chromium Features 58-84
From https://chromestatus.com/features
chromium58 Features:41
- ‘allow-top-navigation-by-user-activation’
<iframe sandbox>
keyword
Adds a new keyword named “allow-top-navigation-by-user-activation” for iframe sandbox, which requires a user activation (or gesture) being processed to trigger a top-level navigation. This change would enable more use cases of sandboxing untrusted third-party contents (eg., ads) by allowing top navigation while blocking malicious auto-redirecting, and thus help building a safer internet (eg., a safer ads ecosystem in which all ads could be sandboxed to prevent malicious auto-redirecting).
-
<abbr>
and<acronym>
have underline by default
<abbr>
and <acronym>
should have dotted underline by default according to the HTML standard.
- Allowing autoplay unmuted in WebAPK manifest scope
In WebAPK mode, frames that are within the WebAPK manifest scope will be allowed to autoplay media unmuted.
- ClipboardEvent Constructor
This entry tracks exposing ClipboardEvent constructor.
- Create Workers from
data:
URLs
HTML specifies that data:
URLs can be used to create workers with opaque origins. We should support this as a first step towards defining a sandboxing mechanism for Workers (and parity with other browsers).
- EME: Make navigator.requestMediaKeySystemAccess() spec compliant
Require that one of ‘audioCapabilities’ and ‘videoCapabilities’ be specified in the configuration passed to navigator.requestMediaKeySystemAccess(), and require that the contentType strings used as part of the entries to ‘audioCapabilities’ and ‘videoCapabilities’ include the desired codec as part of the MIME type. This item covers two bugs though only one is listed under the status section: https://crbug.com/605661, https://crbug.com/616233
- INPUT element: selectionDirection, selectionStart, and selectionEnd attribute getters should not throw
For input types which don’t support text selection API, we have thrown InvalidStateError. The specification was changed so that null is returned in such case.
- IndexedDB 2.0
IndexedDB 2.0 introduces a few APIs that optimize some database access patterns and improve programming ergonomics. Chrome will support the full standard by shipping the following features:
support for binary keys, object store and index renaming, getKey() on IDBObjectStore, getPrimaryKey() on IDBIndex.
- Intervention: Offline Previews
When users are on slow connections, Chrome will show an offline copy of a page if there is an offline version of the page available on the user’s device. Users will be shown a lite mode UI in the omnibox.
If Chrome determines the network has 2G speeds and there’s an offline page stored, Chrome shows the offline page. Chrome’s offline pages are based on MHTML snapshots. An intervention report is sent when this optimization occurs.
- Long Task API
A performance API to enable applications to detect presence of “long tasks” that monopolize the UI thread for extended periods of time and block other critical tasks from being executed - e.g. reacting to user input.
- Mouse on Android stops firing TouchEvents
A mouse on an Android M (or later) device:
(a) will no longer fire TouchEvents, and
(b) will fire a consistent sequence of MouseEvents with appropriate buttons & other properties.
Before this change, a low-level mouse events in Android reached blink as a touch event, hence fired a touch event then a compat mouse event if the touch event went uncanceled.
- Native media controls customization
We propose extending the “controls” attribute of the HTMLMediaElement so that the website could enable/disable certain media controls without having to implement all the controls on its own. A “controlsList” property will be added reflecting the current value of “controls” similar to the “class” and “classList” on HTMLElement.
- Pause autoplaying muted video by attribute when invisible (Android)
As a muted video with autoplay attribute only starts playing when it’s becoming visible, it’s reasonable to pause them when invisible to reduce power usage.
- PointerEvent.getCoalescedEvents
An API to return all the coalesced events of the received events in javascript. This API enables apps like drawing app to draw smoother curves using the precise history of points.
- RTCPeerConnection.getStats
This is a spec-compliant version of RTCPeerConnection.getStats returning a promise resolved with RTCStatsReport, a maplike containing RTCStats dictionaries.
Stats are being implemented according to the spec in a continuous effort for coverage to become good enough that the old getStats method can be deprecated.
The old getStats (taking a callback as argument) is very different from the spec and riddled with goog-prefixed things.
- RTCPeerConnection.setConfiguration
Implement setConfiguration according to WebRTC 1.0 and JSEP. This API allows an application to change the set of ICE servers, ICE candidate policy, and ICE candidate pool size without creating a new RTCPeerConnection.
- Selection API: addRange() ignores additional Ranges
In a case where document already has text selection and Selection.addRange() is called, Blink merges the Range and the existing text selection into one if they have overlap, and does nothing otherwise.
We’ll change it so that Blink always ignore the Range. It matches to Edge.
- Selection API: getRangeAt() returns a Range registered by addRange()
Blink had a bug that getRangeAt() always returns a new Range with position normalization. It didn’t match to Edge, Firefox, and Selection API specification.
- Selection API: removeRange() function
Selection interface should support removeRange() function to remove the specified Range.
- Selection API: setBaseAndExtent() throws IndexSizeError for too large offsets
setBaseAndExtent() silently clamped too large offset values. IndexSizeError should be thrown for such values to match to Firefox, Edge, and the specification.
- Selection API: setBaseAndExtent(), extend(), and collapse() throw InvalidNodeTypeError for DOCTYPE
These function silently normalized the specified position with DOCTYPE. However, they should throw InvalidNodeTypeError to match to Edge, Firefox, and the specification.
- Ship PointerEvent.tangentialPressure and PointerEvent.twist
Adding support of tangentialPressure and twist attributes in the pointer events API on Mac. They are supported by some stylus devices and are already used in numerous painting apps.
- Strict Secure Cookies
This adds restrictions on cookies marked with the ‘Secure’ attribute. Currently, Secure cookies cannot be accessed by insecure (e.g. HTTP) origins. However, insecure origins can still add Secure cookies, delete them, or indirectly evict them. This feature modifies the cookie jar so that insecure origins cannot in any way touch Secure cookies. This does leave a carve out for cookie eviction, which still may cause the deletion of Secure cookies, but only after all non-Secure cookies are evicted.
- Trailing comma in JavaScript function parameter lists
A small modification to JavaScript syntax allows trailing comma in formal parameter lists and in argument lists. For example, all the following become valid:
function f(a, b,) { return a + b }
let g = (a, b,) => a + b
f(1, 2,) + g(3, 4,)
This is expected to be available by default in Chrome 58.
- Unprefix CSS ‘line-break’ property
The CSS ‘line-break’ property specifies the strictness of line-breaking rules. The exact definition of the strictness depends on languages.
Our implementation relies on ICU (see doc link) which supports East Asian writing systems and Finnish.
- WebAudio: Add buffering/latency hint via latencyHint
Currently, WebAudio will use the lowest latency possible for the audio device for the best interactive behavior. However, for some use-cases such as media playback, this causes unnecessary power and/or CPU utilization.
The latencyHint is a hint from the developer that such a latency is not required. The latencyHint is either an AudioContextLatencyCategory value or a double specifying the desired numeric latency. This is a hint to Chrome.
- WebAudio: AudioBuffer constructor only takes one argument
Currently the AudioBuffer constructor takes two arguments: the context, and the AudioBufferOptions. The context argument is removed so that only AudioBufferOptions is required. In addition the sampleRate member of AudioBufferOptions is now required.
- XSS Auditor violation report MIME type.
The XSS Auditor’s violation reports are now sent with a MIME type of application/xss-auditor-report
(as opposed to application/json
).
- color-gamut media query
Expose the approximate range of colors supported by the user agent and the output device in a CSS Media Query.
- display: flow-root
display: flow-root generates a block container box, and lays out its contents using flow layout. It always establishes a new block formatting context for its contents.
- CSS class name: Apple-interchange-newline, Apple-converted-space, Apple-paste-as-quotation, Apple-style-span, and Apple-tab-span
These non-standard CSS classes are used to differentiate the span elements added by Blink itself in editing.
- Remove “reset” and “document” as valid zoom values
There are two special values for the CSS zoom property that are inconsistently documented: “reset” and “document”.
They set the element’s zoom to 1.0 regardless of parent element zoom status and prevent page zoom from affecting the element’s size.
We’re removing them.
- Deprecate and Remove case-insensitive matching for usemap attribute
“Compatibility caseless” had been applied to usemap attribute matching. The specification was updated so that case-sensitive matching is applied. https://github.com/whatwg/html/commit/6acdb2122298d2bb7bb839c0a61b4e1f9b0f9bc9 A deprecation warning is printed to the console starting in Chrome 57.
- Deprecate and Remove: setting Event.cancelBubble to false
According to https://github.com/whatwg/dom/issues/211, setting cancelBubble to true is considered as an alias to stopPropagation(), and the spec indicates setting cancelBubble to false should do nothing.
- Legacy caller for HTMLEmbedElement and HTMLObjectElement
That an interface has a legacy caller means that an instance can be called as a function. This used to be the case for HTMLEmbedElement and HTMLObjectElement but is being removed. Calling will instead throw an exception. This was deprecated in Chrome 57.
- Remove EME from Unsecure Contexts
Per https://w3c.github.io/webappsec-secure-contexts/, we are deprecating and then removing EME from insecure contexts. EME is a powerful feature that exposes DRM implementations that involve access to persistent unique identifiers, are not open source, and/or run unsandboxed or with privileged access. The risks are increased when exposed via insecure HTTP, because they could be attacked by anyone on the channel. This was deprecated in Chrome 44.
- Remove pre-standard ChaCha20-Poly1305 ciphers
In 2013, Chrome 31 deployed new TLS cipher suites based on Prof. Dan Bernstein’s ChaCha20 and Poly1305 algorithms. This was later standardized, with small tweaks, at the IETF as RFC 7539 and RFC 7905. We shipped the standardized variant early in 2016 with Chrome 49. We are now removing the pre-standard variants.
- Support for commonName matching in Certificates
RFC 2818 describes two methods to match a domain name against a certificate - using the available names within the subjectAlternativeName extension, or, in the absence of a SAN extension, falling back to the commonName.
The fallback to the commonName was deprecated in RFC 2818 (published in 2000), but support still remains in a number of TLS clients, often incorrectly.
- VTTRegion-related bits of TextTrack
The interface elements regions, addRegion() and removeRegion() have been removed from the WebVTT spec and will be removed from Chrome. The VTTCue.region property was added and the VTTRegion interface was updated to match a late version of the specification.
- WebAudio: Remove AudioSourceNode interface
Remove the AudioSourceNode interface. This interface is not part of the WebAudio specification, is not constructible, and has no attributes so it basically has no user-accessible functionality.
- webkitdropzone global attribute
The dropzone global attribute was introduced by the HTML5 drag and drop specification as a declarative method for specifying an HTML element’s willingness to be the target of a drag-and-drop operation, the content types that can be dropped onto the element, and the drag-and-drop operation (copy/move/link).
No browser has implemented the unprefixed version. Blink and WebKit implement a prefixed form of the attribute, webkitdropzone. We would like to remove the prefixed attribute.
chromium59 Features:33
- Animated PNG
Support for animated PNG images
- CSP hash expressions can match external scripts.
CSP3 allows hash expressions to match external scripts, by relying on SRI as underlying infrastructure. That is, given Content-Security-Policy: script-src 'sha256-abc123' 'sha512-321cba'
, <script integrity="sha256-abc123" ...></script>
will be allowed.
- CSP3: The ‘worker-src’ directive
The ‘worker-src’ directive restricts the URLs which may be loaded as a Worker, SharedWorker, or ServiceWorker. It falls back to ‘child-src’ (which, in turn, falls back to ‘default-src’).
04 .CSP: report-sample
property in violation reports
The report-sample
property attempts to reach consensus on an opt-in variant Firefox’s behavior. In short, we’ll collect a 40-character sample for inline script and style violations, and include it in the violation report (and associated SecurityPolicyViolationEvent object) iff a ‘report-sample’ expression is present in the violated directive.
- CSS Box Alignment shorthands
Shorthand properties to control the alignment behavior along block and inline axes in a single declaration.
- DIALOG element has display:block style by default
The default display style of a DIALOG element is changed from inline to block.
- DeviceOrientationEvent and DeviceMotionEvent constructors
The DeviceOrientationEvent and DeviceMotionEvent constructors are defined by the DeviceOrientation Event Specification but were not were not implemented in Chrome. Firefox has already shipped these constructors as specified.
- Fetch API: Request#url includes the URL fragment
Request#url now includes the URL fragment, as per the spec. Before Chrome 59, the fragment was stripped out.
This means service workers can see the URL fragment in the ‘fetch’ event handler.
- Headless mode
Headless mode allows running Chromium in a headless/server environment. Expected use cases include loading web pages, extracting metadata (e.g., the DOM) and generating bitmaps from page contents – using all the modern web platform features provided by Chromium and Blink.
To use headless, start Chrome with a command line flag:
$ chrome --headless --remote-debugging-port=9222 https://chromium.org
- MediaError.message
The MediaError.message DOMString field provides, if available, any additional vendor-specific error message detail to assist web authors debugging media player errors. The format and content of the string is left to vendors, though it’s commonly in the form of a vendor-specific error code followed optionally by a “:” and further detail about the error. It is populated at the time of MediaError creation.
- MediaStream Image Capture
Enable taking pictures from an Image/Video Capture Device.
- Navigation preload for service workers
An API that enables the browser to send “preload” network requests for navigations before executing the fetch event handler in the service worker that intercepts the target URL. The worker has access to the preload response inside the fetch event handler. Common use cases would be to respond with the preload response directly, or use it to populate the response.
- Partial RTCRtpReceiver and RTCRtpContributingSource support
The parts of the RTC Media API (https://w3c.github.io/webrtc-pc/#rtp-media-api) that allow keeping track of contributing sources for receiving tracks. RTCPeerConnection extension: getReceivers(). RTCRtpSender support: track, getContributingSources(). RTCRtpContributingSource support: timestamp, source.
Feature for the rest of the API:
https://www.chromestatus.com/feature/5347809238712320
- Presentation API: Receiver API
This is implementing the receiving side of the API in order to allow a web page to be presented and interact with the presenting web page. This is also called 1-UA mode because that mode would allow the browser to render both presenting and receiving pages locally.
- RTCConfiguration.iceCandidatePoolSize
Normally, ICE candidates are only gathered after RTCPeerConnection.setLocalDescription is called, because this is the point at which the PeerConnection knows how many ports it needs. The iceCandidatePoolSize member of RTCConfiguration instructs the PeerConnection to gather ICE candidates before this occurs, as a performance optimization. Thus, if setting the local description is delayed (by signaling, for example), interactions with STUN/TURN servers can occur in parallel.
- RTCPeerConnection.onicegatheringstatechange
This feature adds the icegatheringstatechange event and the onicegatheringstatechange event handler to RTCPeerConnection.
- Referrer Policy Header for CSS
Add the ability for CSS stylesheets to specify their own referrer policy via the HTTP header.
- Response.redirected and a new security restriction
- Add .redirected attribute to Response class of Fetch API. Web developers can check it to avoid untrustworthy responses.
- To avoid the risk of open redirectors (https://cwe.mitre.org/data/definitions/601.html) introduce a new security restriction which disallows service workers to respond to requests with a redirect mode different from “follow”.
- Screen.colorDepth and Screen.pixelDepth can return other value than 24
The Screen object is no longer required to return 24 for colorDepth and pixelDepth. It enables websites to have a better idea of the number of bits being used to display a color on the screen.
- Streams API: Piping
ReadableStream’s pipeTo() is the standard way to compose readable and writable streams. It reads data from the ReadableStream and writes it to a WritableStream while respecting backpressure.
pipeThrough() is a simple wrapper around pipeTo() that provides elegant syntax for chaining multiple streams.
- Streams API: WritableStream
WritableStream is part of the Streams API for creating, composing, and consuming streams of data. It is the writable counterpart to ReadableStream, which is already shipping in Chrome. It provides a standard abstraction for writing streaming data to a sink, with built-in backpressure and queuing. This is expected to be on by default in Chrome 59.
