used value
of transform-style to be flat. Chromium applies grouping for some of the specified grouping
properties, but not all. This change tracked here will add:
To mitigate “tab-napping” attacks, in which a new tab/window opened by a victim context may navigate that opener context, the HTML standard changed to specify that anchors that target _blank should behave as if |rel=“noopener”| is set. A page wishing to opt out of this behavior may set |rel=“opener”|.
Blink supports manual
and none
values of the CSS hyphens
property since M55, but auto
, which enables the automatic hyphenation, is supported only on Android and Mac.
This feature enables hyphens: auto
on Windows, Linux, and ChromeOS by downloading dictionary files used in Android Open Source Project.
The previous feature entry for M55 is https://www.chromestatus.com/features/5642121184804864
The matches-any pseudo-class, :is(), is a functional pseudo-class taking a selector list as its argument. It represents an element that is represented by its argument.
Allows complex selectors inside the :not() pseudo class, such as :not(.a + .b .c).
Normally, only certain replaced elements have an aspect ratio, particularly images. For them, if only one of width and height is specified, the other can be computed from it using the intrinsic aspect ratio.
This property allows explicitly specifying an aspect ratio for any other element to get similar behavior.
<template>
When adopting a shadow root into a <template>
document from a document that the <template>
is in (or vice versa), we will no longer clear its adoptedStyleSheets.
A new attribute on ElementInternals, ‘shadowRoot’, allows custom elements to access their own ShadowRoot, regardless of open/closed status. Additionally, further restrictions are added to the attachInternals() API to ensure that custom elements get the first chance to attach the ElementInternals interface. With this change, the attachInternals() function will throw an exception if called prior to the custom element constructor being run.
To improve security, the File System Access API’s showOpenFilePicker() and showSaveFilePicker() methods will limit what characters are allowed in extensions for accepted file types.
Specifically only A-Z, a-z, 0-9, + and . will be allowed, extensions can’t end in .local or .lnk, and can’t be more than 16 characters long.
Implement https://github.com/w3c/screen-wake-lock/pull/291, which makes the “type” parameter in WakeLock.request() optional and defaulting to “screen”, which is the only allowed value at the moment.
In other words, the following two lines would do the exact same thing:
navigator.wakeLock.request()
navigator.wakeLock.request("screen")
Origin-keyed agent clusters allows developers to opt in to giving up certain cross-origin same-site access capabilities — namely synchronous scripting via document.domain, and postMessage()ing WebAssembly.Module instances.
This gives the browser more flexibility in implementation technologies. In particular, in Chrome, we will use this as a hint to put the origin in its own process, subject to resource or platform limitations.
The Permissions-Policy HTTP header replaces the existing Feature-Policy header for controlling delegation of permissions and powerful features. The header uses a structured syntax, and allows sites to more tightly restrict which origins can be granted access to features.
Transceivers allow the sending and/or receiving of media in WebRTC. Stopping a transceiver makes it permanently inactive.
Adds the JavaScript type SharedArrayBuffer to Android gated behind COOP/COEP.
The concept of a SharedArrayBuffer is that a message to a worker, is posted but instead of copying the content of the array just a reference to it is shared, so that all have the same view on the shared chunk of data in the memory.
This feature is only targeting Android - https://www.chromestatus.com/feature/4570991992766464 handles all other platforms
So far clip-path only supported other basic shapes (circle, ellipse, polygon, url).
This adds support for path() as a value as specified in https://drafts.csswg.org/css-shapes-1/#funcdef-path, for example:
clip-path: path(oddeven, ‘M 5 5 h 100 v 100 Z’) would clip the element with a triangle.
Remove support for Flash Player from Chromium in alignment with Adobe’s planned end of life on January 12th, 2021.
This feature allows for ARIA relationship attributes to be reflected in IDL as element references rather than DOMStrings.
CSS property ‘list-style-type’ supports two new keywords ‘disclosure-open’ and ‘disclosure-closed’.
In an element with display:list-item, ‘disclosure-open’ shows a symbol indicating a widget like <details>
is opened. ‘disclosure-closed’ shows a symbol indicating a widget like <details>
is closed.
They will be used for the default style of <summary>
in the user-agent stylesheet.
<summary>
The default value of CSS ‘display’ property for <summary>
is changed to ‘list-item’ from ‘block’.
We also support ‘::marker’ pseudo element selector for <summary>
, and remove ‘::-webkit-details-marker’ pseudo element selector.
Before this change, developers did the following in order to hide the details marker:
summary::-webkit-details-marker {
display: none;
margin-inline-end: 0;
}
Now developers can do:
summary {
display: block;
}
or
summary {
list-style-type: none;
}
MediaRecorder
.Adds support for hard constant bitrate (CBR) mode of the Opus encoder when CBR mode is used for MediaRecorder. Without this change it is impossible to encode compressed constant bitrate audio files with the MediaRecorder.
This implements a spec change allowing either constant bitrate (CBR) or variable bitrate (VBR) encoding on the MediaRecorderOptions object passed to the MediaRecorder constructor. Previously VBR was assumed when using anything other than uncompressed PCM.
A highlight pseudo element to allow authors to style scroll-to-text fragments different from the default UA highlighting.
Support the flow-relative Corner Rounding properties following CSS Logical Properties and Values spec. Specifically, the following logical properties are included: border-start-start-radius, border-start-end-radius, border-end-start-radius, and border-end-end-radius.
The flow-relative Corner Rounding properties (border-*-radius) will allow to set top-left, bottom-left, top-right and bottom-right box corners with logical mappings rather than physical properties.
Adds a reporting API to help developers deploy cross-origin opener policy.
The Streams APIs provide ubiquitous, interoperable primitives for creating, composing, and consuming streams of data. We will expose the ReadableStreamDefaultController interface on the global object, as with the other ReadableStream-related classes. This will align Blink with the current version of the Streams API Standard and consensus among the developer community. See https://github.com/whatwg/streams/issues/963.
Adds the ‘forced-colors’ media feature, which is used to detect if the user agent has enabled a forced colors mode where it enforces a user-chosen limited color palette on the page.
Adds the ‘forced-color-adjust’ property, which allows authors to opt particular elements out of forced colors mode, restoring full control over the colors to CSS.
Import maps allows control over what URLs get fetched by JavaScript import statements and import() expressions.
Modifies the definition of same-site for cookies such that requests on the same registrable domain but across schemes are considered cross-site instead of same-site. E.g., http:// site.example and https:// site.example (note: a space was added between the scheme and the domain to prevent automatic link conversion) will now be considered cross-site to each other.
Releasing to Stable, as part of a gradual rollout, starting in M88.
The set of Sec-CH-UA-* client hints aims to deprecate and replace the User-Agent header in order to reduce the passive fingerprinting surface we expose via HTTP requests.
When a window is opened with noopener, Chrome should not clone the sessionStorage of its opener; it should instead start from an empty sessionStorage namespace.
The streams APIs provide ubiquitous, interoperable primitives for creating, composing, and consuming streams of data. For streams representing bytes, an extended version of the readable stream is provided to handle bytes efficiently, in particular by minimizing copies.
Allows the full syntax of the ‘filter’ property to be used on SVG elements which previously only supported single url(…) references. This allows filter functions such as blur(…), sepia(…) and grayscale(…) to apply to SVG elements as well as non-SVG elements. It makes the platform support for ‘filter’ more uniform and allows for easier application of some “canned” effects.
Allow the await
keyword at the top-level within JavaScript modules.
Web NFC aims to provide sites the ability to read and write to NFC tags when they are brought in close proximity to the user’s device (usually 5-10 cm, 2-4 inches). The current scope is limited to NDEF, a lightweight binary message format. Low-level I/O operations (e.g. ISO-DEP, NFC-A/B, NFC-F) and Host-based Card Emulation (HCE) are not supported within the current scope.
The Serial API provides an interface for connecting to serial devices, either through a serial port on the user’s system or removable USB and Bluetooth devices that emulate a serial port. This API has been requested by the hardware developer community, especially developers building educational tools, as a companion to the WebUSB API because operating systems require applications to communicate with USB-based serial ports using their higher-level serial API rather than the low-level USB API.
Web Share is an API for sharing data (text, URLs, images) from the web to an app of the user’s choosing.
Web Share API Level 2 allows sharing of files from the web to an app of the user’s choosing.
The API enables web developers to build share buttons that display the same system share dialog boxes used by native applications. Level 1 enabled system share dialogs; however only text and urls could previously be shared.
Web Share Target allows websites to receive shared data (text, URLs, images) and register to be choosable by the user as targets from sharing contexts, including (but not limited to) Web Share.
Installed web applications can now receive file shares, e.g. images. Using the manifest, the web application can declare which MIME types and/or file extensions it accepts.
Previously, mobile platforms allowed files to be shared to native applications, but not web applications.
Adds support for the AuthenticatorSelectionCriteria.residentKey property to specify during Web Authentication API (WebAuthn) credential registration whether a client-side discoverable credential should be created. Also adds support for the WebAuthn “credProps” extension, which indicates to the Relying Party whether a created credential is client-side discoverable.
Enables web applications to interact with human interface devices (HIDs) other than the standard supported devices (mice, keyboards, touchscreens, and gamepads). However, there are many other HID devices that are currently inaccessible to the web. This API allows web applications to request access to these devices, send and receive HID reports, and retrieve information about the report descriptor.
navigator.webdriver === false
when automation is not enabled.Prior to this change, Chromium only exposed navigator.webdriver
when the browser was being automated. However, other browsers expose it unconditionally per the spec (https://w3c.github.io/webdriver/#interface), with the value false
in case the browser is not being automated.
We propose changing Chromium to align with other browsers and the spec. This is a potentially breaking change since web pages could in theory rely on the old navigator.webdriver === undefined
behavior.
Adds a new advanced field to the web manifest, “display_override”, where a developer with special requirements can specify an explicit display fallback chain they would like applied.
Here’s an example of a website that wants “minimal-ui” to fall back to “standalone”.
{
“display”: “standalone”,
“display_override”: [“minimal-ui”],
}
Note: This API is only intended to be used for advanced use cases & display modes only. Most developers will only need to use the “display” property.