- WebAudio: decodeAudioData detaches ArrayBuffer
According to the spec, decodeAudioData detaches the given ArrayBuffer before decoding. This means that the ArrayBuffer no longer has any contents and can’t be reused or examined.
If it’s important to keep the data, user ArrayBuffer.slice(0) to make a copy for decodeAudioData.
- rAF Aligned Touch Input
Align touchmove events so that they occur close to requestAnimationFrame() as possible.
- self.origin
self.origin returns the Unicode serialization of the origin of the settings object of the global represented by “self” (a Window or WorkerGlobalScope). This gives scripts a consistent way of getting their origin in both situations. Note that unlike location.origin this represents the actual origin of the global, not the origin of the URL it’s loaded from. The difference can be substantial in the case of sandboxing, for example.
- Deprecate and Disable SDCH
SDCH is a shared dictionary compression mechanism developed by Google but not standardized. It’s use in chrome is being discontinued.
Intent to deprecate thread: https://groups.google.com/a/chromium.org/forum/#!searchin/blink-dev/SDCH%7Csort:relevance/blink-dev/nQl0ORHy7sw/HNpR96sqAgAJ
- Deprecate SVGTests.requiredFeatures attribute
In SVG2, hasFeature always return true.
So requiredFeatures attribute not doing anything useful.
It has been removed from the spec:
https://github.com/w3c/svgwg/commit/9a30d01f6410dc516c5f874d71e957230a3448cd
This was deprecated in Chrome 54/Opera 41.
- Deprecate and remove -internal-media-controls-cast-button
-internal-media-controls-cast-button selector exposes Blink internal shadow DOM to the web content. Authors that want to have a custom cast button should use custom controls and implement a cast button with the Remote Playback API.
- Deprecate and remove -internal-media-controls-text-track-list*
-internal-media-controls-text-track-list* selectors expose Blink internal shadow DOM to the web content. Authors that want to have a custom text track picking interface should use custom controls.
- Drop support for embedded credentials in subresource requests.
We should block requests for subresources that contain embedded credentials (e.g. “http://ima_user:hunter2@example.com/yay.tiff”). Such resources would be handled as network errors.
- Drop support for subresources with legacy protocols.
We should block requests from HTTP/HTTPS documents that target “legacy” schemes (e.g. “ftp://my-awesome-ftp-server.com/yay.tiff”). That is, the ftp://
image referenced in https://jsbin.com/petonig/edit?html,output would not load, as the document itself is not served from ftp://
.
- Remove “on-demand” value for hover/any-hover media queries.
Remove the support for “hover: on-demand” and “any-hover: on-demand” media queries. The “on-demand” value used to satisfy for the pointing devices that, for example, “can’t normally hover, but will activate hover on a long press”.
The “on-demand” value for hover/any-hover media queries has been removed from the spec in early 2016.
- Remove FileReaderSync from service workers
The Service Worker spec has always had the (non-normative) note that “any type of synchronous requests must not be initiated inside of a service worker”, to avoid blocking the service worker (as blocking the service worker would block all network requests from controlled pages). However synchronous APIs such as FileReaderSync were still available in service workers. So we’d like to fix that by removing this API from service workers. This was deprecated in Chrome 57.
- Temporarily stop permission requests after 3 dismissals
Temporarily stop an origin from requesting a permission following the third dismissal of a permission prompt. The stop will be lifted after some amount of time has passed (initially 1 week), after which the origin may request the permission again. A further dismissal will apply the temporary stop again.
For web developers who are testing features, the block can also be removed by changing the permission’s setting in the lock icon’s page info dialog, or by clearing your browsing data.
chromium60 Features:43
- CSS line-height-step property
The CSS line-height-step property provides an ability to round the heights of line boxes to the multiple of the specified length. This property allows authors to control vertical rhythm.
- createElementNS() : Throw InvalidCharacterError instead of NamespaceError on validating a qualified name
createElementNS() should now throw only InvalidCharacterError, not NamespaceError.
Validating a qualified name should only throw InvalidCharacterError, not NamespaceError,
after:
https://github.com/whatwg/dom/issues/319
https://github.com/w3c/web-platform-tests/issues/5161
https://github.com/whatwg/dom/issues/423
Latest spec:
https://dom.spec.whatwg.org/#validate
- rAF Aligned Mouse Events
Align continuous mouse events (mousemove, mousewheel) so that they occur close to requestAnimationFrame() as possible.
Historical events can be accessed via getCoalescedEvents (see https://w3c.github.io/pointerevents/extension.html#extensions-to-the-pointerevent-interface)
- Android Payment Apps
Web payments is a W3C standard API for e-commerce websites to collect payment information from users with user consent. This feature lets users pay using native Android payment apps.
- CSS font-display
Adds the @font-face descriptor and a corresponding property for controlling how a downloadable font renders before it is fully loaded.
- CSS font-stretch
Add support the the CSS font-stretch property.
- CSS4 :focus-within pseudo-class
The :focus-within pseudo-class applies to elements for which the :focus pseudo class applies.
An element also matches :focus-within if one of its descendants in the flat tree (including non-element nodes, such as text nodes) matches the conditions for matching :focus.
- Client.type
The type read-only property of the Client interface indicates the type of client the service worker is controlling.
- Constructor for DataTransfer
The new asynchronous clipboard API makes use of DataTransfer objects and has a need to be able to construct new ones. For example (with new clipboard api):
var data = new DataTransfer();
data.items.add(“(°o°)/”, “text/plain”);
navigator.clipboard.write(data).then(function() {
console.log(“Copied to clipboard successfully! ᕕ( ᐛ )ᕗ”);
}, function() {
console.error(“Unable to write to clipboard. (╯ಠ_ಠ)╯︵ ┻━┻”);
});
- Credential Management API - CredentialsContainer.create
This feature introduces the CredentialsContainer.create method to the Credential Management API. This method allows for asynchronous creation of Credential objects.
- Document constructor
Support new Document() to create a Document instance.
- Don’t load tiny cross-origin plugin content
Remove tiny content exception for “Detect and run important plugin content” setting. This means that cross-origin plugin content that is 5x5 or smaller will not load under the default setting.
- Drop SiteBoundCredential concept in favor of a CredentialUserData mixin in CM API
This change drops the SiteBoundCredential interface in
favor of a CredentialUserData mixin. This change was introduced in the
Credential Manager API specification with commit
a43865bd8aa9842dbc8d8e688d5668c087677eac
(https://github.com/w3c/webappsec-credential-management/commit/a43865bd8aa9842dbc8d8e688d5668c087677eac).
- Expose passwords to JavaScript in Credential Management API
This change exposes passwords to JavaScript in the Credential Management API by providing the corresponding attribute on PasswordCredential. Furthermore it deprecates the previously existing PasswordCredential attributes and the custom fetch()
credential
infrastructure.
- Feature Policy
Allow site authors to selectively enable and disable use of various browser features and APIs.
- Fetch API: Request/Response.formData
Allows multipart/form-data and application/x-www-form-urlencoded fetch requests and responses to be consumed and parsed into FormData objects.
- First Paint Timing API
API to enable developers to measure time for First Paint (FP) & First Contentful Paint (FCP) – the first key moments in loading that they care about. These moments are added as ‘paint’ entries in the Performance Timing API.
- InputEvent
InputEvent allows user input to be managed by script and help interactive with IME.
- New VP9 codec string and Profile 2 support
VP9 is an open and royalty-free video codec that has been supported in Chromium since 2013. This update adds a new string format for describing the encoding properties, such as the profile, level, etc. Such properties are common in video codecs but are not exposed in the current VP9 string format. In addition, this update includes using the new format to advertise support for VP9 Profile 2. The string format is accepted by media-related APIs
- Object rest/spread properties
This introduces rest properties for object destructuring assignment and spread properties for object literals.
- PaymentDetailsInitId
Add a free-form identifier for payment request. This will be set using PaymentDetailsInit and reflected through PaymentRequest and PaymentResponse and to payment apps. If no identifier is specified a unique identifier will be created.
- PaymentRequest.complete result “unknown”
Replace the PaymentRequest.complete enum value “” with the more descriptive “unknown”.
- Push API: support for ietf-webpush-encryption-08
Chrome currently supports encrypted push message payloads encrypted with the aesgcm
content encoding (draft 03). A series of substantial changes were made to the encryption drafts, yielding a new content coding: aes128gcm
(draft 08). We’ll continue to accept aesgcm
for received push messages as well.
- PushManager.supportedContentEncodings
Static property containing the supported content encodings developers can use for encrypting push messages.
- PushSubscription.expirationTime
Property indicating the time at which, if any, the subscription won’t be valid anymore. The user agent will attempt to fire a pushsubscriptionchange
event with a new subscription before this happens.
Chrome will always return NULL, until we support subscription refreshes.
- Remove navigator.vibrate without user gesture
Calls to navigator.vibrate will immediately return ‘false’ if user hasn’t tapped on the frame or any embedded frame yet. The Vibrate API is being abused by malicious sites. This extends what we do for cross-origin iframes to all frames including top-level page. See https://www.chromestatus.com/features/5682658461876224.
- Rename
requireUserMediation
topreventSilentAccess
in Credential Management API
This change renames CredentialsContainer.requireUserMediation to CredentialsContainer.preventSilentAccess in the Credential Management API.
- Replace CredentialRequestOptions.unmediated flag with CredentialRequestOptions.mediation enum in Credential Management API
This feature introduces an CredentialMediationRequirement enum argument to the CredentialRequestOptions of CredentialsContainer.get() that is intended to replace the currently existing boolean flag CredentialRequestOptions.unmediated. The enum will have three states (“silent”, “optional”, “required”) with “silent” and “optional” directly mapping to the existing boolean states, “required” is a novel option.
- Support VP9 in ISO-BMFF
VP9 is an open and royalty free video coding format.
ISO-BMFF (MP4) is an industry standard container and is broadly accepted and used in the industry.
Chrome already supports the VP9 codec (currently only in WebM container) and the ISO-BMFF container. This enables them to be used together.
- Support for collecting payer’s name for PaymentRequest.
If the requestPayerName flag was set to true in the PaymentOptions passed to the PaymentRequest constructor, then UA should collect and return the payer’s name as part of the payment request.
For example, this would be set to true to allow merchant to make a booking in the payer’s name.
This option has been behind a flag on mobile since Chrome 55. On desktop, it’s shipping in Chrome 60 with the rest of Payment Request API.
- Web payment manifests
For every payment method, there must be a corresponding JSON manifest file describing how that method participates in the web payments ecosystem.
- X-Frame-Options: SAMEORIGIN matches all ancestors.
Currently, XFO performs a same origin check only against the top-level frame in a document’s ancestor chain. As lcamtuf notes in 1, “Any site that allows a rogue ad to be displayed in an IFRAME; or that frames third-party content for other reasons (e.g., iGoogle, Image Search results, Facebook gadgets), is effectively not protected).” We should check all ancestors instead.
- getElementsByTagName accepts qualified names
getElementsByTagName() used to accept only local names. The DOM specification was updated to accept qualified names.
- window.open() throws on an invalid URL parameter
Currently, we only log a message to the console. For consistency with other APIs, the WhatWG spec now requires that window.open throws a DOMException “SyntaxError” instead.
- Remove Headers.prototype.getAll()
Headers.prototype.getAll() is removed from the Fetch API specification.
- Remove IndexedDB: webkitGetDatabaseNames
The API asynchronously returns a list of existing database names in an origin, which seemed sensible enough.
The design is flawed, in that the results may be obsolete as soon as they are returned, so it can really only be used for logging, not serious application logic. Not implemented in other browsers. https://github.com/w3c/IndexedDB/issues/31 tracks/links to previous discussion on flaws and possible alternatives.
- Remove WEBKIT_KEYFRAMES_RULE and WEBKIT_KEYFRAME_RULE
Remove non-standardize APIs from CSS Rule and Developer can use KEYFRAMES_RULE and KEYFRAME_RULE instead
- Remove document.createEvent(‘WebKitTransitionEvent’)
Remove non-standard ‘WebKitTransitionEvent’ support of document.createEvent().
- Remove: Content initiated top frame navigations to data URLs
We intend to block web pages from loading data: URLs in the top frame using <A>
tags, window.open, window.location and similar mechanisms.
Pseudo URLs such as data: are generally a source of confusion for users. Because of their unfamiliarity, these schemes are widely being used in spoofing and phishing attacks. Users browsing the web ideally should only ever end up on the two well known schemes (http and https).
Deprecated in M58
Removal in M60
- Remove: NodeFilter.prototype
Correctly implement window.NodeFilter. It should not have .prototype, and NodeIterator.filter and TreeWalker.filter should not wrap JavaScript objects.
- Remove: document.createEvent(‘WebKitAnimationEvent’)
Remove non-standard ‘WebKitAnimationEvent’ support of document.createEvent().
- Budget API
This specification describes an API that can be used to retrieve the amount of budget an origin has available for resource consuming background operations, as well as the cost associated with doing such an operation.
- Require user gesture for beforeunload dialogs
The beforeunload dialog will only be shown if the frame attempting to display it has received a user gesture or user interaction (or if any embedded frame has received such a gesture). (There will be no change to the dispatch of the beforeunload event, just a change to whether the dialog is shown.)
chromium61 Features:32
- Blocking resources whose URLs contain both
\n
and<
characters.
As discussed in https://groups.google.com/a/chromium.org/d/msg/blink-dev/KaA_YNOlTPk/VmmoV88xBgAJ, some forms of dangling markup attacks rely upon injecting an unclosed attribute that sucks up portions of a page, and exfiltrates them to an external endpoint (e.g. <img src='https://evil.com/?
eats the page until the next '
). This is possible because the URL parser helpfully discards newline characters. It would be lovely if we could make the parser less helpful.
- CSP: Embedded Enforcement
CSP’s Embedded enforcement defines a mechanism by which a web page can embed a nested browsing context if and only if it agrees to enforce a particular set of restrictions upon itself. We should prototype an implementation to see if it’s something that solves real problems in a way we can ship.
- CSP: Hardened
nonce
content attribute.
We’ve seen some recent attacks on CSP which rely on the ability to exfiltrate nonce data via various mechanisms that can grab data from content attributes. CSS selectors are the best example.
To mitigate these attacks, we’ll hide the attribute from these side-channels, and only expose the value to script.
- CSSOM View smooth scroll API
Adds an optional argument to existing scroll APIs that specifies whether scrolling should be smooth. Also adds a CSS property for this.
- Clear-Site-Data header
A ‘Clear-Site-Data’ HTTP header prompts the user agent to clear browsing data associated with the requesting website. The supported browsing data types are cookies, storage (i.e. “site data”), and cache.
This is a privacy and security enhancing feature. A sensitive website can trigger local data deletion after the user signs out. A website dealing with a persistent XSS attack can use this to ‘reset’ itself to a clean state.
- DOMTokenList replace()
Add the replace() function to DOMTokenList interface. We can use it like element.classList.replace(‘inactive’, ‘active’).
- Expect-CT header
Expect-CT is an HTTP header that allows sites to opt in to reporting and/or enforcement of Certificate Transparency requirements, which prevents the use of misissued certificates for that site from going unnoticed. When a site enables the Expect-CT header, they are requesting that Chrome check that any certificate for that site appears in public CT logs.
- Geometry interfaces
This specification describes several geometry interfaces for the representation of points, rectangles, quadrilaterals and transformation matrices with the dimension of 3x2 and 4x4.
SVGPoint, SVGRect and SVGMatrix will be aliased to new interfaces. Their old methods will be maintained and some new methods are introduced.
In the near future, CSS transform will be updated so they can work directly with the new objects. This avoid parsing on the js side.
- HTMLIFrameElement.allowpaymentrequest
Returns a Boolean indicating whether the Payment Request API may be invoked on a cross-origin iframe.
- HTTP Client Hints: Device-Memory
Client header to expose the device Memory to web applications.
- Interoperable body/documentElement scroll behavior
Update Blink to match the CSSOM View spec’s behavior around element scrolling APIs for documentElement and body, i.e.: scrollTop, scrollLeft, scrollWidth, scrollHeight and Document.scrollingElement
- Intervention: Passive Event Listener for
type == "mousewheel" && target == window && function_name == "ssc_wheel"
The smoothscroll.js code is largely broken and is preventing us from shipping scroll top interop. With the scroll top interop behavior activated sites fail to scroll at all with the wheel event. This library was corrected a few years ago but the web continues to clone the broken version and we have been blocked in shipping this long implemented fix for interop.
Smooth scroll has been enabled in Chrome for a number of releases so using custom smooth scrolling is not necessary anymore.
- JavaScript modules:
<script type=module>
JavaScript modules allow a program to be divided into multiple sequences of statements and declarations. Each module explicitly identifies declarations it uses that need to be provided by other modules and which of its declarations are available for use by other modules.
<script type=module>
allows loading of JavaScript modules inside web pages.
- MediaStream Image Capture - getPhotoSettings() method
This chrome feature tracks adding the method getPhotoSettings() 1 to the currently landed ImageCapture object [2]. It’s a trivial follow up to the MediaStream Image Capture API shipped in 59 [3].
1 https://w3c.github.io/mediacapture-image/#dom-imagecapture-getphotosettings
[2] https://cs.chromium.org/chromium/src/third_party/WebKit/Source/modules/imagecapture/ImageCapture.idl?q=imagecapture.idl&sq=package:chromium&dr
[3] https://www.chromestatus.com/features/4843864737185792
- MediaStreamTrack.getSettings()
Returns the current settings of a MediaStreamTrack, including information such as (for video) width, height or framerate.
- Network Information
The Network Information API enables web applications to access the underlying connection information of the device.
- PaymentRequest
An API that allows browsers to act as an intermediary between the three key parties in a financial transaction: the merchant (e.g. an online web store), the buyer (e.g. the user buying from the online web store), and the Payment Method (e.g. credit card). Information necessary to process and confirm a transaction is passed between the Payment Method and the merchant via the browser with the buyer confirming and authorizing as necessary across the flow.
- RTCCertificate.getFingerprints()
RTCCertificate is supposed to have a getFingerprints() method.
- Referrer policies ‘same-origin’, ‘strict-origin’, ‘strict-origin-when-cross-origin’
The Referrer Policy specification includes three policy values that Chrome doesn’t yet implement.
- same-origin: Send full referrers same-origin, no referrers cross-origin.
- strict-origin: Strip referrers to the origin, but strip them when downgrading from HTTPS to HTTP.
- strict-origin-when-cross-origin: Send full referrers same-origin, and the origin when cross-origin, but strip referrers when downgrading from HTTPS to HTTP.
- Resource Timing & Navigation Timing: add nextHopProtocol property
nextHopProtocol has been in the spec for RT & NT but was not implemented in chrome yet.
It is now landed and will ship in M61
- Storage quota estimate() API
navigator.storage.estimate() - returns a Promise which resolves with {usage, quota} values in bytes.
- SyncManager interface exposed to all workers
Historically the SyncManager interface was only exposed to the window and service workers. This feature exposes the interface to all workers.
- URLSearchParams: sort() method
Sorts all name-value pairs stored in a URLSearchParams. Proposed at https://github.com/whatwg/url/issues/26 to improve cache hit rate easily.
- URLSearchParams: updated constructor
URLSearchParams’ constructor has been changed in https://github.com/whatwg/url/pull/175. It is now possible to create a new URLSearchParams by passing it any object (e.g. new URLSearchParams({'foo': 'bar'})
).
- Update colSpan max value to 1000
Update colSpan max value from 8190 to 1000 as per spec change.
https://html.spec.whatwg.org/#dom-tdth-colspan
https://html.spec.whatwg.org/#dom-col-span
https://html.spec.whatwg.org/#dom-colgroup-span
- WebUSB API
The web platform API to support programming USB devices.
- asm.js
Validate asm.js code and use type information to optimize the low-level subset of JavaScript.
- getAttributeNames() of Element interface
getAttributeNames() is a function to rerun a list of attribute names of an element.
- onwheel in GlobalEventHandlers
Previously we had onwheel attributes as part of the Element. Now we are moving them to GlobalEventHandlers to make them consistent with the other on’event’ attributes.
- visualViewport API
Exposes information about the visual viewport to the page.
- Deprecate and remove Presentation API on insecure contexts
In aligning with Blink’s intention to remove powerful features on insecure origins, we plan to deprecate and remove support for the Presentation API on insecure contexts. PresentationRequest and PresentationReceiver where deprecated on insecure origins in Chrome 61. Removal is anticipated in Chrome 72 (February 2019).
- JavaScript dialogs exit HTML5 fullscreen
If a page shows a JavaScript dialog while it is in fullscreen (the HTML5 kind), it is exited from fullscreen.
chromium62 Features:28
- document.rootScroller
Allow a non-document (or <body>
) element to hide URL bar, generate overscroll glow, etc. on scrolling, effects normally reserved for “viewport scrolling” only.
-
<data>
element
<data>
element
-
<time>
element
<time>
element
- API for customizing HTMLMediaElement.seekable for Media Source live streams
This API lets MediaSource apps more effectively customize the HTMLMediaElement.seekable range logic by providing (or removing) a single seekable range that is union’ed with the current buffered ranges to result in a single seekable range which fits both, when media duration is infinite.
- Accept 8 (#RRGGBBAA) and 4 (#RGBA) value hex colors
Update the CSS color parser to support 8/4-digit hex color. Legacy HTML attribute color parsing, per the “rules for parsing a legacy colour value” of the HTML micro syntax (http://bit.ly/1WF2Yre), will not be changed (see http://bit.ly/1UEDbiO), nor will the CSS hashless color quirk (https://quirks.spec.whatwg.org/#the-hashless-hex-color-quirk).
- Accept-Language Headers Fix
We want to fix an issue in how Chrome generates the Accept-Language HTTP headers from user language preferences. As websites sometimes only accept languages without region (i.e. “en” vs “en-AU”), a user could receive websites in an unexpected language. We plan to add the base language in the correct position so that users receive webpages in their preferred language.
- Dispatch mouse transition events after layout
Mouse events are not sent when the nodes under the mouse change during layout.
This then represents an incorrect state in that the hover state of where the mouse actually doesn’t match the current hover state of the document.
To fix a variety of issues we will start dispatching mouse transitional events and update the hover state shortly after layout has been executed.
This will match Firefox behavior.
- Feature Policy: Fullscreen
Allow developers to selectively enable and disable use of Fullscreen through the Feature-Policy HTTP header or the <iframe>
“allow” attribute. The identifier for the feature in policies is “fullscreen”. By default, fullscreen is allowed in all top-level documents, and in same-origin frames. This is similar to the existing <iframe>
“allowfullscreen” attribute, but allows control over which origins will be allowed to use the feature when hosted inside of the frame.
- Implement visibility:collapse for table rows and row-groups
visibility:collapse is supposed to hide table rows while preserving their contribution to column widths. Right now blink treats visibility:collapse as visibility:hidden, which merely skips painting the rows, leaving blank space in their place instead of allowing their space to be used for other content.
- Intervention: Image replacement for Data Saver users on slow connections
If a Data Saver user is on a 2G-speed or slower network according to the NetInfo API, Chrome replaces images with placeholders and sends an intervention header on every resource request. Placeholders are the same dimensions as the original image to maintain site layout. Users are shown a Lite Mode UI in the omnibox. Users can load the image by long-pressing on the placeholder, or load all images by tapping “Show original” in the UI. An intervention report is sent when this optimization occurs.
- Loosen up escape sequence restrictions in template literals
The restriction on escape sequences in template literals has been loosened. This enables new use cases for template tags, such as writing a LaTeX processor.
- Media Capture from HTML Media Element (
<video>
/<audio>
)
“Media Capture from DOM Elements” document by W3C defines captureStream() method that allows the capture of a <video>
/<audio>
element in the form of a MediaStream. We want to implement the necessary Blink and Chromium sections that would create this stream by accessing the <video>
/<audio>
output according to the given play back constraints.
- Network Information: Network Quality signals
This API provides network performance information to developers, as perceived by the UA, in a format that’s easy to consume and act upon: UA monitors latency and throughput of recent requests and provides estimates for effective RTT, throughput, and connection type that developers should optimize for - e.g. if the recently observed latency and/or throughput is low, the effective connection type will be mapped to a “low” value like 2G or 3G, regardless of the underlying network technology.
- OpenType variable font support
OpenType variable fonts integration in the layout engine affects at least the following aspects:
- Axis value assignments from font-variation-settings
- Integration of variable fonts axis parameters into layout operations
- Font matching for:
- Matching based on canonical scalable axes such as width or weight or optical sizing.
- Matching named instances
- Feature resolution of CSS props, feature-settings and variation settings
- PaymentDetailsModifier.data
Need to support modifiers with the same identifier but different data. One use case for this is to support card payments with different modifiers for credit vs. debit cards. This change adds the PaymentDetailsModifier.data field to supply the different data.
- Performance.timeOrigin
Performance.timeOrigin was defined in High Resolution Time 3. The attribute is useful for developers to be able to compare timings of objects (like windows or workers) with different time origins.
- RegExp
dotAll
mode /s
flag
The new s
flag for ECMAScript regular expressions makes .
match any character, including line terminators.
- RegExp lookbehind assertions
Lookarounds are zero-width assertions that match a string without consuming anything. ECMAScript has lookahead assertions that does this in forward direction, but the language is missing a way to do this backward which the lookbehind assertions provide. With lookbehind assertions, one can make sure that a pattern is or isn’t preceded by another, e.g. matching a dollar amount without capturing the dollar sign.
- Support FLAC in ISO-BMFF with MSE
FLAC is a lossless audio coding format, already supported in regular Chrome HTML5 playback. This feature adds support for FLAC in ISO-BMFF to Chrome HTML5 Media Source Extensions (MSE).
- Update ol.start default value as 1
As per the spec,
"The start IDL attribute must reflect the content attribute of the same name, with a default value of 1.
This means that the start IDL attribute does not necessarily match the list’s starting value, in cases where the start content attribute is omitted and the reversed content attribute is specified."
- WebAudio: OfflineAudioContext constructor with dictionary
The constructor for an OfflineAudioContext now accepts a dictionary argument to specify the options needed to construct the context. This is an addition to the existing constructor that takes three arguments.
- visualViewport attribute event handlers
Adding attribute event handlers to visualViewport.
i.e. visualViewport.onresize and visualViewport.onscroll
(This is a minor fix to the shipped implementation)
- PaymentMethodData.supportedMethods should not be a sequence
PaymentMethodData is used in the PaymentRequest constructor, the PaymentRequestEvent, and the CanMakePaymentEvent. It’s supportedMethods property holds and identifier indicating the payment methods a merchant accepts. Currently, this property takes either a string or array. After this change, it will only take a string.
- Deprecate SVGPathElement.getPathSegAtLength
This interface is removed from the spec.
https://svgwg.org/svg2-draft/paths.html#InterfaceSVGPathElement.
- RTCPeerConnection.getStreamById
The getStreamById method on RTCPeerConnection is being removed. See https://crbug.com/698163#c10 for a replacement if you depend on this.
- Remove Insecure usage of Notifications
Remove access to the Notifications API on insecure origins. This will prevent sites from requesting notification permission or creating non-persistent local notifications over HTTP.
Sites using the Notification API for web push must already be on secure origins due to the requirement for a service worker. Removal is anticipated in Chrome 62.
- Remove Usage of Notifications from iFrames
Remove the ability to call Notification.requestPermission() from non-main frames.
This change will align the requirements for notification permission with that of push notifications, easing friction for developers. It allows us to unify notification and push permissions.
- SharedWorker: Remove workerStart
SharedWorker.workerStart has been deprecated for a while in the spec, and is not supported by other major browsers.
chromium63 Features:21
- Async Iteration / Async Generators
Async Generator functions and a new iteration protocol (used by for-await-of loops and yield* expressions), to streamline consumption or implementation of streaming data sources.
- CSS ‘q’ length unit
support ‘q’ absolute length unit.
1q is equivalent to 1/40th of 1cm.
- CSS font-variant-east-asian
Add support for font-variant-east-asian and respective mapping for the font: shorthand and the font-variant: shorthand.
- CSS overscroll-behavior
CSS overscroll-behavior
allows developers to decide the browser’s behavior once a scroller has reached its full extent. The unused delta can be propagated to the parent causing scroll chaining, create a glow/bounce effect without chaining, or just get consumed silently. This would be a standardization of “-ms-scroll-chaining” with some modification.
- Device Memory JS API
JS API to expose the device Memory to web applications.
- EventTarget.addEventListener/removeEventListener throws a TypeError
EventTarget.addEventListener/removeEventListener throws a TypeError when the second argument |callback| is neither of EventListener nor Null nor Undefined.
Historically Blink had not been reporting a TypeError for the second argument of EventTarget.{add,remove}EventListener, but reports a TypeError since M63.
- HTMLAllCollection and HTMLCollection’s named properties are no longer enumerable
Blink now follows the DOM and HTML specs and declares HTMLAllCollection, HTMLCollection, HTMLFormControlsCollection and HTMLOptionsCollection with the [LegacyUnenumerableNamedProperties] extended attribute. Its named properties are no longer marked as enumerable, being left out of calls to e.g. Object.keys() and for-in loops.
- Interface properties with a Promise type no longer throw exceptions
Interface properties that return a Promise now reject (meaning they’ll invoke a catch block) instead of throwing an exception. This has already been done for functions.
- Intl.PluralRules
Intl.PluralRules is a new API which exposes language-dependent data on pluralization forms of numbers. Given a locale and a number, Intl.PluralRules outputs a category, which can then be used for selection of the pluralization form of surrounding text.
- JavaScript module import()
This JavaScript feature adds a “function-like” import() module loading syntactic form to JavaScript.
The existing syntactic forms for importing modules are static declarations. However, it’s also desirable to be able to dynamically load parts of a JavaScript application at runtime.
- Make /deep/ behave like the descendant combinator " " in CSS live profile (in css file or inside of
<style>
)
Make /deep/ behave like the descendant combinator " " in CSS live profile; effectively no-op.
See “Intent to Remove” thread for more details: https://groups.google.com/a/chromium.org/d/topic/blink-dev/HX5Y8Ykr5Ns/discussion
https://www.w3.org/TR/selectors-4/#profiles
CSS live profile = CSS selector used in CSS file or inside of <style>
.
CSS snapshot profile = CSS selector used in JS, such as querySelector(…)
- MediaStreamTrack.applyConstraints
applyConstraints() allows changing the constraints associated with a MediaStreamTrack.
This is useful to change settings such as video resolution or frame rate.
applyConstraints() was previously released with support for ImageCapture (https://w3c.github.io/mediacapture-image/).
This feature includes adding support for the main spec (https://w3c.github.io/mediacapture-main/).
- No State Prefetch
A mechanism for speculative prefetching of webpages and their subresources that are on a critical path of page loading without executing any JavaScript or creating a complex state of the web platform. This system is not purely “no state” because HTTP cache allows to create cookies and other state related to validating cache entries.
It is important to note that the “NoState Prefetch” is not an API.
Server side detection: https://bugs.chromium.org/p/chromium/issues/detail?id=796855
- Promise.prototype.finally
This finally method is used for registering a callback to be invoked when a promise is settled (either fulfilled, or rejected).
- Web Storage: Anonymous getter may return null
Blink used to add an anonymous named property getter to the Storage interface (used by sessionStorage and localStorage) that behaved slightly differently from the getItem() method. The anonymous getter has been removed, and getItem() is now used behind the scenes instead. One visible consequence is that attempting to access a key that does not exist via the getter will return null instead of undefined.