The feature adds a performance.measureUserAgentSpecificMemory() function that estimates the memory usage of the web page. The website needs to be cross-origin isolated to use the API.
This deprecation removes the ability to use “,” as a separator between items in a permissions policy declaration (feature policy declaration) in an iframe tag.
Developers should switch to “;” as the correct separator.
<link rel=prerender>
Remove legacy prefixed events (webkitprerenderstart, webkitprerenderstop, webkitprerenderload, and webkitprerenderdomcontentloaded) dispatched on <link rel=prerender>
.
These were introduced for internal use and not upstreamed to any specifications.
The FLoC API would enable ad-targeting based on the user’s general browsing interest, without the websites knowing their exact browsing history. In today’s web, people’s interests are typically inferred based on observing what sites or pages they visit, which relies on tracking techniques like third-party cookies. User privacy could be better protected if this can be accomplished without needing to collect a particular individual’s exact browsing history.
OT targeted to start end of March.
This feature ships an AV1 encoder in Chrome desktop, specifically optimized for video conferencing with WebRTC integration.
This feature adds a new AbortSignal option, named “signal”, to the options parameter of addEventListener().
The “signal” option must first be created by an AbortController by accessing the “signal” property on an AbortController instance. Once the signal is passed in to addEventListener, calling “abort()” on the AbortController will remove the event listener added with addEventListener.
For more context, see https://github.com/whatwg/dom/issues/911.
The bits shared between StaticRange and Range objects are put on a shared superclass named AbstractRange.
Adds two CSS features. The ‘clip’ value results in a box’s content being clipped to the box’s overflow clip edge. In addition, no scrolling interface is provided, and the content can not be scrolled by the user or programmatically.
The overflow-clip-margin property enables specifying how far outside the bounds an element is allowed to paint before being clipped.
Connections to HTTP, HTTPS or FTP servers on port 554 will fail.
This is a mitigation for the NAT Slipstream 2.0 attack. It helps developers by keeping the web platform safe for users.
Chrome briefly blocked port 554 before, but it was unblocked due to complaints from enterprise users. However, we have now achieved rough consensus at https://github.com/whatwg/fetch/pull/1148 to block 554.
The aspect-ratio property allows automatically computing the other dimension if only one of width and height is specified on any element. This property was originally launched as non-interpolable (meaning that it would snap to the target value) when animated.
This feature provides smooth interpolation from one aspect ratio to another.
The feature lets custom elements expose their states via the :state() CSS pseudo class.
A declarative API to allow the creation of #shadowroot’s using only HTML and no Javascript.
Blog post: https://web.dev/declarative-shadow-dom/
application/x-protobuffer
via Cross-Origin-Read-BlockingProtect application/x-protobuffer
from speculative execution attacks by adding it to the list of never sniffed MIME types used by Cross-Origin-Read-Blocking.
application/x-protobuf
is already protected as a never sniffed mime type. application/x-protobuffer
is another commonly used MIME type that is defined as an “ALT_CONTENT_TYPE” by the protobuf library.
See the original Intent to Implement and Ship notice for CORB here:
https://groups.google.com/a/chromium.org/g/blink-dev/c/hnA
This proposal adds a new .indices
property to the result array object returned by RegExp.prototype.exec and String.prototype.match. This property is an indices array containing a pair of start and end indices for each captured substring.
As producing this array is expensive, the .indices
property is only present when the /d flag is passed.
Rather than rejecting when trying to write past the end of a file, require extending a file with some number of 0x00 (NUL) bytes instead.
This enables creating sparse files and greatly simplifies saving content to a file when the data to be written is received out of order.
Currently, Range is the only constructible range type available to web authors. However, Range objects are “live” and maintaining them can be expensive. For every tree change, all affected Range objects need to be updated. StaticRange objects are not live and represent a lightweight range type that is not subject to the same maintenance cost as Range. By making StaticRange constructible, we will allow web authors to use them for ranges that do not need to be updated on every DOM tree change.
<source>
elements for <picture>
This feature allows specifying a width and height on <source>
elements that are used in <picture>
, which allows the image to compute an aspect ratio from these attributes, e.g.:
<picture>
<source srcset="image.jpg" width="640" height="480">
<img style="width: 100%; height: auto;">
</picture>
In this example, the width of the image will adjust to the size of its container and the height will follow the aspect ratio, even before the image is loaded (avoiding a content shift).
Aligns behavior with the standard in edge cases when changing the URL protocol to or from “file”.
Previously, attempting to change the protocol of a URL with credentials or a port to “file” would lead to an invalid URL. Similarly, attempting to change a URL with no host from “file” to “http” would lead to an invalid URL. Now the invalid change will be ignored for consistency with other browsers.
This affects the “protocol” attribute on the URL API, location, and <a>
and <area>
elements.
Change the Chromium default UA style sheet to use :focus-visible instead of :focus pseudo-class to paint the focus indicator (outline).
This will avoid that elements show a focus indicator (because they’re focused and match :focus) while they don’t match :focus-visible.
It is no longer possible to set the periodicWave member of OscillatorOptions to null.
The WebAudio spec doesn’t allow this, so we’re aligning Chrome with the spec and also Firefox, which has implemented this correctly for 4 years.
Allows sites to query for estimates of the environmental lighting conditions within WebXr sessions. This exposes both spherical harmonics representing the ambient lighting, as well as a cubemap texture representing “reflections”.
The Depth API is an extension to WebXR Device API that allows applications access to depth buffer information that conveys information about the user’s environment, with primary focus on Augmented Reality scenarios.
The directive ‘plugin-types’ allows developer to restrict which types of plugin can be loaded via <embed>
or <object>
html elements. The main point was to allow developer to block Flash in their pages. But Flash support has been discontinued, so there is not much point in this anymore.
Removes support for the non-standard RTP data channels in WebRTC. Users should use the standard SCTP-based data channels instead.
This new API will help clients who are still using Chrome Apps to migrate to the Web, by using a simliar API to chrome.storage.managed Extensions API.
Connections to HTTP, HTTPS or FTP servers on port 10080 will fail.
This is a mitigation for the NAT Slipstream 2.0 attack. It helps developers by keeping the web platform safe for users.
The CSS @counter-style rule allows web authors to specify and use custom counter styles in list markers and CSS counters. This helps web internationalization.
The classic static block proposal adds the ability for JavaScript classes to have one or more static initialization blocks. These blocks are initialized once per evaluation of the class definition.
class C {
static s_field;
static {
this.s_field = doSomeInitialization();
}
}
This proposes to expose read-only files on the clipboard to renderers using a similar approach to drag-and drop.
Renderers will have access to read files from the clipboard, but not write files to the clipboard. For files on the clipboard, renderers will have read-only access.
async function onPaste(e) {
let file = e.clipboardData.files[0];
let contents = await file.text();
}
Disables Double Tap to Zoom (DTZ) when meta viewport tag is set to optimize the web page for mobile devices. In some situations Chrome enables DTZ even if the meta viewport tag is specified correctly which is unexpected to web developers. Having DTZ enabled introduces a 300ms delay between touchend and click events which degrades the user experience on mobile devices.DTZ should be disabled in all cases when a proper meta viewport tag is specified.
JavaScript will support modules in service workers. Setting ‘module’ type by the constructor’s type attribute, worker scripts are loaded as ES modules and the import statement is available on worker contexts.
This JavaScript feature adds the capability for testing the existence of a private field in an object: “#foo in obj”
Proposal: https://github.com/tc39/proposal-private-fields-in-in
The feature has reached Stage 3 in TC39.
Expose the GravitySensor API, which provides a 3-axis reading of the gravity force, to users.
The link element’s “media” attribute will be honored for link[rel=“icon”] so that web developers can define multiple equally appropriate icons based on a media query (dark and light modes for instance). The last one that matches will be picked.
Browsers don’t currently honor the media attribute for link[rel=“icon”] even though the HTML specification says they should.
Import Assertions are an inline syntax for module import statements to pass on more information alongside the module specifier. The syntax is as follows (shown here is the proposed method for importing a JSON module):
import json from “./foo.json” assert { type: “json” };
JSON modules allow statically importing JSON instead of consuming JSON dynamically through fetch(). JSON modules, like JavaSCript modules, are fetched using “cors” mode and strict MIME type checking. They also share the same module import syntax, for example: import data from "./resource.json”.
Provides a mechanism to allow users to configure a Progressive Web Application (PWA) to be launched automatically when a user logs in to the operating system.
When initially shipping the File System Access API we shipped a bare minimum API surface
for showing file and directory pickers. We’re now proposing adding a couple of frequently
requested (and commonly supported in other file picker APIs) options to let websites
provide a couple more opportunities to influence the behavior of the file and directory pickers.
In particular we want to let websites give suggestions for the name and location of files and
directories that are being saved or loaded.
WebAssembly SIMD will expose hardware SIMD instructions to WebAssembly applications in a platform-independent way. The SIMD proposal introduces a new 128-bit value type that can be used to represent different types of packed data, and several vector operations that operate on packed data.
SIMD can boost performance by exploiting data level parallelism and is also useful when compiling native code to WebAssembly
Adds support for WebOTP API calls from cross-origin iframes if enabled by a permission policy.
Supports WebSockets over HTTP/2 in Chromium as specified in RFC 8441 https://tools.ietf.org/html/rfc8441. This is only used for secure WebSockets requests, and only when there is already an HTTP/2 connection where the server has already advertised support for WebSockets over HTTP/2 via the HTTP/2 SETTINGS parameter defined in the specification.
Adds the adaptivePtime property to RTCRtpEncodingParameters(https://w3c.github.io/webrtc-pc/#rtcrtpencodingparameters). This new flag sets a sender in a real-time communication (RTC) system to enable/disable adaptive packet rate.
The webkitBeforeTextInserted and webkitEditableContentChanged JS events are Blink internal events and are non standard events. There are better replacement of these events which Browser vendors have been actively working on such as Input events(https://w3c.github.io/input-events/).