- Web Storage: Methods are now enumerable
The methods belonging to the Storage IDL interface (available via sessionStorage and localStorage), such as getItem(), clear() and removeItem() are now enumerable as mandated by the HTML spec.
They are not returned by Object.keys(), but do appear in e.g. for-in loops.
- beforeprint and afterprint events
‘beforeprint’ event is dispatched before starting printing, and ‘afterprint’ event is dispatched after finishing printing. They are useful to build printing-only content, and clean it up.
- display:minimal-ui
Support the minimal-ui display mode as defined in the Web App Manifest.
This property will result in Chrome displaying a “Chrome Custom Tab”-like UI.
- navigator.webdriver
The Webdriver specification defines a navigator.webdriver
property to indicate if UA is controlled by automation. This property is defined and returns true
when running Chrome with the --headless
flag.
- Shadow-Piercing descendant combinator, ‘/deep/’
The /deep/ combinator was a part of Shadow DOM v0, which has been deprecated and removed. Starting in M63, the /deep/ combinator was treated as a no-op, equivalent to a space " " combinator. As the code for all of Shadow DOM v0 was removed completely in M89, /deep/ will now throw exceptions in some JS operations, such as querySelectorAll. Simply replace it with " " to get pre-M89 behavior back.
- macOS: rounded borders for buttons in User-Agent stylesheet
Only for macOS.
The default stylesheet for <button>
, <input type=button>
, <input type=reset>
, <input type=submit>
, a button in <input type=file>
was changed in order to match OS-native buttons.
Background-color, border, border-radius, and padding were changed.
chromium64 Features:32
- Media Capabilities: encoding
This is an API for querying the user agent about a device’s encoding capabilities for the purpose of recording or transmitting.
- Network Information: saveData
The saveData attribute is a boolean that indicates a client’s explicit opt-in for reduced data usage, due to high transfer costs, slow connection speeds, or other reasons. It’s use allows JavaScript to make decisions that result in reduced data use, such as to load smaller images and video resources, or reduce buffering or predictive actions.
This is expected to be enabled by default in Chrome 65.
- Animation for offset-path CSS property
Authors using CSS Motion Path can now animate the path that an element moves along by animating the offset-path property
- CSS transform-box
The transform-box property allows defining which reference box to use when computing ‘transform’ and ‘transform-origin’. It currently only has an effect on SVG elements.
- CSS4 text-decoration-skip-ink
CSS Text Decoration 4: property controls how overlines and underlines are drawn when they cross over a glyph.
With the initial, default value “auto” decoration lines skip over where glyphs are drawn: interrupt the decoration line to let the shape of the text show through where the text decoration would otherwise cross over a glyph. The UA must also skip a small distance to either side of the glyph outline.
To disable this behavior, use text-decoration-skip-ink: none
- Constructible & Subclassable EventTarget
Make EventTarget constructor callable, allowing them to be constructed on their own or be subclassed.
- Deprecate and remove chrome.loadTimes
chrome.loadTimes() is a non-standardized API that enables collecting loading related metrics to understand performance in the real world. However the metrics there are now available as standardized APIs, so this API will be deprecated and removed.
- Deprecate on-by-default Permissions in Cross-origin Iframes
It’s proposed that by default the following permissions cannot be requested or granted to content contained in cross-origin iframes:
Geolocation
Midi
Encrypted media extensions
Microphone and Camera
In order for a cross-origin frame to get access to these permissions, the embedding page must specify a Feature Policy which enables the feature for the frame. For example, to enable geolocation in an iframe, the embedder could specify the iframe tag as:<iframe src="..." allow="geolocation">
- Feature Policy: Autoplay
Allows developers to selectively enable and disable use of autoplay through the feature policy HTTP header or the <iframe>
“allow” attribute.
By default we will allow autoplay on same origin iframes. If developers have cross origin iframes they will be able to enable autoplay on those frames by enabling the “autoplay” feature.
- Fetch API: Request.cache
A property which represents the cache mode of a Request. This feature includes RequestInit.cache which sets the property.
- Fractional coordinates in PointerEvents of type mouse
Make the coordinates in PointerEvents of pointerType=mouse fractional, in order to include the full precision provided by the underlying platform.
- Image Decode API: img.decode()
This change allows web developers to request to decode an img element. The call to a new HTML <img>
element’s decode() function returns a promise, which, when fulfilled, ensures that the image can be appended to the DOM without causing a decoding delay on the next frame.
- Image decoding attribute
This feature allows developers to specify decoding attribute on HTMLImageElement and SVGImageElement which would have one of two states:
“async”: This indicates that the developer prefers responsiveness and performance over atomic presentation of image and non-image content.
“sync”: This indicates that the developer prefers atomic presentation of content over responsiveness.
“auto”: This indicates a default state where the user-agent can select the behavior.
- Intl.NumberFormat.prototype.formatToParts()
Intl.NumberFormat.prototype.formatToParts() is scheduled to be added to the ECMAScript Internationalization API specification (Ecma 402). It adds a method to format a number to a list of tokens and their types (e.g. minusSign, integer, decimal, fraction, currency, percentSign, etc).
See also the corresponding DateTimeFormat feature here: https://www.chromestatus.com/feature/6319456309477376
- Media preload defaults to metadata
Set the default preload value for video and audio elements to “metadata”.
Note that the preload attribute’s hint is still ignored when a MediaSource is attached to the media element.
- Notifications to be displayed in the platform’s Notification Center
Most platforms ship with a notification center of their own - on mobile devices this may be more prominent than on desktops, but they do exist. We’re in progress of moving notifications shown by Chrome to be included in those centers as well.
- Android (shipped in Chrome 42)
- Mac OS X (shipped in 59)
- Linux (planned to ship in 64)
- Windows (being prototyped)
Other browsers already use native notification centers where available.
- Numeric character reference fallback for file upload characters not representable in form-charset
Change <input type="file">
filename encoding in multipart/form-data uploads in forms with non-Unicode accept-charset to use HTML numeric character references rather than ‘?’ when a filename the user selects contains characters not representable in the target character encoding.
This change would align our behavior with the existing behavior of Firefox and Edge. It is hoped that this behavior can eventually achieve cross-browser consensus and standardization.
- Prevent scrolling in HTMLElement.focus()
Adds an optional argument to existing focus APIs that disable the scroll triggered by focus.
- RTCRtpSender
This feature tracks RTCPeerConnection methods getSenders(), addTrack(), removeTrack() and the essentials of interface RTCRtpSender.
- RegExp named captures
Named captures for ECMAScript regular expressions allow developers to create and refer to named capture groups.
- Remove window.event for Shadow DOM
The contex is: https://github.com/whatwg/dom/issues/334
We are trying to standardize certain Microsoft event extensions. One of them is window.event. Blink supports window.event.
In the discussion, we agreed that window.event should be undefined if an Event’s target is in a shadow tree.
That is effectivery equivalent to removing window.event for Shadow DOM.
- Resize Observer
The Resize Observer API can be used to observe changes to size of Element’s content rect.
- Stronger popup blocker on sites with abusive experiences
On sites with very abusive experiences (see documentation link below), Chrome will start enforcing a more aggressive popup blocker. This will invoke Chrome’s popup blocking UI for new windows or tabs regardless of whether there is a user gesture.
- Throw NotSupportedError when media playbackRate is unsupported
Throw a NotSupportedError DOM exception when a media element’s playbackRate is set to an unsupported value.
- Unicode property escapes in regular expressions
The Unicode Standard assigns various properties and property values to every symbol. For example, to get the set of symbols that are used exclusively in the Greek script, search the Unicode database for symbols whose Script property is set to Greek.
Unicode property escapes are a new type of escape sequence available in regular expressions that have the u
flag set. They enable querying the Unicode database for certain properties and values.
E.g. /\p{Script=Greek}/u.test('π') === true
- X-Content-Type-Options: nosniff
The X-Content-Type-Options: nosniff
header allows a server to assert that its resources may only be executed as script or applied as style if they’re delivered with appropriate Content-Type
headers.
- import.meta
The import.meta
meta-property provides a host-defined object which exposes context-specific metadata to a JavaScript module (e.g. the enclosing module’s URL or associated <script>
element).
- install event for Web App Manifest
An event handler to tell a site that it has been installed or added to home screen.
- Multiple Shadow Roots
Enable elements to host more than one Shadow Roots.
Dropping this feature from the spec is the resolution at Web Components f2f meeting (https://www.w3.org/wiki/Webapps/WebComponentsApril2015Meeting) This was deprecated in Chrome 45. Removal is anticipated in Chrome 64.
This was deprecated in Chrome 45.
- Remove getMatchedCSSRules
getMatchedCSSRules is a webkit-only API to get a list of all the style rules applied to a particular element.
It has been deprecated since 2014.
- window.alert() will not activate parent page
If a document in a background tab calls window.alert() then the call to alert() will return immediately; the dialog will be shown to the user when they switch to the tab. A UI indicator will be set so the user is aware of the pending alert dialog. This removes the ability to use window.alert() to bring a tab to the front against the user’s will.
- Stop showing ads on websites that are not compliant with the Better Ads Standards.
Stop showing ads (including ads owned or served by Google) on sites that do not comply with the betterads.org/standards
Feature Intro:
https://blog.chromium.org/2017/06/improving-advertising-on-web.html
How Chrome’s ad filter works
https://blog.chromium.org/2018/02/how-chromes-ad-filtering-works.html
Filtering began on sites globally in July 2019.
https://blog.chromium.org/2019/01/building-better-world-wide-web.html
Ad Experience Report Info
https://support.google.com/webtools/answer/7159932
chromium65 Features:25
- CSP’s
prefetch-src
directive.
CSP allows developers to control the set of resources which can be preloaded by specifying a prefetch-src
directive. The directive has the same format as other fetch directives; developers write an allowlist which defines the set of hosts from which resources can be preloaded. If prefetch-src
is not specified, default-src
will apply.
- Block cross-origin
<a download>
To avoid what is essentially user-mediated cross-origin information leakage, Blink will start to ignore the presence of the download attribute on anchor elements with cross origin attributes.
- CSS Color 4 HSL/HSLA syntax
Update parsing of HSL() and HSLA() to the syntax described in CSS Color 4. The functions were synonymized, along with allowing whitespace to separate the parameters instead of commas, introducing a backslash as a new way to separate the alpha parameter, allowing angles to be specified as the hue, and allowing percent values for the alpha parameter.
- CSS Color 4 RGB/RGBA syntax
Update parsing of RGB() and RGBA() to the syntax described in CSS Color 4. The functions were synonymized, along with allowing whitespace to separate the channels instead of commas, introducing a backslash as a new way to separate the alpha parameter, and allowing percent values for the alpha parameter.
- CSS Paint API (Houdini)
CSS Paint API defines a new callback which is designed to allow developers to write code which produces a CSS <image>
during the paint phase of the rendering engine.
- CSS Selectors 4 Pseudo-Class :any-link
The :any-link pseudo-class represents an element that acts as the source anchor of a hyperlink.
- Do not create layout objects for elements inside display:none iframes.
The original HTML/CSS specifications were unclear about the intended behavior for elements inside display:none iframes. [Do they get CSS boxes? Are they rendered?] This has led to a divergence in behavior between UAs. The specs are in the process of being clarified, and the new spec matches the behavior of Edge and Gecko [which do not perform box construction or layout]. Note that Chrome’s current behavior has negative performance implications.
https://github.com/whatwg/html/issues/1813
- Feature Policy: control Synchronous XMLHttpRequest
Allows developers to selectively enable and disable use of Synchronous XMLHttpRequest requests through the feature policy HTTP header or the <iframe>
“allow” attribute. The identifier for the feature in policies is “sync-xhr”. By default, synchronous XHR is allowed in all frames. If developers wish to disable this on any page, they can include a header like:
Feature-Policy: sync-xhr ‘none’
Or embed content in an frame with sync XHR disabled like:<iframe src="..." allow="sync-xhr 'none'">
- KeyboardEventInit keyCode, charCode support
Add support for initializing keyCode, charCode via KeyboardEventInit.
- NTLMv2
Support NTLMv2 authentication. Currently on non-Windows platforms only NTLMv1 is used.
- PerformanceObserver takeRecords()
The takeRecords method returns a copy of the performance entries in the PerformanceObserver’s buffer, and also clears this buffer. This aligns PerformanceObserver with other *Observer implementations, like MutationObserver and IntersectionObservers, which have similar methods.
- RTCRtpSender and RTCRtpReceiver extensions to RTCPeerConnection
This feature encapsulates the addition of the following methods to RTCPeerConnection:
getSenders(),
getReceivers(),
addTrack(MediaStreamTrack track, MediaStream… streams),
and removeTrack(RTCRtpSender sender).
The RTCRtpSender and RTCRtpReceiver objects will initially be limited to supporting the “track” attribute, with RTCRtpSender also supporting “replaceTrack(MediaStreamTrack withTrack)”.
- RTCRtpSender.replaceTrack
This allows you to seamlessly change which track is being sent without having to renegotiate at the expense of another offer/answer cycle.
For example, you might want to switch which video to send or to temporarily not send video, without any disruption in audio or at the cost of an RTT delay. It can also be used to control whether or not to send with replaceTrack(null).
- Request.destination
The Request.destination
getter enables Service Worker code knowledge regarding which type of resource it is fetching.
- ServerTiming API
Add the PerformanceServerTiming Interface which makes Server-Timing header timing values available to JavaScript running in the browser.
- Support HTMLAnchorElement.relList property
The HTMLAnchorElement.relList read-only property reflects the rel attribute. It is a live DOMTokenList containing the set of link types indicating the relationship between the resource represented by the <a>
element and the current document.
- Support HTMLAreaElement.relList property
The HTMLAreaElement.relList read-only property reflects the rel attribute. It is a live DOMTokenList containing the set of link types indicating the relationship between the resource represented by the <area>
element and the current document.
- TLS 1.3 (draft versions)
The latest version of the Transport Layer Security (TLS) protocol. For M65, draft-23 of the protocol will be rolled out to Chrome users via a field trial.
- Wheel scroll latching and async wheel events
Latch to a single element for the duration of a wheel scroll. Only the first wheel event in a scrolling sequence is cancel-able.
- Worklets
Worklets define a new javascript execution context which is designed to allow developers to write code which is intended to be run synchronously within the rendering engine, however independent of the main user javascript.
This feature was released in two stages. Worklets for paint were released in Chrome 65/Opera 52. Worklets for audio were released for Chrome 66/Opera 53.
- assignedElements on
<slot>
Add assignedElements on <slot>
, similar to assignedNodes(), but returning Element nodes only. The method returns elements that are assigned to a given slot.
- display: contents
“display: contents” allows you to control the box generation of an element.
The element with “display: contents” won’t generate any box, but its children and pseudo-elements will still do it as normal.
It’s like the element has been replaced by its children and pseudo-elements.
- document.all is no longer [Replaceable].
It has been possible for web developers to overwrite document.all for a long time, but according to the web standard, document.all will be no longer overwritable, i.e. it will be readonly.
[before the change]
document.all = 42;
console.log(document.all);
// prints 42
[after the change]
document.all = 42;
console.log(document.all);
// prints a HTMLAllCollection
- toJSON for Performance and PerformanceEntry
Ever since serializer was deprecated in favor of toJSON 1, the Performance and PerformanceEntry specs added a mandatory toJSON method. This method should just call the default toJSON operation [2].