For the purposes of any operation targetting the scroll position of a sticky positioned element (or one of its descendants), the sticky positioned element must be considered to be positioned at its initial (non-offsetted) position.
This was discussed in https://github.com/w3c/csswg-drafts/issues/1459.
Add a dayPeriod option to Intl.DateTimeFormat() method so the caller can format times such as “7 in the morning”, “11 in the morning”, “12 noon”, “1 in the afternoon”, “6 in the evening”, “10 at night” (or in Chinese, “清晨7時”, “上午11時”, “中午12時”, “下午1時” ,“下午6時” ,“晚上10時”)
Change “click”, “contextmenu”, “auxclick” events to PointerEvent (instead of MouseEvent) to let developers: distinguish between mouse, pen and individual fingers in a multitouch interaction through pointerType and pointerId attributes, and utilize fractional event coordinates for high precision use cases.
The final imperative slot distribution API spec has been landed at [1]. There are minor changes from the initial draft [2] which was implemented in Chromium. This feature represents the changes from the draft to the final spec.
[1] https://html.spec.whatwg.org/#dom-slot-assign
[2] https://chromestatus.com/feature/5711021289242624
Add a new method, named at(), to Array.prototype, String.prototype, and the TypedArray prototypes, that permit relative indexing with negative indices.
let arr = [1,2,3,4];
arr.at(-1); // Returns 4
Accounts for the tainted origin flag when computing whether a fetched resource passes the timing allow origin check. The Timing Allow Origin check is used in Resource Timing to determine whether the page has the right to receive detailed timing information about a resource used in the page. The tainted origin flag impacts this check in cases where there are multiple redirects that cross origins. In those cases, the header should be ‘*’, i.e. can no longer be a specific origin.
Being able to filter based on manufacturer specific data (such as vendor ID and product ID) will enable e.g. manufacturer.example.com to configure/select only its own Bluetooth devices and present them to users, instead of showing unrelated Bluetooth devices in the browser picker.
Introduces the method crypto.randomUUID() for generating RFC 4122 version 4 identifiers. The method returns the namespace specific string representation (for example, “6e4decd0-6066-4a25-98e3-0227317cda52”).
The size-adjust descriptor in @font-face allows scaling of glyph sizes for a particular font face without affecting the CSS font-size and derived metrics such as em.
CSS font-size can be seen as a scale factor for a box that the font draws in. Glyph sizes within that box vary between fonts, and size-adjust enables harmonising them across different fonts. That’s why it can also help with reducing cumulative layout shift by matching up the fallback font and primary web font using this descriptor.
Enables web-based payment handlers to receive “paymentrequest” events with non-URL, but standardized payment method identifiers, such as “basic-card” or “tokenized-card”.
Screen readers with touch screen support typically include a “touch exploration” mode where you can tap or slowly drag around the screen and listen to feedback on what you’re touching, before it activates.
Setting aria-touchpassthrough on an HTML element indicates to a screen reader that touch events targeted at this element should be passed through directly, instead.
Use the ICU LocaleMatcher to implement the BestFitMatcher of ECMA402 in v8 JavaScript engine.
ECMA402 defined the BestFitMatcher abstract operation to allow browser implementation to implement a better way to match locale data.
UTS35 sec “4.4 Language Matching” details a data driven algorithm to use CLDR. ICU 67.1 (launched in April 2020) comes with an improved icu::LocaleMatcher API and implementation . This document shows how we implement v8’s BestFitMatcher to use such API.
AbortSignal.abort() is a static method that allows creating a new AbortSignal object that is already aborted. It is similar in spirit to Promise.reject(), and provides improved developer ergonomics.
Connections to HTTP, HTTPS or FTP servers of ports 989 and 990 will fail.
These ports are used by the FTPS protocol, which has never been implemented in Chrome. However, FTPS servers can be attacked in a cross-protocol attack by malicious web pages using carefully-crafted HTTPS requests.
This is a mitigation for the ALPACA attack. See https://alpaca-attack.com/.
Make flexbox and flex items obey the positional alignment keywords from https://drafts.csswg.org/css-align-3/#positional-values.
Flexbox previously only obeyed center, flex-start, and flex-end. The additional alignment keywords (start, end, self-start, self-end, left, right) allow authors to more easily align the flex items in the face of varying writing modes and flex flows.
CSS Module Scripts are an extension of the ES Script Modules system that allows web developers to load CSS into a component definition in a manner that interacts seamlessly with other module types:
import styleSheet from “./styles.css” assert { type: “css” };
Adds an additional options parameter to the Error() constructor with a cause property, the value of which will be assigned to the error instances as a property. This allows errors to be chained without unnecessary and overelaborate formalities on wrapping the errors in conditions.
The meta element’s “media” attribute will be honored for meta[name=“theme-color”] so that web developers can adjust the theme color of their site based on a media query (dark and light modes for instance). The first one that matches will be picked.
Object.hasOwn provides an easier-to-use, static method version of Object.prototype.hasOwnProperty. For example, Object.hasOwn({ prop:42 }, ‘prop’) returns true.
The ‘strict’ and ‘content’ keywords for the ‘contain’ property will now include ‘style’. Per CSSWG resolution this was (re-)added now that contain:style is well-defined in the specifications.
User Preference Media Features Client Hints Header defines a set of HTTP Client Hints headers around user preference media features as defined by Media Queries Level 5. If used as Critical Client Hints, these headers allow servers to make smart choices regarding, e.g., CSS inlining.
Sec-CH-Prefers-Color-Scheme reflects the user’s prefers-color-scheme preference.
We plan to support WebOTP API on desktop when both Chrome Desktop and Chrome Android are logged into the same Google account.
The accent-color CSS property allows the page to specify a color used by form controls instead of using the builtin default color. For example, “accent-color: red” on an <input type=checkbox>
would change the blue color around the checkmark to red.
Offers a way for the website to enable/disable the playback speed control exposed by the browser in native media controls.
Remove support for the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite.
Align the behavior of transform-style: preserve-3d (which allows child elements to participate in the same 3D scene) and the perspective property (which applies a perspective transform to child elements) with the spec by making them apply only to child elements. Before this change, Chromium applies both of these effects based on the containing block hierarchy rather than the DOM tree, and also allows them to extend through elements without transform-related properties on them.
The “scrollbar-gutter” property provides control over the presence of scrollbar gutters (the space which may be reserved to display a scrollbar), allowing authors to prevent layout changes as content expands while avoiding unwanted visuals when scrolling isn’t needed.
Note that the presence of the scrollbars themselves is determined by the “overflow” property and the decision of whether to use classical or overlay scrollbars is up to the User Agent.
Formalize that the default color space for 2D canvases and ImageData is sRGB. Clarify that 2D canvas is fully color managed (that all inputs are converted to the canvas color space). These were previously convention and not clearly specified.
Add parameters to specify a non-sRGB color space when creating a 2D canvas or an ImageData. Add support for the Display P3 color space for these parameters.
Implement the display-capture feature policy from the Screen Capture spec.
https://w3c.github.io/permissions/#dom-permissionname-display-capture
This policy allows restricting access to the getDisplayMedia() API in embedded resources.
The Idle Detection API notifies developers when a user is idle, indicating such things as lack of interaction with the keyboard, mouse, screen, activation of a screensaver, locking of the screen, or moving to a different screen. A developer-defined threshold triggers the notification.
The ImageDecoder API intends to provide web authors random access to decoded images (as ImageBitmap) for each frame in a given image. The returned ImageBitmap objects can be used for drawing to canvas or WebGL (as well as any other future ImageBitmap use cases). Since the API is not bound to the DOM it may also be used in workers.
Adds a web-exposed sampling profiler for measuring client JavaScript execution time. Gathering JS profiles from real users can help developers debug slow observed performance without the need for invasive manual instrumentation.
This feature defines an API surface for manipulating raw media carried by MediaStreamTracks such as the output of a camera, microphone, screen capture, or the decoder part of a codec and the input to the decoder part of a codec. It uses WebCodecs interfaces to represent raw media frames and exposes them using streams, similarly to the way the WebRTC Insertable Streams spec exposes encoded data from RTCPeerConnections.
With the removal of Flash, there is no longer the need to return anything for navigator.plugins and navigator.mimeTypes. These APIs were used primarily for a) probing for Flash player support, or b) fingerprinting. Some sites use these APIs to probe for PDF viewer support. With this change, these arrays will return fixed lists containing a standard list of PDF viewer plugins.
Gives developers the ability to add more data (descriptions and screenshots) to their PWA install dialog and gives users more insight into the apps they are about to install.
Userspace tasks often have varying degrees of importance (related to user experience), but the Platform lacks a unified API to schedule prioritized work. The postTask API allows developers to schedule tasks (javascript callbacks) with a native browser scheduler at 3 levels of priority: user-blocking, user-visible, and background. It also exposes a TaskController, which can be used to dynamically cancel tasks and change their priority.
The virtual keyboard is the on-screen keyboard used for input in scenarios where a hardware keyboard may not be available.
The VirtualKeyboard interface has APIs to provide authors with more control over when the virtual keyboard is shown or hidden. It also fires events with the size of the virtual keyboard when it occludes content in the page.
Provides efficient, low-level access to built-in (software and hardware) media encoders and decoders.
We introduce a dictionary member to MediaStreamConstraints called preferCurrentTab. It’s a boolean defaulting to false. When getDisplayMedia() is called with preferCurrentTab=true, the browser should offer the current tab as the most prominent capture source.
AppCache was standardized in the Offline Web applications section of the HTML specification. The standard is formally referred to as application caches.
New Web applications should be built around Service Workers. Existing applications that use AppCache should migrate to Service Workers.
AppCache access was removed from insecure origins in M70. This intent addresses AppCache usage in secure origins.
Creates a cache for pages which allows for instant navigations to previously-visited pages after all eligible navigations on Android, both cross-site and same-site.
This enhances the original version of back-forward cache, which only caches pages on cross-site navigations: https://chromestatus.com/feature/5815270035685376.
This enhancement shipped by default in M95.
Allows custom counter styles (@counter-style rules) to be defined with shadow trees, and properly referenced within shadow trees or across shadow boundaries.
Enforce limits on the size (in bytes) of cookies set by HTTP responses (Set-Cookie header) and via JS APIs (document.cookie and CookieStore).
Add 4 new values “shortGeneric”, “longGeneric”, “shortOffset”, and “longOffset” for Intl.DateTimeFormat timeZoneName option
The EyeDropper API enables developers to use a browser-supplied eyedropper in the construction of custom color pickers.
Extend the Intl.DisplayNames API to include “calendar” and “dateTimeField” names and add “languageDisplay” option.
see https://github.com/tc39/intl-displaynames-v2 for the proposal
The proposal advanced to Stage 3 on 2021-05-25
Spec: https://tc39.es/intl-displaynames-v2/
This converts contain-intrinsic-size to a shorthand and adds corresponding contain-intrinsic-{width,height} properties as well as contain-intrinsic-{inline,block} size.
For example, this will make the following work:
<div style="writing-mode: vertical-lr; contain: size; contain-intrinsic-inline-size: 100px; contain-intrinsic-block-size: 50px;"></div>
Updates the version provided via the Sec-CH-UA-Platform-Version on Windows to provide a reasonable level of fidelity to allow sites to identify meaningful Windows platform changes. This aligns with the current definition in the proposal in the UA Client Hints WICG repo.
This enables sites to deliver appropriate binary executables and help content specific to that OS version.
Parses a web app manifest entry for a URL to open to take a new note in a note-taking web app, allowing OS integrations.
Secure payment confirmation augments the payment authentication experience on the web with the help of WebAuthn. The feature adds a new ‘payment’ extension to WebAuthn, which allows a relying party such as a bank to create a PublicKeyCredential that can be queried by any merchant origin as part of an online checkout via the Payment Request API using the ‘secure-payment-confirmation’ payment method.
URLPattern is a new web API that provides native support for matching URLs given a pattern string. It is designed to be usable both in javascript directly and by passing patterns to other web platform APIs; e.g. as a service worker scope.
This feature is adding exception support to WebAssembly. Exception handling allows code to break control flow when an exception is thrown. The exception can be any exception known by the WebAssembly module, or it may be an unknown exception that was thrown by a called imported function.
WebAssembly module sharing between cross-origin but same-site environments will be deprecated to allow agent clusters to be scoped to origins long term. This is a WebAssembly spec change, which has an impact on the platform as well.
Therefore this deprecation is the first step to deprecate document.domain
Currently, web developers can use PerformanceObserver with buffered flag to listen to past and future performance entries about their site. However, past entries need to be stored, and there is a buffer size limit. The droppedEntriesCount parameter helps developers know if they may have lost an entry due to this storage being full. It’s set to the number of entries which got dropped from the buffer due to such buffer being full.
This function, available in windows and workers, allows developers to report errors to the console and any global “error” event handlers, in the same way as an uncaught JavaScript exception. It is mainly useful for custom event-dispatching or callback-manipulating libraries.
Most hostnames that aren’t valid IPv4 addresses, but end in numbers are treated as valid, and looked up via DNS (e.g., http://foo.127.1/). Per the Public Suffix List spec, the eTLD+1 of the hostname in that URL should be “127.1”. If that is ever fed back into a URLs, “http://127.1/” is mapped to “http://127.0.0.1/” by the URL spec, which seems potentially dangerous. “127.0.0.0.1” could also potentially be used to confuse users. We want to reject URLs with these hostnames.
Deprecate and remove support for FTP URLs.
A custom counter style can be constructed with a meaning that is obvious visually, but impossible to meaningfully represent via a speech synthesizer or other non-visual means, or possible but nonsensical when naively read out loud. The ‘speak-as’ descriptor describes how to synthesize the spoken form of a counter formatted with the given counter style.
Splits the reporting cache into a per-document cache for document-generated reports, and the existing cache for network reports. There is currently a single reporting cache per profile, which means that reports from unrelated documents can potentially be sent in a single request. This also introduces the Reporting-Endpoints HTTP response header for non-persistent configuration of document-generated reports.
The ACCEPT_CH HTTP/2 and HTTP/3 frames, combined with the TLS ALPS extension, are a connection-level optimization to deliver the server’s Client Hint preferences in time for the first HTTP request.
Two new data properties, captureTimestamp and senderCaptureTime, will be added to the RTCRtpContributingSource, returned by RTCRtpReceiver.getContributingSources(). (See https://w3c.github.io/webrtc-extensions/#rtcrtpcontributingsource-dictionary.) These new properties are used to measure A/V sync and end-to-end delay in real-time communication (RTC) systems.
Creates a cache for pages which allows for instant navigations to previously-visited pages.
Read unsanitized PNGs from the system clipboard. This will apply to both DataTransfer and the Async Clipboard API (navigator.clipboard.read()).
Introduce Cross-Origin-Embedder-Policy: credentialless. This causes cross-origin no-cors requests to omit credentials (cookies, client certificates, etc). Similarly to COEP:require-corp, it can enable cross-origin isolation.
Used contain values different from none on the root or body elements will disable propagation of CSS properties from body as per specification[1].
[1] https://drafts.csswg.org/css-contain-1/#c3
A MediaKeySessionClosedReason is proposed to indicate the reason for EME MediaKeySession closure, and the closed attribute would return a Promise<MediaKeySessionClosedReason>
instead of the current Promise<void>
.
See https://github.com/w3c/encrypted-media/issues/473.
Developers currently use the Event Timing API to gather performance data about events they care about. However, it is currently hard to link events that correspond to the same user interaction. For instance, when a user taps, many events are generated, such as pointerdown, mousedown, pointerup, mouseup, and click. The interactionID enables developers to link multiple PerformanceEventTiming entries when they correspond to the same user interaction.
Adds the ‘prefers-contrast’ feature, which lets authors adapt web content to user-selected level of contrast in the OS, such as increased contrast mode on macOS and high contrast mode on Windows.
Valid options are ‘more’, ‘less’, ‘custom’, or ‘no-preference’.
Define an optional id field in app manifest that’s used to globally identify the web app. If the id is not specified, start_url will be used as the default id.
Enable web applications to register themselves as handlers of custom URL protocols/schemes using their installation manifest.
Allow WebAssembly modules to hold references to JS/DOM objects, passing them as arguments, storing them in locals and globals, and storing them in WebAssembly.Table objects.
Add the authenticator attachment (platform/cross-platform) used during both registration and authentication to the public key credential payload returned from the browser to the relying party (website/application etc)
This is a Stage 3 TC39 proposal that adds the methods findLast and findLastIndex to Array.prototype and the various TypedArray.prototypes.
These methods are the “from the end” versions of find and findIndex.
Dedicated workers should be governed by the Content Security Policy delivered in their script response headers. Chrome incorrectly used to instead apply the Content Security Policy of the owner document.
We would like to change chrome’s behaviour to adhere to what is specified.
getLayoutMap() used in conjunction with code solves the problem of identifying the actual key pressed in keyboard with different layout maps such as English vs French keyboards, but since getLayoutMap() isn’t available in all contexts (can’t be used inside iframes), Office web apps like Excel, Word, PowerPoint, etc. that show up as embedded experiences in Outlook Web, Teams, etc. and are running in iframes, can’t use this API.
Adding keyboard-map to the allow attribute list solves this problem.
Provides a unified way to detect new features that use script elements.
Before this change, newlines in form entries were normalized early in the form submission process (during the entry list construction), with an additional late normalization happening as the form payload was encoded with the application/x-www-form-urlencoded enctype. With this change, the early normalization is removed and the late normalization is extended to all enctypes.
Adds a read only attribute “name” to the PermissionStatus
interface, allowing the name of the permission to be gotten after a PermissionStatus
is created.
When querying multiple permissions simultaneously via the Permissions API, it was not possible to identify which PermissionStatus was which, as they were lacking a way to identify them (i.e., their “name”). The only way around this was to use something like array order or some other external index, which is less than ideal.
This feature will cause service workers that handle navigation requests by calling fetch(evt.request)
to use the origin and redirect chain from FetchEvent.request
. Previously this information was always set to the service worker’s origin with no redirect chain.
This information is used to control the origin header and SameSite cookies sent with the request to the server.
Client Hints, a method to request information about the user’s device or conditions, have been implemented in Chrome, but since the initial implementation the naming scheme has changed. If implemented, this proposal would add new client hints with a sec-ch-
prefix to re-implement the following: dpr
, width
, viewport-width
, device-memory
, rtt
, downlink
, and ect
.
<number>
) where only accepts <integer>
CSS math functions that resolve to <number>
can be used in any place that only accepts <integer>
. (It gets rounded to the nearest integer, as specified in https://drafts.csswg.org/css-values-4/#calc-range)
Enhancements to Content Security Policy to improve interoperability with WebAssembly.
WebTransport is a protocol framework that enables clients constrained by the Web security model to communicate with a remote server using a secure multiplexed transport.
Implement support for a ‘none’ argument to the perspective() function within the syntax of the CSS transform property. This provides the perspective() function with a value that gives the identity matrix. Its effect is as though the perspective() function was given an argument that is infinite. This makes it easier (or, in some cases, possible) to do animations involving the perspective() function where one of the endpoints of the animation is the identity matrix.
Add promise support to ClipboardItem
object. This helps the web author to call async clipboard write method without having to provide the Blob data synchronously. Authors can choose to resolve the promise later when the Blob data is available.
To solve problems with existing color font formats, we designed a next generation font format suitable for the web called COLRv1 which enables powerful 2D graphics glyph definitions (gradients, transforms), supports variations, and reuses existing contour definitions.
Previous color font formats embed bitmap files into the OpenType font containers. They do not scale in high quality and have a large binary size. OpenType SVG embeds vectors but requires complex parsers and rasterisers.
The ‘only’ keyword has been re-added to the specification for color-scheme as a way of per-element opt-out of color-scheme override like forced darkening.
div { color-scheme: light } will force the div element into color-scheme dark and apply forced darkening.
div { color-scheme: only light } will keep the color-scheme for the element light and opt-out of forced darkening.