1 https://github.com/w3c/resource-timing/issues/112
[2] https://heycam.github.io/webidl/#default-tojson-operation
The following interfaces will have toJSON added:
PerformanceResourceTiming
PerformanceLongTaskTiming
TaskAttributionTiming
<meta http-equiv="set-cookie" ...>
<meta http-equiv="set-cookie" ...>
provides a mechanism for manipulating a host’s cookies via markup. Ideally, we would require access to a host’s HTTP headers, or script-execution capabilities to modify this data.
chromium66 Features:35
- Add and update MHTML headers to support sharing of MHTML pages
To support sharing of MHTML pages, a new header Snapshot-Content-Location will be added. The existing Subject header will be updated to support encoding of non-printable ASCII characters.
- Add autocomplete attribute to
<textarea>
and<select>
Add autocomplete attribute to <textarea>
and <select>
as per spec.
https://html.spec.whatwg.org/multipage/form-elements.html#the-select-element, https://html.spec.whatwg.org/multipage/form-elements.html#the-textarea-element
- Aligning U2F attestation with webauthn
Chrome has never supported the FIDO U2F API directly1. However, it does ship with an internal extension and it’s possible to implement the U2F API by using postMessage to send messages to this extension.
(Description continued in comments.)
1 https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-javascript-api-v1.2-ps-20170411.html
- Array.prototype.values
The values() method returns a new Array Iterator object that contains the values for each index in the array.var
- Asynchronous Clipboard API
A modern, asynchronous Clipboard API based on Promises.
Text-only APIs (clipboard.readText and clipboard.writeText):
- Behind a flag in M62
- Enabled by default in M66
Support for images and other data types is still under development.
- Autocapitalize support on all editable elements and on
<form>
elements
Improve compatibility with Safari’s implementation of autocapitalize by:
-
Supporting autocapitalize attribute on any contenteditable element
-
Allow specifying the autocapitalize attribute on a
<form>
element to have it apply to all child form fields
- CSS Typed OM (Houdini)
The new CSSOM provides typed style access for developers. This will generally improve performance primarily by removing the need to do lots of string parsing. In addition to this, it will enable performant development of various new Houdini specifications (including custom properties, layout and paint).
Only a subset of CSS properties are supported for now:
https://chromium.googlesource.com/chromium/src/+/master/third_party/WebKit/Source/core/css/cssom/README.md
- CSS calc() in media queries
According to the CSS Values 4 spec, math functions such as calc() should be allowed wherever individual CSS values such as numbers are allowed. However, calc() expressions are not currently parsed in media queries. This change would introduce support for parsing calc() expressions inside of media queries.
- Do not throw on unimplemented but valid keyframe-specific composite values.
By spec, the following should not throw even if additive/accumulative animations are not yet supported by the browser:
// Currently throws on Chrome - should not!
element.animate(
[
{ color: ‘red’, composite: ‘accumulate’ },
{ color: ‘blue’, composite: ‘add’ }
], 2000);
);
Firefox does not throw in this case.
- ECMAScript ⊃ JSON
A Stage 3 proposal makes ECMAScript a syntactic superset of JSON by allowing line separator (U+2028) and paragraph separator (U+2029) in string literals.
- Feature Policy: control over Device Orientation API
The sensor policy-controlled features are used to control access to a device sensors requested through an event specified in the DeviceOrientation Event Specification. By default, the deviceorientation, deviceorientationabsolute and devicemotion events will be restricted to top-level document and same-origin subframes (it follows from features default allow list ‘self’). The default behavior can be modified by explicitly enabling or disabling of the dedicated sensor policy-controlled features.
- Fetch API: AbortSignal and AbortController
A fetch() can be made cancellable by passing an AbortSignal “signal” in the fetch options. Calling abort() on the associated AbortController will then cancel the fetch.
- Fetch API: keepalive
This option instructs fetch() to perform resource fetching with the keepalive flag set for non-blocking event reporting, analytics, etc. as well as the Beacon API (SendBeacon).
- Function.prototype.toString revision
The “implementation-dependent String” returned from Function.prototype.toString() is now a fully-specified String, which is a substring of the source code that defines the function. For example, this preserves whitespace and comments between the “function” keyword and the function name identifier.
For functions created with CreateDynamicFunction (such as through new Function()
), the String is fully-specified and includes the parameters passed to CreateDynamicFunction.
- Link rel=modulepreload
The new “modulepreload” rel value in <link>
element and Link: header provides a way to initiate early (and high-priority) loading of module scripts.
- Make
<tr>
with transform be a containing block.
Elements with table-row, table-row-group, table-header-group, table-footer-group, table-cell, and table-caption that have a transform property should be containing blocks for fixed position elements. Blink currently does not make <tr>
, <tbody>
, <tfoot>
, and <thead>
be a containing block for fixed position elements, which we propose to change.
- Media Capabilities: decoding
This specification intends to provide APIs to allow websites to make an optimal decision when picking media content for the user. This launch is only about exposing the decoding abilities of the device/system/browser.
- MediaStreamTrack.getCapabilities()
Returns the capabilities of the source associated to a MediaStreamTrack.
There is also a variant InputDeviceInfo.getCapabilities(), available in the results of MediaDevices.enumerateDevices().
These devices are used as sources for MediaStreamTrack; in this case, getCapabilities() returns the same values as MediaStreamTrack.getCapabilities().
- Network error when blob URL loading fails
Rather than returning a 404 when attempting to read from a invalid/non-existing Blob URL, these fetches should result in a network error.
- Optional catch binding
This proposal allows the catch
clause to exist without a parameter.
- RTCRtpSender: dtmf attribute
This attribute allows access to the DTMF feature of a PeerConnection’s audio track.
It is a replacement for the now non-standard CreateDTMFSender function on a PeerConnection.
- Retargeting result of elementFromPoint and elementsFromPoint
Previously elementFromPoint and elementsFromPoint are not per spec, and it may return null incorrectly because it is not retargeting the result correctly. We are fixing it to adhere to the spec by applying the correct retargeting algorithm.
- Send “input” Event on activation behavior for radio and file input type
As per spec, on input activation behavior fires a input event, then a change event for radio and file <input >
type.
- Send “input” Event on checkbox click
As per spec, click on mutable checkbox fires a click event, then an input event, then a change event.
- Service Worker: Disallow CORS responses for same-origin requests.
With this change, a service worker can no longer respond to a request whose mode is ‘same-origin’ with a response whose type is ‘cors’. This is a security measure added to the Fetch specification via https://github.com/whatwg/fetch/issues/629 and https://github.com/whatwg/fetch/pull/655.
- Service Worker: Non-nullable FetchEvent#clientId
With this change FetchEvent#clientId will return an empty string instead of null when it isn’t set, e.g., for a navigation request.
- Service Worker: Requests from embed and object elements skip service workers
Service workers no longer receive fetch events for requests from embed and object elements. This includes both requests for the main resource itself (the src or data attribute) and for any requests from the resulting context (the plugin or HTML context). This change was made to adhere to the specification, which disallows service worker interception due to security considerations.
- String.prototype.trimStart / String.prototype.trimEnd
Until now, String.prototype.{trimLeft,trimRight} were non-standard language extensions, required for Web compatibility.
The Stage 3 proposal at https://github.com/tc39/proposal-string-left-right-trim standardizes this functionality as String.prototype.{trimStart,trimEnd}, and defines String.prototype.{trimLeft,trimRight} as aliases for backwards compatibility.
This patch implements that proposal behind the --harmony-string-trimming flag.
- The ImageBitmap rendering context for
<canvas>
A new rendering context that streamlines the display of ImageBitmap objects. This new rendering context uses transfer semantics to take ownership of the pixels of an ImageBitmap object, thus avoiding memory duplication and rasterization overhead.
- Unprefix CSS Grid Layout gutter properties
Rename gutter properties to remove “grid-” prefix:
- grid-gap => gap
- grid-row-gap => row-gap
- grid-column-gap => column-gap
Note that column-gap already exists and is used by css-multicol.
The parsing needs to be updated as now the default value is “normal”.
The old (prefixed) properties names will be kept working as aliases.
- WebAudio: AudioParam setter is equivalent to setValueAtTime
When setting the value of an AudioParam via the value setter, the value is updated exactly as if setValueAtTime(newValue, context.currentTime).
This includes throwing errors that weren’t previously thrown and changing the AudioParam timeline
- WebAudio: Remove dezippering
Historically, Chrome implemented dezippering such that when the value setter of an AudioParam was used, the value was not changed instantaneously. Instead, an exponential approach equivalent to setTargetValueAtTime was done. The actual time constant used was never specified and depended on the AudioParam.
With the spec change in https://github.com/WebAudio/web-audio-api/pull/393, (Sep 2015), all dezippering was removed from the spec.
Dezippering will be removed from Chrome.
-
[WebAudio]
AudioWorklet
The AudioWorklet allows developers to supply JavaScript to process audio on the audio rendering thread. This processing mechanism ensures the synchronous execution of the author code with other built-in AudioNodes in the audio graph.
The AudioWorklet is designed to replace ScriptProcessorNode. ScriptProcessorNode will be deprecated once AudioWorklet is shipped.
- inputmode
The inputmode content attribute is an enumerated attribute that specifies what kind of input mechanism would be most helpful for users entering content into the form control or content editable.
- window.focus() exits HTML5 fullscreen
If a page in fullscreen mode opens a popup and calls window.focus(), that page will exit full screen. This will not occur if the popup receives focus some other way.
chromium67 Features:14
-
<foreignObject>
will be a stacking context
SVG2 specifies that <foreignObject>
to be a stacking context (*). Previously,
Chrome did not follow the SVG2 spec. Making <foreignObject>
a stacking context allows developers to place HTML content underneath a <foreignObject>
without confusion. For example, it wouldn’t make much sense to place content at z-index:1 above the containing SVG.
Gecko and Edge already implement this behavior.
(*) https://svgwg.org/svg2-draft/single-page.html#render-EstablishingStackingContex
- BigInt: arbitrary-precision integers
JavaScript gets a new numeric primitive that provides support for arbitrary-precision integers. Number
s in JavaScript are represented as double-precision floats, giving them limited precision. BigInt
s, on the other hand, can safely store and operate on large integers even beyond the safe integer limit for Number
s.
- Boolean return value of DOMTokenList replace()
The DOM specification was updated so that DOMTokenList replace() returns a boolean value. This is useful for code which takes different paths depending on whether a replacement occurred, avoiding the need for an extra condition using contains().
- Cross-Origin Read Blocking (CORB)
Cross-Origin Read Blocking (CORB) is an algorithm that can identify and block dubious cross-origin resource loads in web browsers before they reach the web page. CORB reduces the risk of leaking sensitive data by keeping it further from cross-origin web pages. In most browsers, it keeps such data out of untrusted script execution contexts. In browsers with Site Isolation, it can keep such data out of untrusted renderer processes entirely, helping even against side channel attacks like Spectre.
- Customized built-in elements
Authors can now create custom elements which inherit from the semantics of native, built-in elements. This is helpful when web authors want to add features to their custom elements, but they cannot be implemented in CSS or JavaScript though the features are available in built-in elements.
- Fixes to modifier flags on AltGraph-shifted keydown/keypress/keyup events under Windows.
In Windows the right-hand Alt key serves as AltGraph (ISO-Level-3-Shift) on some layouts (for example, many European language layouts), to allow generating additional printable characters. Internally the key generates Ctrl+Alt modifiers, so that Chrome reports all of Control, Alt and AltGraph in the flags for these keys. In this change, Chrome distinguishes AltGraph from Ctrl+Alt under Windows for consistency with modifiers on other platforms.
See the comments for how this helps developers.
- Motion sensors APIs based on Generic Sensor API
Motion sensors extends the Generic Sensor API to expose a set of low-level and fusion sensors. This feature includes JS interfaces representing accelerometers, linear acceleration sensors, gyroscopes, absolute orientation sensors and relative orientation sensors.
- RTCRtpSender/RTCRtpReceiver.getStats and RTCPeerConnection.getStats(MediaStreamTrack?)
New WebRTC implementations provided a filtered view of the statistics returned by getStats() in RTCRtpSender, RTCRtpReceiver, and RTCPeerConnection, returning only stats that are relevant to the sender, receiver, or track. This change adds convenience for developers by requiring less code for filtering. Because this is based on the spec it increases cross-browser compatibility.
- Send mouse back/forward buttons to javascript
Web pages can now process mouse events (mousedown, auxclick, mouseup) for back and forward buttons on mice with five or more buttons. This allows back and forward mouse buttons to be prevented by applications that wish to override them. For example they may be useful for games.
- Slots in a flat tree
The <slot>
element can now participate in a flat (layout) tree, with UA style: display: contents. Before this change, applying a CSS selector to a <slot>
element had no effect. Not only is this fixed, when selectors are applied to a <slot>
element, it’s children inherit its styles.
- Streams API: TransformStream
TransformStream is part of the Streams API for creating, composing, and consuming streams of data. It enables transforming data in stream form. It is typically used in a pipe between a ReadableStream and a WritableStream.
- Web Authentication API for Chrome
The Credential Management API (Chrome 51 and later) defined a framework for retrieving credentials, including semantics for creating, getting, and storing them. It did this through two credential types: PasswordCredential and FederatedCredential. The Web Authentication API adds a third credential type, PublicKeyCredential, which allows web applications to create and use strong, cryptographically attested, and application-scoped credentials to strongly authenticate users.
- -webkit-box-flex-group, -webkit-box-lines, % values of -webkit-line-clamp
-webkit-box-flex-group - This property has virtually zero usage based on the UseCounter on stable.
% values of -webkit-line-clamp - There is interest in finding a standards based solution to the number values usecase, but we haven’t seen demand for the %-based values.
-webkit-box-lines - This property was never fully implemented. It was originally intended such that a “vertical”/”horizontal” -webkit-box can have multiple rows/columns.
- Intent to Deprecate & Remove: Change how New Formatting Contexts sized and positioned off a shape area.
The shape-outside property allows web developers to wrap text around a float with a non-rectangular area. In our implementation this also currently affects how new formatting contexts are sized and positioned.
We want to change how they are sized and positioned, similar to how floats are positioned (based off the bounding area instead).
chromium68 Features:33
-
<foreignObject>
will be a stacking context
SVG2 specifies that <foreignObject>
to be a stacking context (*). Previously,
Chrome did not follow the SVG2 spec. Making <foreignObject>
a stacking context allows developers to place HTML content underneath a <foreignObject>
without confusion. For example, it wouldn’t make much sense to place content at z-index:1 above the containing SVG.
Gecko and Edge already implement this behavior.
(*) https://svgwg.org/svg2-draft/single-page.html#render-EstablishingStackingContex
- BigInt: arbitrary-precision integers
JavaScript gets a new numeric primitive that provides support for arbitrary-precision integers. Number
s in JavaScript are represented as double-precision floats, giving them limited precision. BigInt
s, on the other hand, can safely store and operate on large integers even beyond the safe integer limit for Number
s.
- Boolean return value of DOMTokenList replace()
The DOM specification was updated so that DOMTokenList replace() returns a boolean value. This is useful for code which takes different paths depending on whether a replacement occurred, avoiding the need for an extra condition using contains().
- Cross-Origin Read Blocking (CORB)
Cross-Origin Read Blocking (CORB) is an algorithm that can identify and block dubious cross-origin resource loads in web browsers before they reach the web page. CORB reduces the risk of leaking sensitive data by keeping it further from cross-origin web pages. In most browsers, it keeps such data out of untrusted script execution contexts. In browsers with Site Isolation, it can keep such data out of untrusted renderer processes entirely, helping even against side channel attacks like Spectre.
- Customized built-in elements
Authors can now create custom elements which inherit from the semantics of native, built-in elements. This is helpful when web authors want to add features to their custom elements, but they cannot be implemented in CSS or JavaScript though the features are available in built-in elements.
- Fixes to modifier flags on AltGraph-shifted keydown/keypress/keyup events under Windows.
In Windows the right-hand Alt key serves as AltGraph (ISO-Level-3-Shift) on some layouts (for example, many European language layouts), to allow generating additional printable characters. Internally the key generates Ctrl+Alt modifiers, so that Chrome reports all of Control, Alt and AltGraph in the flags for these keys. In this change, Chrome distinguishes AltGraph from Ctrl+Alt under Windows for consistency with modifiers on other platforms.