Adds a media query to CSS which allows a page to detect the current display device’s support for HDR.
This feature adds the query: ‘dynamic-range’ which may be one of ‘standard’ or ‘high’. Chrome will resolve this query according to the capabilities of the display device the browser window is currently positioned on, allowing pages to toggle CSS rules accordingly or respond in Javascript via ‘window.matchMedia()’.
This change aligns Chromium with the spec for window.open(), by 1) adding a “popup” windowFeature to control popup vs. tab/window, and 2) ensuring all BarProp properties return !is_popup.
The streams APIs provide ubiquitous, interoperable primitives for creating, composing, and consuming streams of data. This change permits an underlying sink to rapidly abort an ongoing write or close when requested by the writer.
Enables using the HTML structured clone algorithm synchronously for cloning and transferring objects within a single realm.
The SDES key exchange mechanism for WebRTC has been declared a MUST NOT in the relevant IETF standards since 2013. The SDES specification has been declared Historic by the IETF.
Its usage in Chrome has declined significantly over the recent year.
This intent is to deprecate and remove this code from Chromium and WebRTC.
This feature allows autofill to look into ShadowDOM when collecting form controls within a form element.
With the adoption of web components, it is common to wrap form controls like input elements in ShadowDOM.
When autofill traverses the children of form elements to collect form controls, it currently skips ShadowDOM, and makes these form controls never get autofilled.
This feature will make autofill also traverse into ShadowDOM when collecting form controls.
Intl Enumeration API Specification is a new ECMA402 Stage 3 proposal which lists supported values of options in pre-existing API.
Intl Locale Info API is a new Stage ECMAScript TC39 proposal to enhance the Intl.Locale object by exposing Locale information, such as week data (first day in a week, weekend start day, weekend end day, minimun day in the first week), and text direction hour cycle used in the locale.
https://github.com/tc39/proposal-intl-locale-info
Sets the destination of script requests for AudioWorklet to “audioworklet”.
The specification defines script requests for AudioWorklet have “audioworklet” destination, but previously they had “script” destination. The destination is exposed to the Sec-Fetch-Dest
HTTP request header and FetchEvent.request.destination
on Service Workers. This helps servers to decide how to handle the requests.
Sets the destination of script requests for PaintWorklet to “paintworklet”.
The specification defines script requests for PaintWorklet have “paintworklet” destination, but previously they had “script” destination. The destination is exposed to the Sec-Fetch-Dest
HTTP request header and FetchEvent.request.destination
on Service Workers. This helps servers to decide how to handle the requests.
CSS calc() math function should allow infinity and NaN values by ‘infinity’, ‘-infinity’, ‘NaN’ keywords or expressions that could be evaluated into infinity or NaN such as ‘calc(1/0)’.
Allows requests with simple range headers to go through without preflight.
CORS requests will be able to use the Range header in limited ways (only one valid range) without triggering a preflight.
CSS cascade layers (@layer rule and layered @import syntax) provide a structured way to organize and balance concerns within a single origin. Rules within a single cascade layer cascade together without interleaving with style rules outside the layer. This allows authors to achieve a certain cascade ordering for same-origin rules in a proper way.
The prior specification for adoptedStyleSheets used a FrozenArray backing array. The spec was recently changed, so that the backing array is an ObservableArray. This makes the API easier to use and understand, since it is a true mutable JS array object. For example, normal array operations such as adoptedStyleSheets.push(sheet) can be used.
The HTMLInputElement showPicker() method allows web developers to programmatically show a browser picker for input elements (temporal, color, file, and those with suggestions like datalist or autofill).
An API for web applications to make use of advanced handwriting recognition services (e.g. those on operating systems) to recognize text from handwriting drawings (inks) in real time. In this context, handwriting drawing means the temporal and positional information used to describe a human handwriting process.
Updated functionality for the Canvas2D API. Adds nine new features/functions to CanvasRenderingContext2D:
https://github.com/fserb/canvas2d
<Gamepad?>
for navigator.getGamepads() return valueWe intend to replace GamepadList with sequence<Gamepad?>
for the navigator.getGamepads() return value to follow the spec and match current Gecko and WebKit implementations.
This feature introduces ‘text-emphasis’, ‘text-emphasis-color’, ‘text-emphasis-position’, and ‘text-emphasis-style’ CSS properties. They are unprefixed versions of ‘-webkit-text-emphasis’, ‘-webkit-text-emphasis-color’, ‘-webkit-text-emphasis-position’, and ‘-webkit-text-emphasis-style’.
Remove support for the font-family value “-webkit-standard”. This essentially behaves as an alias to the proprietary keyword “-webkit-body” and is only exposed as historical implementation details inherited from WebKit.
Updates the parsing of cookie strings to allow a cookie’s domain attribute to be set to the empty string. This change will also correct the failing web-platform tests related to an empty string domain. Additionally, it brings Chrome in alignment with the draft RFC6265bis specification, and will improve interoperability with Safari and Firefox by matching their treatment of an empty cookie domain attribute.
Throws an AbortSignal’s reason if the signal is aborted. This convenience method can be used by signal-handling functions to check a signal’s abort status and propagate the abort reason, e.g. after async operations that might change a signal’s state.
Capability delegation means allowing a frame to relinquish its ability to call a restricted API and transfer the ability to another (sub)frame it trusts.
If an app wants to delegate its ability to call a restricted JS capability (e.g. popups, fullscreen, etc) to a known+trusted third-party frame, the app would utilize a Capability Delegation API to “transfer” the ability to the target frame in a time-constrained manner (unlike static mechanisms like <iframe allow>
attributes).
An API for querying and managing digital products to facilitate in-app purchases from web applications, in conjunction with the Payment Request API (which is used to make the actual purchases). The API would be linked to a digital distribution service connected to via the user agent. In Chromium, this is specifically a web API wrapper around the Android Play Billing API.
The HIDDevice forget() method allows web developers to voluntarily revoke a permission to a HIDDevice that was granted by a user.
To support content negotiation use cases such as differential serving of variable fonts, color vector fonts, responsive images, and other third-party content which requires client information lost by user agent reduction. For example: variable fonts allow significantly less font information to be transferred without loss of functionality, but only works on specific operating systems.
With this feature, Chrome will start prerendering the high-confidence omnibox autocomplete suggestions.
This integration prevents a situation in which aborting a SerialPort’s WritableStream can be blocked on waiting for a partially-written chunk of data to be written to the port. If the port is waiting for the peer device to provide a flow control signal it could be blocked indefinitely. The intent of aborting a WritableStream is to immediately stop trying to write data to the underlying sink. The introduction of an AbortSignal to the controller was done to fix bugs like this.
This is a PSA about a small tweak to an existing feature. The change is to include the TLS ALPN extension when initiating a new connection for wss-schemed WebSockets, offering just the default “http/1.1” protocol. Currently, unlike HTTPS connections, such connections do not offer ALPN at all. Changing this aligns with Firefox and Safari, hardens against cross-protocol attacks (see ALPACA), and makes wss eligible for the False Start optimization. It also simplifies work on the HTTPS DNS record.
The NDEFReader makeReadOnly() method allows web developers to make NFC tags permanently read-only with Web NFC.
In WebTransport, the serverCertificateHashes option allows the website to connect to a WebTransport server by authenticating the certificate against the expected certificate hash instead of using the Web public key infrastructure (PKI).
This feature allows Web developers to connect to WebTransport servers that would normally find obtaining a publicly trusted certificate challenging, such as hosts that are not publically routable, or virtual machines that are ephemeral in nature.
Previously named “Multi-Screen Window Placement”.
Adds new screen information APIs and makes incremental improvements to existing window placement APIs, allowing web applications to offer compelling multi-screen experiences.
The existing singular window.screen offers a limited view of available screen space, and window placement functions generally clamp bounds to the current screen. This feature unlocks modern multi-screen workspaces for web applications.
This proposal adds a plus-lighter value to the mix-blend-mode property. Plus-lighter adds the source and destination colors multiplied by their respective alphas. This operation is useful when cross fading between two elements that may contain common pixels. In that case, plus-lighter ensures that the common pixels do not change in appearance as opacity changes from 0 to 1 on one element and from 1 to 0 on the other.
Deprecate the “basic-card” payment method from PaymentRequest API.
The font-palette CSS property allows selecting a palette from a color font. In combination with the @font-palette-values at-rule, custom palettes can be defined.
Use cases: designs where an icon or emoji font is used in combination with dark or light mode, or multi-colored icon fonts that are colorised using font-palette to harmonise with the content’s color scheme.
font-palette increases efficiency of color font uses, as no server roundtrip is needed for changing the colors of the font.
We intend to deprecate and remove usage of WebSQL in third party contexts. Deprecation is targeted for M94 and removal is targeted for M97.
Fetch Priority provides developers a way to indicate a resource’s relative priority to the browser, allowing more control over the order resources are loaded.
Many factors influence a resource’s priority in browsers. These include type, visibility, and preload status of a resource. This introduces a developer-set “fetchpriority” attribute to HTML elements and a “priority” property to the fetch API allowing developers to influence the computed priority of a resource. Supported fetchpriority values are auto, low, and high.
This is a recent change [1] to the spec for parsing the windowFeatures argument to window.open(). Previous to this change, window.open(url,‘’,‘popup=true’) interpreted the ‘popup=true’ to mean popup is false. With this change, ‘true’ counts as a truthy value.
[1] https://github.com/whatwg/html/pull/7425
Extends the MediaCapabilities API to support WebRTC streams. The MediaCapabilities API helps web sites to make informed decisions on what codec, resolution, etc. to use for video playback by providing information about whether a configuration is supported and also whether the playback is expected to be smooth. This feature extends the MediaCapabilities API to also include WebRTC streams.
Dedicated workers loaded from a secure (HTTPS) origin yet instantiated by insecure (non-HTTPS) contexts are no longer considered secure.
This results in the following web developer facing changes inside such worker contexts:
self.isSecureContext
is now false
self.caches
and self.storageFoundation
are no longer availableThis aligns Blink behavior with the specification and Gecko.
Following the recent HIDDevice forget() addition[1] to the web platform, the USBDevice forget() method allows web developers to voluntarily revoke a permission to a USBDevice that was granted by a user.
[1] https://groups.google.com/a/chromium.org/g/blink-dev/c/Fk-IJF63UWc
Make USBConfiguration, USBInterface, USBAlternateInterface, and USBEndpoint instances returned by the accessors on USBDevice === comparable.
The existing Save-Data header will be made a formal client hint by adding a new CH-Save-Data permissions policy that controls its delegation. This hint will still be sent by default (when lite mode is on) and delegated to all first and third parties by default.
AudioContext.outputLatency property is the estimation in seconds of audio output latency.
Technically, this is the interval between the time the UA requests the host system to play a buffer and the time at which the first sample in the buffer is actually processed by the audio output device. For devices such as speakers or headphones that produce an acoustic signal, this latter time refers to the time when a sample’s sound is produced.
We introduce a mechanism that allows an application to opt-in to exposing certain information to other applications which are video-capturing it. This allows collaboration between capturing and captured applications.
For example, a VC application that’s video-capturing a tab where a presentation application lives, could expose user-facing controls in the VC tab for navigating the presentation in the captured tab.
File Handling provides a way for web applications to declare the ability to handle files with given MIME types and extensions. The web application will receive an event when the user intends to open a file with that web application.
Query DNS for HTTPS records (alongside traditional A and AAAA queries). When a website has deployed an HTTPS DNS record and Chrome receives it, Chrome will always connect to the website via HTTPS.
Design doc for all Chrome DNS HTTPS plans: https://docs.google.com/document/d/1k461sRbddjDGj7Q8f-ZKHZvmB-ENUWSdX_3Fpp2dmXQ
This feature covers just the basic query and HTTP->HTTPS upgrade part of those plans, and only for simpler cases that do not require followup DNS queries by the Chrome DNS stack.
Three changes to the Secure Payment Confirmation API, implemented and flagged as “V3” of the API.
With WebAssembly Dynamic Tiering, an heuristic decides which functions of a WebAssembly module get optimized, and when the optimization is triggered. This is an improvement to the existing eager optimization approach, where all functions get optimized immediately after baseline compilation is finished. WebAssembly Dynamic Tiering reduces the resource consumption of the optimizing compiler, and prevents the compiler from competing with the web application for resources.
The “exclusionFilters” option in navigator.hid.requestDevice() allows web developers to exclude some devices from the browser picker. It can be used to exclude devices that are known to be malfunctioning.
The inert attribute allows web authors to mark parts of the DOM tree as inert. When a node is inert:
(also aboxhall@)
The SDP used to establish a connection in WebRTC has a non-standard dialect: Plan B. Removal timeline:
M93: Exception thrown in Canary.
M96: Exception thrown in Beta and Stable.
M102: Prior to this version, Plan B was allowed behind Deprecation Trial. With M102, sdpSemantics is ignored (you get Unified Plan no matter what). CrOS-only: Plan B was temporarily allowed up until M104.
Allowing PaymentRequest.show() to be triggered without a user activation could be abused by malicious websites. To protect users, the spec was changed to require user activation, and we are now following through in the Chrome implementation.
The window.navigation API provides the ability to intercept and initiate navigations, as well as introspect an application’s history entries. This provides a more useful alternative to window.history and window.location, specifically aimed at the needs of single-page web applications.
(Note: this API was formerly known as the app history API.)
Add a new compression format, “deflate-raw”, to give web developers access to the raw deflate stream without any headers or footers. This is needed, for example, to read and write zip files.
Support 103 Early Hints informational responses during top-level frame navigation. When a 103 response includes link headers Chromium tries to preload specified resources (including modulepreload) or preconnect to specified origins before the final response is received. This gives Web developers a way to optimize Core Web Vitals such as Largest Contentful Paint (LCP).
This feature provides a JavaScript API to allow web developers to query and modify the “role” ARIA attribute directly.
This implements attribute reflection for “role” attribute, similar to other attributes already supported like “ariaDescription” or “ariaRequired”.
Returns a new AbortSignal object that is automatically aborted after a given number of milliseconds. This method can be used by developers to easily implement timeouts for signal-accepting async APIs, e.g. fetch().
The .avif image file should be able to be shared by Web Share.
Adding avif to the other allowed image file types will help spread the use of it.
Before this change, Chromium would fire hashchange asynchronously (after a task), and delay popstate until the load event. This means the event ordering could be either [hashchange, popstate], or [popstate, hashchange], depending on how long the document took to load. After this change, Chromium will match Firefox and always fire popstate immediately upon URL changes, i.e. the order will always be [popstate, hashchange].
Block sandboxed iframe from opening external application.
To enable it again, apply at least one of following values to the <iframe>
element’s sandbox property:
Or use the new dedicated one:
Gives web applications the ability to enumerate local fonts and some metadata about each. Also gives web applications access to table data stored within local fonts, allowing those fonts to be rendered within their applications using custom text stacks.
Requires a secure context for the Gamepad API and adds a feature policy to allow restricting gamepad use.
Following the recent HIDDevice[1] and USBDevice[2] forget() additions to the web platform, the SerialPort forget() method allows web developers to voluntarily revoke a permission to a SerialPort that was granted by a user.
[1] https://groups.google.com/a/chromium.org/g/blink-dev/c/Fk-IJF63UWc
[2] https://groups.google.com/a/chromium.org/g/blink-dev/c/pSM2W0TtKEI/
We seek to align our implementation of GREASE in User Agent Client Hints with the current spec, which includes additional GREASE characters beyond the current semicolon and space, and which recommends varying the arbitrary version. This is to help prevent bad assumptions from being built on top of User-Agent strings.
This intent is to add a user activation requirement for Secure Payment Confirmation (SPC) credential enrollment in a cross-origin iframe to help mitigate a privacy issue (see https://github.com/w3c/secure-payme for discussion of a potential identity tracking attack).
Deprecate and remove the Battery Status API on insecure origins, such as HTTP pages or HTTPS iframes embedded in HTTP pages.
Render-initiated navigations to filesystem:// URLs are blocked in top-level frames, but for some reason allowed in iframes. As part of the storage partitioning efforts, we propose to remove support for third party contexts, and consistently block navigation to filesystem:// URLs everywhere.
See https://chromestatus.com/metrics/feature/timeline/popularity/4077 for usage details (currently extremely low).
object-view-box allows the author to specify a subset within an image that should draw within the content box of the target replaced element. This enables an author to create an image with a custom glow or shadow applied, with proper ink-overflow behavior like a CSS shadow would have.
When cookies are set with an explicit Expires/Max-Age attribute the value will now be capped to no more than 400 days in the future. Previously, there was no limit and cookies could expire as much as multiple millennia in the future.
This adds three new CSS properties: translate, rotate, and scale. These properties are known as the individual transform properties (and were previously known as the independent transform properties).
This exposes a simple way for web developers to access transforms in an intuitive way, without having to think about how functions in the transform property interact with each other.
The properties are individually animatable.
Allows writing media queries using ordinary mathematical comparison operators, and adds support for ‘or’, ‘not’, nesting, and evaluation of “unknown” features.
Integrates the Web Bluetooth API with Permissions Policy, which should be identified by the “bluetooth” token.
The Web Bluetooth API allows webpages to communicate with devices over Bluetooth. However, this API is not allowed to be used from cross-origin iframes. This integration enables this scenario while providing protection against unwanted access to Bluetooth capabilities, which requires the top-level document to explicitly allow a cross-origin iframe to use the API’s methods.
Sends a warning-only CORS preflight request ahead of any private network requests for subresources, asking for explicit permission from the target server.
If the preflight request fails due to Private Network Access checks, a warning is displayed in the DevTools issues panel, but the error is otherwise ignored. The subsequent request is sent as if the preflight had succeeded.
A private network request is any request from a public website to a private IP address or localhost, or from a private website (e.g. intranet) to localhost. Sending a preflight request mitigates the risk of cross-site request forgery attacks against private network devices such as routers, which are often not prepared to defend against this threat.
A set of 4 hints (dpr
, width
, viewport-width
, and device-memory
) have a default allowlist of self
but behave as though they have a default allowlist of *
on Android. The default allowlist of *
goes against the Client Hints Infrastructure standard; fixing this will increase privacy on Android by requiring explicit delegation of these hints.
Provides a new approach to load a large number of resources efficiently using a format that allows multiple resources to be bundled, e.g. Web Bundles.
overflow-clip-margin specifies how far an element’s content is allowed to paint before being clipped. This feature allows using visual-box values to configure the reference box that defines the overflow clip edge the content is clipped to.
The Cryptotoken component extension offers a chrome.runtime.sendMessage() API that allows any web site to make requests to a user’s FIDO U2F security key. Cryptotoken and its API have been subsumed by the W3C Web Authentication API.
Web Custom formats let websites read and write arbitrary unsanitized payloads using a standardized web custom format, as well as read and write a limited subset of OS-specific formats (for supporting legacy apps).
The name of the clipboard format is mangled by the browser in a standardized way to indicate that the content is from the web, which allows native applications to opt-in to accepting the unsanitized content.
Implementation of WebGL color management API
WebGL allows specification of
This feature is to update our implementation to include this functionality.
Prior to this feature, both of these defaulted to sRGB. Now they can also use “display-p3”.
Fullscreen Companion Window allows sites to place fullscreen content and a popup window on separate screens from a single user activation.
This is a small requested enhancement of the Window Management feature: https://chromestatus.com/feature/5252960583942144
We introduce a performant and robust API for cropping a self-capture video track. (Recall that applications may already video-capture the tab in which the application is run using getDisplayMedia(). Using our new Region Capture, such an application may now crop that track and remove some content from it; typically before sharing it remotely.)
Opaque Response Blocking (ORB) is a replacement for Cross-Origin Read Blocking (CORB - https://chromestatus.com/feature/5629709824032768). CORB and ORB are both heuristics that attempt to prevent cross-origin disclosure of “no-cors” subresources. This entry tracks v0.1 of ORB - Chrome’s first step toward full ORB implementation.