See the comments for how this helps developers.
- Motion sensors APIs based on Generic Sensor API
Motion sensors extends the Generic Sensor API to expose a set of low-level and fusion sensors. This feature includes JS interfaces representing accelerometers, linear acceleration sensors, gyroscopes, absolute orientation sensors and relative orientation sensors.
- RTCRtpSender/RTCRtpReceiver.getStats and RTCPeerConnection.getStats(MediaStreamTrack?)
New WebRTC implementations provided a filtered view of the statistics returned by getStats() in RTCRtpSender, RTCRtpReceiver, and RTCPeerConnection, returning only stats that are relevant to the sender, receiver, or track. This change adds convenience for developers by requiring less code for filtering. Because this is based on the spec it increases cross-browser compatibility.
- Send mouse back/forward buttons to javascript
Web pages can now process mouse events (mousedown, auxclick, mouseup) for back and forward buttons on mice with five or more buttons. This allows back and forward mouse buttons to be prevented by applications that wish to override them. For example they may be useful for games.
- Slots in a flat tree
The <slot>
element can now participate in a flat (layout) tree, with UA style: display: contents. Before this change, applying a CSS selector to a <slot>
element had no effect. Not only is this fixed, when selectors are applied to a <slot>
element, it’s children inherit its styles.
- Streams API: TransformStream
TransformStream is part of the Streams API for creating, composing, and consuming streams of data. It enables transforming data in stream form. It is typically used in a pipe between a ReadableStream and a WritableStream.
- Web Authentication API for Chrome
The Credential Management API (Chrome 51 and later) defined a framework for retrieving credentials, including semantics for creating, getting, and storing them. It did this through two credential types: PasswordCredential and FederatedCredential. The Web Authentication API adds a third credential type, PublicKeyCredential, which allows web applications to create and use strong, cryptographically attested, and application-scoped credentials to strongly authenticate users.
- -webkit-box-flex-group, -webkit-box-lines, % values of -webkit-line-clamp
-webkit-box-flex-group - This property has virtually zero usage based on the UseCounter on stable.
% values of -webkit-line-clamp - There is interest in finding a standards based solution to the number values usecase, but we haven’t seen demand for the %-based values.
-webkit-box-lines - This property was never fully implemented. It was originally intended such that a “vertical”/”horizontal” -webkit-box can have multiple rows/columns.
- Intent to Deprecate & Remove: Change how New Formatting Contexts sized and positioned off a shape area.
The shape-outside property allows web developers to wrap text around a float with a non-rectangular area. In our implementation this also currently affects how new formatting contexts are sized and positioned.
We want to change how they are sized and positioned, similar to how floats are positioned (based off the bounding area instead).
chromium69 Features:35
- Add RTCRtpParameters.headerExtensions
This change adds support for the RTCRtpParameters.headerExtensions dictionary entry which is returned by RTCRtpSender.getParameters(). This is a read-only field that allows inspection of the parameters that are set on a PeerConnection after negotiation.
- Array.prototype.{flat,flatMap}
JavaScript arrays are getting two new methods. Array.prototype.flat()
returns a new array with all sub-array elements concatenated into it recursively up to the specified depth. The sub-array elements become members of the new array. Array.prototype.flatMap()
first maps each element using a mapping function, then flattens the result into a new array. This method is functionally equivalent to a map followed by a flatten of depth 1.
- Background Tab Resource Load Throttling
For invisible frames e.g. ones in background tabs, Chrome set a per-frame simultaneous loading limit; 3 for the top frame, 2 for sub-frames are permitted to go to the network stack.
Excessive requests are enqueued and go when the previous request finishes. Thus, all requests will run eventually.
Most fetches made by HTML elements / CSS are throttleable.
WebSockets, WebRTC’s data channel, Fetch API, XMLHttpRequest, EventSource, Video and Audio are excluded today to allow keep-alive connections.
- CSP3: unsafe-hashes
‘unsafe-hashes’ is a feature in CSP3 which allows developers to enable specific event handlers without needing to use the less safe ‘unsafe-inline’ keyword.
If ‘unsafe-hashes’ is present, inline event handlers are allowed to match against hashes specified by the ‘script-src’ directive (or its fallback if not present).
- CSP:
report-to
directive
The report-to
directive wires CSP violation reports up to the Reporting API which allows the browser to bundle multiple reports when sending them to the server rather than creating a POST for each individual report. This allows reports to be collected in a way that is friendlier for users’ batteries. This change also deprecates the existing report-uri
directive.
- CSS Scroll Snap Points
The CSS scroll snap specification introduces snap points as a way to “enforce the scroll offsets that a scroll container’s visual viewport may end at after a scrolling operation has completed”. Scroll snapping applies to both user scroll operations such as touch, wheel scrolling, or scrollbar dragging, and programmatic scroll operations such as Element.scrollTo(). This improves the user experience by allowing scrollable zones to easily stop at predefined points.
- CSS conic-gradient
Support was added for CSS conic (angular/sweep) gradients. Conic gradients allow color transitions around a center rather than radiating from it. This allows, for example, a web developer to create a hue wheel using only two CSS properties.
- CSS logical flow relative margins, paddings and borders
Chrome now implements logical margin, padding, and border CSS properties using standard names, specifically margin-{block,inline}-{start,end}, padding-{block,inline}-{start,end} and border-{block,inline}-{start,end}-{width,style,color}. These capabilities were previously supported through -webkit prefixes and non-standard names. Shorthand properties are only added for border-{block,inline}-{start,end}.
- Deprecation Reports
A new feature of the Reporting API gives developers more insight into the functioning of their code on client machines. Deprecation reports allow deprecation warnings, currently only available in developer tool consoles, to be sent to the back end, or captured in callbacks using ReportingObserver.
- Display cutout and CSS env() support
Display cutouts are now supported in Chrome through CSS environment variables and the viewport-fit meta tag. This allows developers to take advantage of the entire screen on devices that have a display cutout.
- Element.toggleAttribute
A new method named Element.toggleAttribute() allows toggling the existence of an element’s attribute in a way similar to Element.classList.toggle. An optional force parameter forces toggling the attribute even if it doesn’t exist. This makes managing boolean attributes much simpler as the interface doesn’t use strings as does Element.setAttribute().
- Fetch API: Request.isHistoryNavigation
Add a boolean property to request objects to indicate whether the particular request is a history navigation. This allows a service worker to know whether a request was due to a back/forward navigation. An example of how this might be used is that a service worker could respond to such a navigation with a cached response.
- Keyboard Map
This API returns a map which translates from KeyboardEvent.code values into strings that can be shown to the user to identify each key.
This is not possible with existing web platform APIs because the value that should be shown to the user depends on the keyboard layouts that the user has installed and activated.
- Nested dedicated workers
This allows workers to spawn additional, descendant dedicated workers.
This can be used to better distribute tasks without needing time on the main thread where rendering and user input are being handled. This also allows libraries which use workers to be adapted to run in a worker context themselves, giving developers more options to move business logic off of the main thread.
- Network Error Logging
This feature defines a mechanism that enables developers to declare a network error reporting policy for a web application via the NEL
header. A user agent can use this policy to report encountered network errors that prevented it from successfully fetching requested resources. This is done through the common Reporting API.
- OffscreenCanvas
OffscreenCanvas is a new interface that allows canvas rendering contexts (2D and WebGL) to be used in Workers. Making canvas rendering contexts available to workers increases parallelism in web applications, leading to improved performance on multi-core systems.
As part of the required tooling for this to work, this also launches DedicatedWorker.requestAnimationFrame(), allowing animation-like events to be triggered the same on dedicated workers as they are in Window.
- RTCRtpSender / RTCRtpReceiver.getCapabilities()
The getCapabilities() method returns the most optimistic view of the capabilities of the system for sending media of the given kind. It does not reserve any resources, ports, or other state but is meant to provide a way to discover the types of capabilities of the browser including which codecs or RTP extensions may be supported.
- Reporting API
The Reporting API defines a generic reporting framework which allows web developers to associate a set of named reporting endpoints with an origin. Various platform features (like Content Security Policy, Network Error Reporting, and others) will use these endpoints to deliver feature-specific reports in a consistent manner.
- ReportingObserver
A new feature of the Reporting API gives developers more insight into the functioning of their code on client machines. The ReportingObserver API allows JavaScript to capture reports in callback, which can be used to save custom reporting data to page analytics.
- ServiceWorkerRegistration.update() resolves with a registration.
ServiceWorkerRegistration.update() previously resolved with undefined. Now it resolves to the registration object as required by the specification.
- Stylesheets activated after the body is started do not block paint
External stylesheets in the body of the document or that get activated after the body has started to be parsed will no longer block paint but they will pause the parser. The end result is that any DOM content before the body stylesheet will continue to paint but content after the stylesheet will not appear until after the stylesheet has loaded.
- Support for CTAP2 FIDO devices via the Web Authentication API
This feature adds support for CTAP2 devices, which provide advanced security capabilities such as biometric authentication and resident keys (keys stored on the device). The WebAuthentication API (https://www.chromestatus.com/feature/5669923372138496) formerly only supported Universal 2nd Factor (U2F, also known as CTAP1 ) devices at the transport layer. This change doesn’t alter the API surface itself but enables richer device interactions via the existing Web Authentication API.
- TLS 1.3 certificate compression with Brotli
TLS 1.3 encrypts the server’s certificates. With that protection in place, we finally have the confidence that we can implement certificate compression without causing middlebox issues.
Certificate compression is an IETF TLS WG draft (https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-03) and we plan on implementing that specification, supporting the Brotli algorithm.
- Three new network quality client hints
Support for the “rtt”, “downlink”, and “ect” client hint values and HTTP request headers have been added to Chrome to convey Chrome’s network connection speed to servers. These network quality hints provide the same values as existing Network Information APIs navigator.connection.rtt, navigator.connection.downlink, and navigator.connection.effectiveType.
- Web Locks API
This API allows scripts running in one tab to asynchronously acquire a lock, hold it while work is performed, then release it. While held, no other script in the origin can acquire the same lock. A lock represents some potentially shared resource, identified by a name chosen by the web app. For example, if a web app running in multiple tabs wants to ensure that only one tab is syncing to the network, each tab could try to acquire a “my_net_sync” lock, but only one tab will succeed.
- WebAssembly Import/Export Mutable Globals
Allows WebAssembly modules to import and export mutable globals. This building block will allow efficient passing of values like shadow stacks pointers between dynamically linked modules (especially in the multi-threaded case).
- WebAssembly Sign Extension Opcodes
Add sign extension opcodes to WebAssembly. This makes some code sequences shorter and allows us to provide only zero extended versions of atomic opcodes for threads.
- WebRTC RTCRtpTransceiver in Unified Plan
When spec-complaint SDP format “Unified Plan” is used, RTCRtpTransceiver describes each sender-receiver pair that is added to the RTCPeerConnection. This represents the components used to send and receive media. Exposing the transceiver gives the application the ability to receive media early and provides more control over the generated SDP. APIs that are shipping include RTCRtpTransceiver, RTCPeerConnection.addTransceiver() and RTCPeerConnection.getTransceivers().
- performance.memory improvements
The performance.memory property is a non-standard API, seeing significant usage from some of our partners. With this change, if the renderer is locked to a site reported values will not contain coarse quantization and delay. This will allow developers to detect performance regressions from user data more easily because the memory measurements will be more accurate and can be taken more frequently.
- service worker: Don’t expose the API to insecure contexts.
Because of a technical limitation, navigator.serviceWorker was previously exposed on insecure contexts and threw a Security Error when used. After this change, navigator.serviceWorker will return undefined. This aligns with the specification.
- Deprecate And Remove Support For Invalid DNS Names
We have a security vulnerability that is rather long in the tooth (not yet public) that depends, in part, on our DNS resolver’s willingness to attempt to resolve arbitrary garbage strings, including strings that could not ever be valid hostnames.
I propose to remove support for such requests in our DNS resolution code, and attempt only to resolve legal hostnames (“preferred name syntax”). Additionally, I propose we accept underscores (_) in names. (See the measurement CL.)
- Remove ‘stalled’ events for HTMLMediaElements using MediaSourceExtensions
The HTMLMediaElement.stalled event fires when media download has failed to progress for at least 3 seconds. In Media Source Extensions, the web app manages the download and the media element is not aware of its progress. Since some apps append media data in chunks larger than 3 seconds, stalled was being fired at inappropriate times. To solve this, stalled has been removed for Media Source Extensions.
- Remove document.createTouchList
The document.createTouchList() method is being removed because the Touch() constructor has been supported since Chrome 48.
- Remove extra form data , if “value” attribute is present with non-empty value for
<input type=”image”>
As per spec,
https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#constructing-form-data-set, the constructed “form data set” should not include the value of the image button
- window.confirm() will not activate parent page
If a document in a background tab calls window.confirm() then the call to confirm() will return immediately with false, and no dialog will be shown to the user. If the tab is active, then the call will show a dialog. Specifically, this removes the ability to use window.confirm() to bring a tab to the front against the user’s will.
chromium70 Features:25
- RTCPeerConnection.id (Origin Trial)
RTCPeerConnection.id provides a string that identifies an RTCPeerConnection. This is useful when a peer connection needs to be referenced outside the JavaScript context, for example, on the server side, or by a logging mechanism.
- ‘name’ attribute for dedicated workers
This feature allows specifying the worker’s name in an optional constructor argument. This lets you distinguish dedicated workers by name when you have multiple workers with the same URL. Developers can print ‘name’ in the DevTools console which will make it easier to debug workers. When the ‘name’ param is omitted, an empty string is used as the default value. For more information, see the discussion at https://github.com/whatwg/html/issues/2477.
- AV1 Decoder
AV1 is a next generation codec developed by the Alliance for Open Media. AV1 improves compression efficiency by 30% over the current state-of-the-art video codec, VP9. The AV1 decoder will be added to Chrome Desktop x86 devices (Windows, macOS, Linux, Chrome OS) based on the official bitstream specification. At this time, support is limited to “Main” profile 0 and does not include encoding capabilities. The supported container is ISO-BMFF (MP4).
- Add referrerpolicy support to
<script>
elements
Many resource-fetching elements have support for the referrerpolicy
attribute, which lets developers provide a keyword to influence the value of the Referer
HTTP header that accompanies a request. The <link>
element has support for this, so it is technically possible to preload a script with a developer-set referrer policy even though the <script>
element does not have support for this attribute. This feature adds referrerpolicy
support to the <script>
element.
- Displaying a dialog will cause pages to lose fullscreen
Dialogs (e.g. authentication prompts, payments, filepickers) require proper context for users to make decisions. Fullscreen, by definition is immersive, and removes the context that a user needs to make a decision.
Therefore, whenever a page causes a dialog to be shown, that page will lose any HTML5 fullscreen that it has entered.
- Intervention Reports
An intervention is when a user agent does not honor an application request for security, performance, or annoyance reasons. With this change, Chrome will both send the report to your servers using the Report-To HTTP Response header field and surface the report in the ReportingObserver interface.
- Intervention: Disable scripts for Data Saver users on slow connections
If a Data Saver user is on a 2G-speed or slower network according to the NetInfo API, Chrome disables scripts and sends an intervention header on every resource request. Users are shown a Lite Mode UI in the omnibox. Users can enable scripts on the page by tapping “Show original” in the omnibox UI. An intervention report is sent when this optimization occurs.
- Options dictionary for postMessage methods
An optional PostMessageOptions object is being added to the postMessage() function for 6 of the 7 interfaces where it’s supported, specifically, DedicatedWorkerGlobalScope, Worker, ServiceWorker, ServiceWorker, and Window. This gives the function a similar interface on its definitions and allows it to be extended in the future. Since broadcastChannel.postMessage() doesn’t take additional arguments (such as transfer) it is not being changed.