For interop web authors should check Content-Type headers of their resources and indicate multimedia content when needed (e.g. audio/*, application/dash+xml, etc).
Allows putting ‘blocking=render’ as an attribute and value to a <script>
, <style>
or stylesheet <link>
to make it explicitly render-blocking. The main usage is to avoid a flash of unstyled content or user interactions with an unmature page caused by, e.g., script-inserted scripts/stylesheets, client-side A/B testing and etc.
The :has() pseudo class is a selector that specifies an element which has at least one element that matches the relative selector passed as an argument.
The ‘beforeinput’ event fires when the value of an <input>
, <textarea>
, or contenteditable element is about to be modified.
Add an ‘onbeforeinput’ global content attribute to make it easier for developers to use.
A pseudo class selector to style dialog element.
The :modal pseudo-class represents an element which is in a state that excludes all interaction with elements outside it until it has been dismissed.
Container Queries allow authors to style elements according to the size of a container element.
It’s similar to a @media query, except it evaluates against the size of a container instead of the size of the viewport.
The custom highlight API provides a way for web developers to style the text of arbitrary ranges. This is useful in a variety of scenarios, including editing frameworks that wish to implement their own selection, find-on-page over virtualized documents, multiple selections to represent online collaboration, or spellchecking frameworks.
Platform cursor size used as default for custom SVG cursors if no specified size. SVG cursors can scale based on the platform accessibility/cursor settings. This can be overridden if the cursor has any specified dimensions. This feature is initially available on Windows only.
Hint indicating to the user agent whether the application, upon calling getDisplayMedia() with {systemAudio: true}, wishes system audio to be offered to the user. (If not - only offer tab-audio.)
Element.checkVisibility() returns true if the element is visible, and false if it is not. It checks a variety of factors that would make an element invisible, including display:none, visibility, content-visibility, and opacity.
This exposes the TransformStreamDefaultController class on the global scope.
This class already exists and can be accessed using code such as
let TransformStreamDefaultController;
new TransformStream({ start© { TransformStreamDefaultController = c.constructor; } });
This change makes such code unnecessary as now TransformStreamDefaultController just exists on the global scope.
To achieve parity among the all supporting platforms, we are implementing Prerender2 for Desktop (as an addition to Android).
We are going to ship same-origin prerendering triggered by the speculation rules API and Omnibox (same as current triggers for Android).
See also [1] Same-origin prerendering triggered by the speculation rules API
[1] https://chromestatus.com/feature/5355965538893824
When a user overscrolls, all elements on the page (including fixed elements) move in response to the overscroll. This feature prevents fixed elements from moving during overscroll.
features=FixedElementsDontOverscroll
Spec discussion: https://github.com/w3c/csswg-drafts/issues/6299
Improves ergonomics for creating JSON Response objects. The Response constructor allows for creating the body of the response from many types, however it is not possible to directly create a JSON object. The Response.json() static method fills this gap. It returns a Response object with a body consisting the first argument serialized as JSON. The second argument is a ResponseInit option bag as with the Response constructor.
Prerendering loads a web page before it is needed, so that when the actual navigation to that page occurs, it can be shown instantly.
There is existing HTML syntax to delegate client hints to third-party content which requires client information lost by user agent reduction. Example:
<meta name="accept-ch" value="sec-ch-dpr=(https://foo.bar https://baz.qux), sec-ch-width=(https://foo.bar)">
We shipped this syntax in M100 and got belated developer feedback that it’s confusing. We reached the conclusion it’s not too late to change course due to low adoption so far.
This intent proposes a replacement syntax with the same feature set. Example:
<meta http-equiv="delegate-ch" value="sec-ch-dpr https://foo.bar https://baz.qux; sec-ch-width https://foo.bar">
This proposal also removes the older syntax introduced in M100.
Currently, Responsive Image Client Hints provide a way for origins to obtain the viewport’s width. However, no such attribute exists for viewport height. We’ve observed that to optimize the loading of content that appears in viewport, it is essential for the origins to adapt HTML response based on viewport height.
When the window controls overlay is enabled for installed desktop web apps, the app’s client area is extended to cover the entire window–including the title bar area–and the window control buttons (close, maximize/restore, minimize) are overlaid on top of the client area. The web app developer is responsible for drawing and input-handling for the entire window except for the window controls overlay.
Enhances screen label strings provided by the Window Management API: <https://chromestatus.com/feature/5252960583942144>
This launch refines the ScreenDetailed.label
implementation by replacing the current placeholder values (e.g. ‘External Display 1’) with data sourced from display device EDIDs (e.g. ‘HP Z27n’) and higher-level OS APIs (e.g. localized descriptions such as ‘Built-in Retina Display’). These more accurate labels match those shown by OSes in display settings UI surfaces. The labels are only exposed to sites which have been granted the window-management permission by the user.
This revised implementation aligns with the current attribute specification <https://w3c.github.io/window-management/#screen-label>
and definitions used for the M93-M96 Origin Trial and the M100 API launch. There is no structural change to the API, only a change in the string content returned by the ScreenDetailed.label
attribute.
When a worklet module is fetched, e.g. via CSS.paintWorklet.addModule(), the fetched resource is now available in resource timing and in PerformanceObservers.
window.performance.getEntries() or window.performance.getEntriesByType(“resource”) would also show worklet resources, which were not present there before despite being loaded.
Allow returning a directory with both read and write permissions in a single prompt for the File System Access API.
Currently showDirectoryPicker() always returns a read-only directory (after showing a read access prompt), requiring a second prompt to get write access. This double-prompt is a poor user experience and contributes to confusion and permission fatigue among users.
Adds an optional “mode” option to DirectoryPickerOptions which can be specified as either “read” or “readwrite”.
import.meta.resolve(specifier) returns the URL to which the given specifier would resolve in the context of the current script. That is, it returns the URL that would be imported if you did import(specifier).
intercept() works very similarly to the existing navigateEvent.transitionWhile() method, except that instead of taking a mandatory Promise, it takes an optional handler function.
We will send a separate Intent to Deprecate and Remove for navigateEvent.transitionWhile().
scroll() works very similarly to the existing restoreScroll() except that it can be called when the navigation is not a traversal. It also allows manually performing the scroll even when not in manual scroll mode.
The CSS keyword ‘default’ is not allowed within CSS custom identifiers, which are used for many types of user-defined names in CSS (for example, names created by @keyframes rules, counters, @container names, custom layout or paint names). This adds ‘default’ to the list of names that are reserved from being used in custom identifiers, which already reserve ‘inherit’, ‘initial’, ‘unset’, ‘revert’, and ‘revert-layer’.
Gesture Scroll DOM events, namely “gesturescrollstart”, “gesturescrollupdate” and “gesturescrollend” are non-standard APIs, which were added to Blink for use in plugins, but it appears they were also exposed to the web unintentionally. Plugins are no longer web-exposed since the deprecation of Google Native Client (NaCl).
WebKit Bug: https://bugs.webkit.org/show_bug.cgi?id=92281
Changelog: https://bugs.webkit.org/attachment.cgi?id=155046&action=prettypatch
Fetch upload streaming lets web developers make a fetch with a ReadableStream body. Fetch provides a generic definition of Request and Response objects (and other things involved with network requests).
Support for expressing CSS lengths relative to the used advance measure of the CJK water ideograph.
We plan to deprecate support of the window.PERSISTENT quota type in requestFileSystem().
Changes the request mode and credentials mode of prefetch requests used in Subresource prefetching+loading via Signed HTTP Exchange (https://chromestatus.com/feature/5126805474246656).
Currently SignedExchange subresource prefetches (triggered by Link: rel=“alternate”) are requested with “no-cors” mode. After this change, SignedExchange subresource prefetches will be requested with “cors” mode and “same-origin” credentials mode.
This means, subresource SignedExchanges prefetched from cross-origin must have an appropriate Access-Control-Allow-Origin response header.
Intl.NumberFormat v3 API is a new TC39 ECMA402 stage 3 proposal extend the pre-existing Intl.NumberFormat, with the following new features:
Add 3 new functions to format range of number:
formatRange / formatRangeToParts / selectRange
Grouping Enum
New Rounding/Precision Options
Rounding Priority
Interpret Strings as Decimals
Rounding Modes
Sign Display Negative
https://github.com/tc39/proposal-intl-numberformat-v3
SerialPort BYOB reader support
Updates the underlying data source for the ReadableStream provided by a SerialPort to be a readable byte stream. This change is backwards-compatible with existing code that calls port.readable.getReader() with no parameters. Developers can detect support for BYOB readers by calling getReader({ mode: ‘byob’ }) as older implementations will throw a TypeError when the new parameter is passed.
BYOB (or, “bring your own buffer”) readers allow the developer to specify the buffer into which data is read instead of the stream allocating a new buffer for each chunk. In addition to potentially reducing memory pressure this allows the developer to control how much data is received as the stream cannot return more than there is space for in the provided buffer. The ability to read a particular amount of data from a port makes this API more familiar to developers used to programming against the Windows and POSIX APIs for serial devices, which operate on this same “bring your own buffer” principle.
This change supports unprefixed hyphenate-character, not only -webkit-hyphenate-character.
According to the csswg discussion, https://github.com/w3c/csswg-drafts/issues/6887, hyphenate-character css property is stable enough to ship.
This feature tracks adding a single event named “dequeue” to the audio and video encoder and decoder interfaces (e.g. AudioDecoder.ondequeue).
Authors may initially queue up encoding or decoding work by calling encode() or decode() respectively. The new “dequeue” event is fired to indicate when the underlying codec has ingested some/all of the queued work. The decrease in the queue size is already reflected by a lower value of encoder.encodeQueueSize and decoder.decodeQueueSize attributes. The new event eliminates the need for authors to setTimeout() poll to determine when the queue has decreased (i.e. when they should queue up more work).
See mentions of “dequeue” in the WebCodecs specification
https://w3c.github.io/webcodecs/#audiodecoder-event-summary
Adds the ‘preserve-parent-color’ value to the ‘forced-color-adjust’ CSS property.
When Forced Colors Mode is enabled, the ‘color’ property is inherited, and we’ve set ‘forced-color-adjust: preserve-parent-color’, the ‘color’ property will compute to the used value of its parent. Otherwise, ‘forced-color-adjust: preserve-parent-color’ value behaves the same as ‘forced-color-adjust: none’.
To align with the latest specification in RFC 6265bis, Chromium will reject cookies with a “Domain” attribute that contains a non-ASCII character (e.g. Domain=éxample.com).
Run all timers (with a few exceptions) with a non-zero delay on a regular 8ms aligned wake up (125 Hz), instead of as soon as their delay has passed.
This affect DOM timers; On foreground pages, run DOM timers with a non-zero delay on a regular 8ms aligned wake up, instead of as soon as their delay has passed.
On background pages, DOM timers already run on a regular 1s aligned wake up (1 Hz), or even less frequently after 5 minutes.
As previously detailed in https://blog.chromium.org/2021/09/user-agent-reduction-origin-trial-and-dates.html, we intend to proceed with Phase 5 of the User-Agent Reduction plan.
The <platform>
and <oscpu>
tokens (i.e., parts of the User-Agent string) are reduced to the relevant <unifiedPlatform>
token values, and will no longer be updated.
Additionally, the values for navigator.platform are frozen on desktop platforms (see https://www.chromium.org/updates/ua-reduction/#reduced-navigatorplatform-values-for-all-versions).
This is phase 5 of the User-Agent reduction plan as described in https://blog.chromium.org/2021/09/user-agent-reduction-origin-trial-and-dates.html.
For use cases requiring high-entropy OS version, CPU architecture, bitness or Wow64-ness, developers are encouraged to request that via the User Agent Client Hints API, in particular the Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64, Sec-CH-UA-Arch, and Sec-CH-UA-Bitness client hints.
In CSS Grid, the grid-template-columns and grid-template-rows properties allow developers to define line names and track sizing of grid columns and rows, respectively. Supporting interpolation for these properties will allow grid layouts to smoothly transition between states, instead of snapping at the halfway point of an animation or transition.
Web developers can use this functionality to achieve specific interactive effects.
Hint allowing Web applications to instruct the browser whether, upon calling getDisplayMedia(), the current tab should be excluded from the list of tabs offered to the user.
Adds an option to programmatically control whether Chrome shows a button for switching tabs while screen-shared. This option will be passed to navigator.mediaDevices.getDisplayMedia().
Enables support for decoding HEVC video on platforms where hardware (e.g., GPU, media accelerator, etc) for decoding HEVC is available (Android 5.0+, macOS 11+, with supported hardware on Windows 8+ and ChromeOS).
When getDisplayMedia() is called, the browser offers the user a choice of display surfaces: tabs, windows, or monitors. Using the displaySurface constraint, the Web application may now hint to the browser if it prefers that a certain surface type be more prominently offered to the user.
Adds a field to PerfomanceResourceTiming to indicate the render blocking status of a resource. Currently from a developer perspective, the only way to determine which resources were actually render blocking is to rely on complex heurestics. The new field would instead provide a direct signal regarding the same.
Many client-side JavaScript frameworks currently use case insensitive URL matching. URLPattern, however, follows URL semantics and treats many parts of the URL as case sensitive.
This feature adds an ignoreCase
option to the URLPattern that switches all matching operations to case insensitive for that given pattern.
Allows applications authored against the WebXR Device API to access pose-synchronized camera image textures from within WebXR sessions.
This feature adds the “rel” attribute to form elements, which makes it possible to prevent window.opener from being present on websites navigated to by form elements which have rel=noopener and prevents the referer header from being sent with rel=noreferrer.
Expect-CT is an HTTP header that allowed websites to opt in to Certificate Transparency enforcement before it was enforced by default. It also has reporting functionality to help developers discover CT misconfigurations.
A new mode for WebAuthn that displays a credential selection UI only if the user has a discoverable credential registered with the Relying Party on their authenticator. The credential is displayed alongside autofilled passwords. This solves the bootstrapping problem when replacing traditional username and password with WebAuthn: websites can fire a WebAuthn call while showing a regular password prompt without worrying about showing a modal dialog error if the device lacks appropriate credentials.
<meta>
opt-outThe Android On-Screen Keyboard resizes the visual viewport by default rather than the initial containing block. Authors can opt out of this using the new “interactive-widget” meta-viewport key.
This change allows developers to use the existing overflow
property with replaced elements that paint outside the content-box. Paired with object-view-box
this can be used to create an image with a custom glow or shadow applied, with proper ink-overflow behavior like a CSS shadow would have.
Support for sv* units, lv* units, dv* units and the logical vi/vb units.
These two APIs originally were used to modify/control the “status bar” text at the bottom of browser windows. However, they have never had any actual effect on Chrome’s status bar, and they are not standardized attributes. Gecko has not supported these attributes since version 23; WebKit still supports these attributes.
The related window.status attribute is standardized, but also must never have an impact on the window status bar (https://html.spec.whatwg.org/multipage/window-object.html#dom-window-status). The window.status attribute is not being modified with this launch.
This feature allows developers to align items within either flex or grid layout by their last baseline, instead of their first.
This is done via the following properties:
align-items: last baseline; /* flex/grid container /
justify-items: last baseline; / grid container /
align-self: last baseline; / flex/grid item /
justify-self: last baseline; / grid item */
Support printing with LayoutNG, so that we no longer have to print using the legacy engine. Apart from getting the modern and more bugfree LayoutNG experience, this also adds support for the ‘avoid’ value to the break-before / break-after properties, since that’s part of the core LayoutNG block fragmentation implementation that has already shipped (everywhere but printing).
This means that we finally use LayoutNG everywhere, and we can soon start removing the legacy engine.
Enable Media Source Extensions (MSE) API usage from DedicatedWorker contexts to enable improved performance of buffering media for playback by an HTMLMediaElement on the main Window context. By creating a MediaSource object on a DedicatedWorker context, an application may then obtain a MediaSourceHandle from it and transfer that handle to the main thread for use in attaching to an HTMLMediaElement. The context that created the MediaSource object may then use it to buffer media.
User Preference Media Features Client Hints Header defines a set of HTTP Client Hints headers around user preference media features as defined by Media Queries Level 5. If used as Critical Client Hints, these headers allow servers to make smart choices regarding, e.g., CSS inlining.
Sec-CH-Prefers-Reduced-Motion reflects the user’s prefers-reduced-motion preference.
Updates asynchronous methods (flush(), getSize(), truncate()) in SyncAccessHandle in File System Access API to synchronous methods. SyncAccessHandle currently has a mix of sync and async methods, hindering the performance and the usability, especially for applications porting c/c++ to Wasm. This update will bring consistency in the API usage and improve the performance for Wasm-based libraries.
COLRv1 color vector fonts have been released in Chrome 98 https://developer.chrome.com/blog/colrv1-fonts/ but this initial release supported only static functionality of the COLRv1 table. The COLRv1 specification defines integration with OpenType Variations which allows modifying font properties of gradients and transforms by means of changing variable axis parameters. This second step brings support for such variations to COLRv1.
This feature will add support for wildcard in permissions policy structured like SCHEME://.HOST:PORT (e.g., https://.foo.com/) where a valid Origin could be constructed from SCHEME://HOST:PORT (e.g., https://foo.com/). This requires that HOST is at least eTLD+1 (a registrable domain). This means that https://.bar.foo.com/ works but https://.com/ won’t (if you want to allow all domains to use the feature, you should just delegate to ). Wildcards in the scheme and port section will be unsupported and https://.foo.com/ does not delegate to https://foo.com/.
Before, a permissions policy might need to look like:
permissions-policy: ch-ua-platform-version=(self “https://foo.com” “https://cdn1.foo.com” “https://cdn2.foo.com”)
With this feature, it could look like:
permissions-policy: ch-ua-platform-version=(self “https://foo.com” “https://*.foo.com”)
Note that https://*.foo.com does not match https://foo.com.
The font-tech() and font-format() are extensions to the @supports rule CSS Conditional Syntax enable declarative and programmatic access to feature detection of font stack features.
Using these conditions together with @supports allow progressive enhancement of content depending on font format support. In particular with UAs differing in support for color font formats, this is useful for including color font style rule and @font-face definitions only if the user agent supports it.
Using JS CSS.supports() calls this is also the first ergonomic way of testing for font stack capabilities on the web without UA sniffing or canvas pixel readback as in Chromacheck (https://pixelambacht.nl/chromacheck/).
This feature is closely related to the @font-face src: descriptor syntax extension which was recently discussed and LGTM’ed here: https://groups.google.com/a/chromium.org/g/blink-dev/c/_9k-Ne8FRu4 - the same font format and technology keywords are used and synchronized between these two features.
CSS Fonts Level 4 provides additional means of selecting or filtering font resources. The tech() function was introduced, which allows passing in a list of font technologies that this respective font blob requires to function. Based on that, the UA will select the first suitable resource.
Feature has no observable effects in primary use cases, but may constrain implementations in suboptimal ways. See https://github.com/w3c/webcodecs/issues/508 for a more detailed description.
Per consensus of WebCodecs spec editors and lack of usage (0.000000339% - 0.00000687% of page loads per use counter in M106), we propose deprecating and removing this feature starting M108.
restoreScroll() is being replaced by navigateEvent.scroll(). scroll() works identically except that it allows the developer to control scroll timing for non-traverse navigations (i.e., scroll() works when the scroll is not a restore, hence the name change along with the behavior change).
transitionWhile() is being replaced by navigateEvent.intercept() due to design flaws reported by developers.
intercept() behaves nearly identically to transitionWhile(), but instead of taking a mandatory Promise parameter, it takes an optional handler function that returns a Promise. This allows the browser to control when handler executes, which is later and more intuitive than what transitionWhile() required. Also, the “default” intercept() case with no handler is much shorter and simpler to write than the “default” transitionWhile() boilerplate.
“googIPv6: false” can be used (example: new RTCPeerConnection({}, {mandatory:{googIPv6:false}})
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。