- RTCPeerConnection.getConfiguration()
This change implements getConfiguration() according to the WebRTC 1.0. Specifically it returns the last configuration applied via setConfiguration(), or if setConfiguration() hasn’t been called, the configuration the RTCPeerConnection was constructed with.
- Remove OS build number from user-agent string
The OS build number (for example, “NJH47F” or “OPM4.171019.021.D1” on Android) has been removed from the user-agent identification (User-Agent header and navigator.userAgent) on Android and on iOS. The iOS change follows Safari’s implementation and freezes the build number as “15E148” instead of removing it.
This will prevent abuses of that information such as exploit targeting and fingerprinting. It’ll also bring Chrome closer in line with RFC 7231 section 5.5.3.
- Rename Atomics.wake() to Atomics.notify()
The Atomics.wake() method is being renamed Atomics.notify(). This is a low-level function to wake a Worker that has been suspended via Atomics.wait(). This conforms to a specification change made to alleviate confusion created by the similarity of the names wait and wake.
- Support Opus in mp4 (ISO-BMFF) with Media Source Extensions (MSE)
Opus is an audio codec already supported by the HTML5 src attribute on <url>
elements. This applies to mp4, ogg, and webm containers as well as in webm containers using Media Source Extensions. This change adds support for the Opus codec in the mp4 container to MSE.
- Support codec and container switching with MSE using SourceBuffer.changeType()
This change adds the SourceBuffer.changeType() method to improve cross-codec or cross-bytestream transitions during playback with Media Source Extensions.
- Support for Touch ID as a platform authenticator via the Web Authentication API
This feature is a built-in Web Authentication/CTAP platform authenticator for Chrome on macOS based on the Touch ID fingerprint sensor and secure element in Macbook Pros with Touch bars. It allows users to use Touch ID for 2-factor authentication on sites that implement this via the Web Authentication API.
- Symbol.prototype.description
A description property is being added to Symbol.prototype. This provides a more ergonomic way of accessing the description of a Symbol. Previously, the description could be only be accessed indirectly through the Symbol.protoype.toString().
- TLS 1.3
TLS 1.3 is an overhaul of the TLS protocol with a simpler, less error-prone design that improves both efficiency and security. The new design reduces the number of round-trips required to establish a connection and removes legacy insecure options, making it easier to securely configure a server. It additionally encrypts more of the handshake and makes the resumption mode more resilient to key compromise.
- The
<rp>
element defaults to display:none
The default style of the <rp>
element is changed to “display:none” instead of “display:inline” even if it is not inside the <ruby>
element as defined in HTML specification. This behavior is implemented in the UA style sheet, but the web author can override it.
Behavior in other browsers:
- Edge: display:inline (outside
<ruby>
), display:none (inside<ruby>
) - Firefox: display:none
- Safari: display:inline, display:none (inside
<ruby>
)
- The ontouch* APIs default to disabled on desktop
To avoid confusion on touch feature detection, ontouch* members on window, document, and element are disabled by default on desktop devices (Mac, Windows, Linux, ChromeOS). Note that this is not disabling touches, and usage such as addEventListener("touchstart", ...)
is not being affected.
- Update behavior of CSS Grid Layout percentage row tracks and gutters
This updates the behavior of percentage row tracks and gutters in grid containers with indefinite heights. Previously, these were behaving similarly to percentage heights in regular blocks, but the CSS WG has resolved to make them behave the same as for columns, making them symmetric. Percentages are now ignored when computing intrinsic height and resolved afterwards against that height. That way both column and row axes will have symmetric behavior to resolve percentages tracks and gutters.
- WebSocket: permit connection reuse for auth
When receiving a 401 HTTP response during the WebSocket handshake, Chrome will attempt to continue authentication on the same socket. Windows HTTP authentication usually requires a single connection to be reused for authentication to succeed. Until now, Chrome has always closed the connection on a 401 status response, so Windows authentication has not worked. Windows authentication support is mostly useful in enterprise environments where single-sign-on is used.
- WebUSB on Dedicated Workers
WebUSB is enabled inside dedicated worker contexts. This allows developers to perform heavy I/O and processing of data from a USB device on a separate thread to reduce the performance impact on the main thread.
- Deprecate and remove navigator.getGamepads().item(index)
This change deprecates and removes the legacy “item()” accessor method for the array of Gamepads returned by navigator.getGamepads(). This change improves compatibility with Firefox which is so far the only browser to implement GamepadList.
- Remove AppCache from non-secure contexts
AppCache is now removed from insecure contexts. AppCache is a powerful feature that allows offline and persistent access to an origin, which is a powerful privilege escalation for an XSS. This will remove that attack vector by only allowing it over HTTPS.
This feature was deprecated in Chrome 67.
- Remove HTMLFrameSetElement’s anonymous getter.
Deprecate and remove HTMLFrameSetElement’s anonymous getter which is non-standard.
- Token Binding
Token binding allows servers to cryptographically bind bearer tokens (such as cookies) to the TLS layer, to prevent attacks where an attacker exports a bearer token from the user’s machine to present to a web service and impersonate the user.
chromium71 Features:28
- Autoplay Policy for Web Audio
Web Audio will follow the rules of the autoplay policy already followed by other parts of Chrome able to produce sound. When an AudioContext is created, it will start as suspended if it wasn’t allowed to play. Calling resume() will only start the AudioContext if it is allowed to play. Furthermore, a previously blocked AudioContext will automatically be resumed if start() is called on a connected node after the document is user activated.
- ‘left’ and ‘right’ values for the ‘text-underline-position’ property
CSS3 Text Decoration spec adds new properties that implement new text decoration styling features such as lines, color, and style. This feature adds support for ‘left’ and ‘right’ values of the ‘text-underline-position’ property. The property itself shipped in Chrome 57. Currently, in vertical flow for Chinese and Japanese, which side the underline appears on is not the same across browsers. This enhancement fixes that.
- :host, :host-context, and ::slotted specificity
Chrome did not count the specificity for the :host() and :host-context() pseudo classes themselves. ::slotted() did not count the specificity for its arguments. This was not specified until 1 was resolved. From M71 Chrome ships specificity calculations per spec for Shadow DOM v1. The old behavior is kept for v0 for compatibility with existing content.
1 https://github.com/w3c/csswg-drafts/issues/1915
Bugs:
https://crbug.com/888042
https://crbug.com/857415
- Add FullscreenOptions
Adds the ability to customize the requestFullscreen API with FullscreenOptions on Android. This allows developers to chose between making the navigation bar visible versus a completely immersive mode where no user agent controls are shown until a gesture is performed.
Some developers may prefer that the navigation bar be visible when entering fullscreen mode as it can be difficult for users to determine how to exit fullscreen mode. Some browsers such as Samsung also make this the default.
- Async touchpad pinch zoom events
Async touchpad pinch zoom events are for improving the page pinch zoom performance. Currently, the touchpad pinch zoom exposes a control wheel event that allows JS to cancel it. With this change, if the user doesn’t make a pinch action on the touchpad, effectively canceling the control wheel event, then following control wheel events are not cancelable. But JavaScript does not know which ctrl wheel is the first one in the sequence, so if you want to cancel pinch zoom, you need to cancel all of t
- COLR/CPAL font support
COLR/CPAL fonts are one type of OpenType color fonts. These fonts compose layers of vector outline glyphs and color palette information into the final colored glyph. With this change, Chrome will support 3 color font formats cross-platform, the other two being CBDT/CBLC and SBIX. Because they are vector based, COLR/CPAL fonts provide for faster downloads and require less storage. An example of a COLR/CPAL font is the Twemoji color font (https://github.com/mozilla/twemoji-colr).
- CSS gradient color stop double-position syntax
Add support for CSS Image Values 4 color stop position syntax.
Currently, repeating colors require explicit positions, for example:
linear-gradient(45deg, black 25%, black 50%, white 50%, white 75%)
To simplify the definition of solid color bands, css-images-4 allows specifying up to two positions for a color:
linear-gradient(45deg, black 25% 50%, white 50% 75%)
- Call capture event listeners in capturing phase at shadow hosts
Call capture event listeners in capturing phase at shadow hosts.
Per the discussion of https://github.com/whatwg/dom/issues/685, Blink will align the event dispatch behavior to other browsers; Call capture event listeners in capturing phase at shadow hosts.
- ImageCapture support for exposureTime constraint
Image Capture API has a means to set exposureMode to manual which is not useful if you cannot set the exposure time (aka shutter speed, aka exposure duration). This change provides an interface for getting the exposure time range values as well as setting the exposure time in time units.
- IndexedDB database enumeration
IndexedDB databases() returns a list of all databases accessible by the origin of the current frame. The return value is a Promise that resolves with a list of IDBDatabaseInfo objects (currently just dictionaries of database name and version).
- Intl.RelativeTimeFormat
Intl.RelativeTimeFormat helps libraries and frameworks format relative time in a localized fashion by providing internationalized messages for date and time fields, using a customary local word or phrase when available. For example, calling its format() method with -5 and ‘day’ would return the string ‘5 days ago’.
Intl.RelativeTimeFormat is available behind a flag in Firefox 58.
- Permission API: “persistent-storage” property
The “persistent-storage” property is a new permission for the Permission API. The permission state can already be queried with navigator.storage.persisted(), with this change navigator.permissions.query({name:“persistent-storage”}) can be used as well.
- Permission Delegation
Currently, iframes on the web can make permission requests and users will be shown permission prompts that contain the origin of the iframe. Making permission decisions for iframes and managing previous decisions is complicated and confusing.
To address this problem, we propose that users only ever be required to make permission decisions about the top level origin of a website. It is then up to the top level website to delegate permission to the various iframes which it embeds, if it chooses.
- Picture-in-Picture (PiP)
The Picture-in-Picture API allows websites to create a floating video window that is always on top of other windows so that users may continue consuming media while they interact with other sites or applications on their device. This change only applies to <video>
elements.
- Rename Intl.DateTimeFormat.prototype.formatToParts type “dayperiod” to “dayPeriod”
This change corrects a non-compliant type in the formatToParts implementation.
- TextEncoderStream and TextDecoderStream APIs
Text encoding and decoding will support streams to enable you to easily convert streams of binary data to text and vice-versa. An example of its usefulness is with readable streams. With a non-stream Response object, response.Body.text() returns text. There is no equivalent for the ReadableStream returned by Response.Body, which can only return bytes. With the new API a streaming response body may be converted to text as so: Response.Body.pipeThrough(new TextDecoderStream()).
- Unprefixed Fullscreen API
The fullscreen API has features for entering, and exiting fullscreen mode as well as event handlers for monitoring such changes. A prefixed version of the API has been supported since Chrome 15. This update adds an unprefixed version of the API.
- Web Authentication getTransports
The W3C Web Authentication API1 provides an official replacement for the internal extension that Chrome ships to implement the FIDO U2F API for security keys.
The getTransports call is part of the current level two draft[2] and provides transport (e.g. USB, NFC, etc) information without wedging it into the attestation certificate, which is the current practice.
1 https://w3c.github.io/webauthn/
[2] https://github.com/w3c/webauthn/commit/11d549048ac5e462a4f9f44499032302adb29800
- WebAssembly PostMessage
Extends WebAssembly to support PostMessage of WebAssembly.Module objects to Web Workers. To clarify, this is scoped to just Web Workers (same process, different thread), and not extended to cross-process scenarios (such as cross-origin postMessage, or shared web workers).
- WebAudio: MediaElement and MediaStream nodes defined only for AudioContext
Chrome historically allowed creation of MediaElementAudioSourceNode’s, MediaStreamAudioSourceNode’s, and MediaStreamAudioDestinationNode’s using an OfflineAudioContext. This does not comply with the spec; these nodes should only be available for an AudioContext. The behavior with an OfflineAudioContext is not well-defined and contrary to the real-time nature of the nodes themselves.
Thus, only allow these nodes to be constructed for an AudioContext.
- globalThis
globalThis
enables a universal mechanism to access the global object even in strict functions or modules, regardless of the platform.
- queueMicrotask
Adds a new method, queueMicrotask() that allows direct queueing of a callback to run as a microtask. Microtasks are callbacks that run just before the current task ends. Current examples are callbacks for promises that resolve immediately. This method is available on the window and worker objects. See the explainer:
https://github.com/fergald/docs/blob/master/explainers/queueMicrotask.md
- Deprecate and Remove URL.createObjectURL for MediaStream
This API has been deprecated in 2013 and superseded by assigning streams to srcObject.
- Remove SpeechSynthesis.speak without user activation
This deprecation will cause speechSynthesis.speak to immediately fire an error if the document has not received user activation. This API is being abused by sites since it is one of the only remaining APIs which didn’t adhere to autoplay policies in Chrome. This was deprecated in Chrome 70.
- Remove importScripts() of new scripts after service worker installation.
Until this deprecation, a service worker could use importScripts() to import any script at any time. After this change, a service worker can only importScripts() in two cases:
- Before installation finishes (from the initial execution of the service worker until it reaches the
installed
state). - After installation finishes, only for scripts that were already imported in the previous phase.
- Remove prefixed WebKitAnimationEvent interface
The prefixed WebKitAnimationEvent interface will be removed. It is a non-standard alias for the widely supported AnimationEvent interface (https://developer.mozilla.org/en-US/docs/Web/API/AnimationEvent). For interoperability between browsers, web developers should use the standard AnimationEvent instead.
- Remove prefixed WebKitTransitionEvent interface
The prefixed WebKitTransitionEvent interface will be removed. It is a non-standard alias for the widely supported TransitionEvent interface (https://developer.mozilla.org/en-US/docs/Web/API/TransitionEvent). For interoperability between browsers, web developers should use the standard TransitionEvent instead.
- document.origin
The document.origin property will be deprecated and removed in Chromium, and then likely also removed from the DOM Standard. This property was only ever implemented in Chromium and WebKit. It is redundant with self.origin which can be used in both window and worker contexts and has wider support.
chromium72 Features:26
- Crash Reports
Crash reports are a new type of report available via the Reporting API. These reports indicate that a crash occurred on a page and possibly the reason it occurred (out of memory for example).
- ECMAScript module namespace exports
This feature extends the existing syntax for module exports by the form
export * as foo from “bar”
which is the analogue to the existing form
import * as foo from “bar”
- ErrorEvent interface on web workers
The ErrorEvent interface, inheriting from from its parent Event, represents events providing information related to errors in scripts or in a file. According to specifications, unhandled runtime script errors fire an ErrorEvent at a target and this interface should be exposed to web workers.
- Interoperable File.webkitRelativePath property
The File.webkitRelativePath of the File interface previously returned a value different from other major browsers, now it returns the same value.
For example, if a user has the following local files:
/tmp/a/foo/bar/1.txt, /tmp/a/foo/2.txt
and they selected /tmp with a file chooser dialog, webkitRelativePath in Chrome was:
foo/bar/1.txt, foo/2.txt
Other browsers, which Chrome now matches, return this:
tmp/a/foo/bar/1.txt, tmp/a/foo/2.txt
- Intl.ListFormat
Intl.ListFormat helps libraries and frameworks format a list in a localized fashion by providing internationalized messages using a customary local word or phrase when available. For example, calling its format() method with [“Alice”, “Bob”, “Charlie”, “Delta”] returns the string “Alice, Bob, Charlie, and Delta” in English.
- JavaScript Modules: Credentials mode defaults to “same-origin”
The default credentials mode for module script requests is changing from “omit” to “same-origin”, providing credentials to same-origin module script requests and their descendant scripts (static & dynamic imports). The current behavior can be surprising in that it’s misaligned with other high-level features like the Fetch API, and in the web platform’s current architecture, causes a second server connection. This is undesirable for developers looking to reduce latency.
- MediaStream.getDisplayMedia()
Captures a screen or application window to a MediaStream, for recording or sharing over the network.
This allows conferencing services to provide shared presentations in a conference, and allows remote control tools like Chrome Remote Desktop to provide an image of the controlled computer’s screen to the controlling computer.
- MediaStreamTrack resizeMode constraint
This property controls the method the browser uses to derive the resolution of a MediaStreamTrack. There are two supported values:
“none”: the track has the native resolution provided by the camera, its driver, or the OS.
“crop-and-scale”: the browser may use cropping and rescaling to adjust the resolution of the video produced by the camera.
This is useful for getting more consistent behavior across browsers, or if an application wants to make sure it gets only native resolutions.
- Navigator.languages and languagechange event on workers
The navigator.languages property exposes the Accept Language header and the languageevent, which is fired on the Window object to notifiy scripts of changes to this value. Both features allow web applications to handle i18n in the client and react to user language changes. This change makes these features available to workers. Specifically, navigator.languages is available on workers and languageevent is fired on workers as well as the main thread.
- Public class fields
This feature introduces public fields to classes in ECMAScript.
class MyClass {
instanceProperty = 0;
static staticProperty = 0;
}
- RTCPeerConnection.connectionState and RTCPeerConnection.onconnectionstatechanged
RTCPeerConnection.connectionState is a aggregate value computed from the transport states of the peerconnection’s underlying ICE and DTLS transports.
It’s intended to provide a more complete overview of the connection state than RTCPeerConnection.iceConnectionState, which is only supposed to be based on the ICE transports.
- Service worker: FetchEvent.resultingClientId
FetchEvent.resultingClientId, set on navigation requests or requests for workers, is the ID of the client, either a document or a worker that is created by the request. This is useful for associating the main resource request for a document with subsequent subresource requests from the document for logging and metrics purposes.
- Service worker: FetchEvents for requests for same-origin favicons.
Previously, technical limitations prevented service workers from receiving FetchEvents for favicon requests. Now, service workers receive FetchEvents as long as the request URL is on the same-origin as the service worker.
- Trusted Web Activities
Trusted Web Activities are a mode of Chrome Custom Tabs without browser UI, available to web content an app developer controls.
We want the modern mobile web (primarily PWAs) to go mainstream. Nevertheless, they make up a small proportion of app experiences on Android today. The vast majority of developers simply haven’t made one yet. TWAs lower the risks of distribution by allowing developers to integrate their PWA into a native app and give PWA developers the same capabilities as native apps.
- User Activation Query API
Some APIs cannot be used with a user activation (https://html.spec.whatwg.org/multipage/interaction.html#activation). Examples include requestFullScreen(), autoplay, window.open(). This restriction is a powerful tool for preventing annoying behavior by web pages. Unfortunately, there is no way to determine if a user activation is active. The User Activation Query API adds this ability.
- User Activation v2
User activation is the mechanism to maintain active-user-interaction state that limits use of “abusable” APIs (e.g. opening popups or vibrating). The web exposed behavior varies widely among major browsers. To unify the web, this feature defines a new user activation model that is simple enough for cross-browser implementation. The main changes introduced by this model are: (a) there is no concept of token passing, and (b) activation visibility changes from stack-scoped to frame-scoped.
- WebRTC Unified Plan SDP
RTCPeerConnections generate and parse SDP according to the standardized format. Exchanging SDP is needed to set up calls in WebRTC. Following the standard is important for cross-browser interoperability. Unified Plan also enables the RTCRtpTransceiver APIs. Changing from the old (“Plan B”) to the new format can cause backwards-compatibility issues or break applications, see the Transition Guide: https://docs.google.com/document/d/1-ZfikoUtoJa9k-GZG1daN0BU3IjIanQ_JSscHxQesvU/edit?usp=sharing
- Well-formed JSON.stringify
A Stage 3 ECMAScript proposal changes JSON.stringify to prevent it from returning ill-formed Unicode strings.
Previously, JSON.stringify would output lone surrogates if the input contained any lone surrogates:
JSON.stringify("\uD800");
// --> '"�"'
With this change, JSON.stringify outputs escape sequences for lone surrogates, making its output valid Unicode (and representable in UTF-8):
JSON.stringify("\uD800");
// --> '"\ud800"'
- Worker unhandled exception propagation
For dedicated workers, if an error is not handled then it will be propagated up to the parent context and the error reporting process begins again one layer up (e.g., to the window’s onerror handler). This allows for errors to be propagated up to the original document giving developers the freedom to choose when and how to handle worker errors.
- TLS 1.0 and TLS 1.1
Deprecate TLS 1.0 and 1.1, targeting removal in Chrome 81 (early 2020). During the deprecation period, sites using those protocols will show a warning in DevTools. After the deprecation period, in 2020, they will fail to connect if they have not upgraded to TLS 1.2 by then.
- Cache API: reject addAll() when requests would overwrite each other
The Cache.addAll()
API allows multiple entries to be added to the cache at once. The spec requires that each request/response pair avoid overwriting another entry being added in the same call.
Previously chrome would resolve such conflicts by storing the later entry and ignoring the earlier entry. This feature is to fix this behavior and properly reject with InvalidStateError.
- Remove HTTP-Based Public Key Pinning
HTTP-Based Public Key Pinning (HPKP) was intended to allow websites to send an HTTP header that pins one or more of the public keys present in the site’s certificate chain.
It has very low adoption, and although it provides security against certificate misissuance, it also creates risks of denial of service and hostile pinning. See https://groups.google.com/a/chromium.org/d/msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ for details.
- Rendering FTP resources
FTP is a non-securable legacy protocol. When even the linux kernel is migrating off of it (https://www.kernel.org/shutting-down-ftp-services.html), it’s really time to move on. One step toward deprecation and removal is to deprecate rendering resources from FTP servers and instead download them. We’ll still generate directory listings, but any non-directory listing could be downloaded rather than rendered in the browser.
- Treat ‘#’ as ending data URI body content
By spec, ‘#’ characters in data URIs should not be treated as part of the URI body, and should instead only mark the start of the URI fragment component. Historically Chrome has not adhered to the spec, instead treating ‘#’ characters as both fragment-starters and part of the body.
- Intervention: Rewrite slow pages for Lite Mode (Data Saver) users
On web pages that are expected to load slowly, Chrome may modify loading behavior to provide a faster page load to Lite Mode (Data Saver) users. This behavior modification can take many forms including but not limited to: blocking specific resources, loading partial resources, loading a previously saved version of the page, using Google servers to rewrite pages, etc.
- Intervention: Stop loading of non-critical resources on slow pages for data saver users
On webpages that are expected to load slowly, stop loading of non-critical resources. This includes (but is not limited to) JavaScript and CSS resources that do not contribute significantly to the visual appearance. This would be limited to only the data saver users. Users are shown a Lite Mode UI in the omnibox. Users can load default behavior by tapping “Show original” in the omnibox UI. An intervention report is sent when this optimization occurs.
chromium73 Features:36
- CanvasRenderingContext2D.getContextAttributes()
This method allows web developers to read back the ContextAttributes consumed by the platform and compare them to what were requested. Shipping this method will allow lining up with WebGL’s homonymous method.
1 https://cs.chromium.org/chromium/src/third_party/blink/renderer/modules/canvas/canvas2d/canvas_rendering_context_2d.idl?l=142
- RTCQuicTransport & RTCQuicStream
A standalone API using the QUIC transport protocol to exchange arbitrary data with remote peers. This provides a generic multiple-way transport that doesn’t use the full PeerConnection stack designed for media purposes.
The base API is shared with WebTransport. The difference is the RTCQuicTransport is P2P and uses ICE. For discussion on the webtransport see:
https://discourse.wicg.io/t/webtransport-proposal/3508
https://github.com/WICG/web-transport
- ::part pseudo element on shadow hosts
This specification defines the ::part() pseudo-element on shadow hosts, allowing shadow hosts to selectively expose chosen elements from their shadow tree to the outside page for styling purposes.
- CSS: Use the response URL as the base URL
The base URL of stylesheets is now the response URL of the stylesheet rather than the request URL. These are only different if a service worker provided the response. If the service worker does respondWith(fetch(url)), the base URL becomes url.
Also, to align with the specification, stylesheets that (a) failed to load due to network error, or (b) loaded via a redirect from cross-origin back to same-origin are considered cross-origin.
- Constructible Stylesheets
The API provides a way to create CSSStyleSheet objects from script without needing <style>
or <link>
elements. Script can optionally modify the stylesheet by adding, removing, or replacing rules in it. Each stylesheet object can then be adopted/used in multiple tree scopes (document/shadow roots). Not only does this reduce memory duplication, it also allows an element’s styles to be modified in a single location.
- Cross-Origin Resource Policy
“Cross-Origin-Resource-Policy” response header allows http servers to ask the browser to prevent cross-origin or cross-site embedding of the returned resource. It is complementary to the Cross-Origin Read Blocking feature and is especially valuable for resources not covered by CORB (which only protects HTML, XML and JSON).
“Cross-Origin-Resource-Policy” is currently the only way to protect images against Spectre attacks or against compromised renderers.
- DOMMatrixReadOnly.scaleNonUniform()
This function post-multiplies a non-uniform scale transformation on the current matrix and returns the resulting matrix. It is being re-added to support legacy compatibility with SVGMatrix. Non-uniform scaling is a transformation in which at least one of the scaling factors is different from the others. For example, non-uniform scaling might turn a rectangle into a square or a parallelogram.
- EME Extension: HDCP Policy Check
This feature provides applications the ability to query whether a certain HDCP policy can be enforced so that playback can be started at the optimum resolution for the best user experience.
- Flexbox: min-height: auto applies to nested flex boxes
We changed our rendering to match the flexbox specification and other browsers. In previous versions, Chrome did not implement the automatic minimum size for the specific case of a column flexbox containing a flex item that is itself a flexbox. We have now changed this so that such flex items do get the right minimum size.
This can cause flex items to not shrink anymore when they used to; to avoid that, set min-height: auto on the flex item.
- GamePad API: GamepadButton touched attribute
Provides the touched state of a gamepad button, which indicates whether a finger is on a button independent of whether it’s being pressed.
- Implicit Root Scroller
Allows viewport-filling scrollers (iframes, divs) to perform document-level scrolling actions. I.e. show/hide URL bar, overscroll glow, rotation anchoring, etc.
- Media Session
Enable websites to customize media metadata so they can control the notification and lock screen UI. Also allows control of media from outside a page, as well as using platform UIs and managing media keys.
- Object.fromEntries()
Object.fromEntries() turns a list of key-value pairs into an object.
- Origin-Signed HTTP Exchanges
Allows sites to send HTTP request/response pairs (exchanges) that are authoritative for an origin, even when the server itself is not authoritative for that origin.
This is part of Web Packaging, which will allow people to share web applications peer-to-peer, while offline, with proof that an app comes from its original author.
This also shares some infrastructure with signature-based SRI.
- Per-media DSCP through RtpSender::SetParameters
Add a networkPriority field to RtcRtpSender Paremeters property to allow different senders’ media to use differnt DSCP markings.
This allows the client to accept configuration from administrators to work better in constrained network environments, or with wifi WMM prioritization.
- PerformanceObserver supportedEntryTypes
PerformanceObserver.supportedEntryTypes provides a way to feature-detect the PerformanceEntry types that are implemented in a web browser. The types are sorted alphabetically. For example, a developer running this in Chrome could get something like this in the console:
PerformanceObserver.supportedEntryTypes
// Output is: [“longtask”, “mark”, “measure”, “navigation”, “paint”, “resource”]
- RTCConfiguration.offerExtmapAllowMixed
Adds a boolean property to RTCConfiguration.offerExtmapAllowMixed() to enable the extmap-allow-mixed attribute in a session description protocol (SDP) offer.
The SDP attribute extmap-allow-mixed, as defined in RFC8285, will be included in the SDP offer if this property is set to true. The SDP attribute extmap-allow-mixed is supported from Chrome 71, but due to backwards compatibility problems it was not included in the SDP offer by default.
- RTCRtpReceiver.getParameters()
The getParameters() method returns the RTCRtpReceiver object’s track decoding parameters, which includes the codec and RTP header lists negotiated for the call, the RTCP information, and the layer count.
This API is analog to RTCRtpSender.getParameters() and presents similar information for a call, but on the receiver side. It does not allow modification of the call’s parameters.
- RTCRtpReceiver.getSynchronizationSources()
The getSynchronizationSources() method returns the latest playout timestamps of RTP packets for audio and video receivers. This is useful for determining in real time which streams are active, such as for the use case of audio meters or prioritizing displaying active participant streams in the UI.
- RegExp String.prototype.matchAll()
String.prototype.matchAll() behaves similarly to String.prototype.match(), but returns a full regexp result object for each match in a global or sticky regexp. This offers a simple way to iterate over matches when access to, for example, capture groups is needed.
- Spec-compliant shadow blur-radius
Historically, Blink’s blur-radius interpretation has been at odds with both the CSS and Canvas2D specs: Blink shadows cover about half the expected area (see linked bug).
With this change Gaussian blur sigma is now computed as 1/2 blur-radius, as mandated by spec. Blink’s shadow implementation now matches FireFox and Safari.
- Transform list interpolation
Chrome will improve how CSS transforms are handled to reduce cases where a matrix interpolation fallback is used. An interpolation is an intermediate transformation. Sometimes interpretation of the CSS rule requires falling back to a matrix to accomplish the interpolation, and this can produce visual results other than what the web developer intends. To mitigate this, the spec was changed to reduce the number of situations when this can occur.
- Treat Document Level Wheel/Mousewheel Event Listeners as Passive
The wheel/mousewheel event listeners that are registered on document level targets (window.document, window.document.body, or window) will be treated as passive if not specified as otherwise and calling preventDefault() inside such listeners will be ignored. This is the wheel version of the scrolling intervention which is shipped in Chrome 56: https://developers.google.com/web/updates/2017/01/scrolling-intervention
- Turn RTCRtpContributingSource from an interface into a dictionary
The specification requires RTCRtpContributingSource to be a dictionary, but it was previously shipped as an interface. With this change RTCRtpContributingSource will no longer have a prototype and getContributingSources() will create a new set of objects with each call.
- Windows Web Authentication APIs
This feature integrates Chrome on Windows with the Windows WebAuthn platform APIs. This enables talking to FIDO U2F and CTAP authenticators for 2-factor authentication over USB, BLE, NFC via the Web Authentication API. This additionally adds support for the Windows Hello platform authenticator for 2-factor and user-verifying authentication.
- XHR: Use the response URL for responseURL and documents
XHR now uses the response URL rather than the request URL for responseURL and responseXML. These are only different if a service worker provided the response. If the service worker does respondWith(fetch(url)), then responseURL is url and responseXML.URL is url.
- XSLT: Use the response URL as the base URL
The base URL of XSLT stylesheets is now the response URL of the stylesheet rather than the request URL. These are only different if a service worker provided the response. If the service worker does respondWith(fetch(url)), the base URL becomes url.
- document.visibilityState set to “hidden” when WebContents is occluded
Thanks to the WebContents Occlusion feature in Chromium, the Page Visibility Web API will now reflect accurately the visibility state of web pages, especially when they are occluded. In other words, the document.visibilityState value will be “hidden” when browser tab/window is covered by one or multiple window(s).
- imagesrcset and imagesizes attributes on link rel=preload
Add imagesrcset and imagesizes attributes to <link rel=preload as=image>
, that correspond to the srcset and sizes attributes of HTMLImageElement. We are using imagesizes here instead of sizes because it already has a different meaning for HTMLLinkElement in the rel=icon case.
- Sending custom per-request user-agent to HTTP proxies in CONNECT requests
When establishing an HTTPS connection over an HTTP/HTTPS/H2/QUIC proxy, we send a CONNECT request with its own set of headers. Currently, if the original HTTPS request had a custom user-agent string, we would send that with the CONNECT request, rather than the default user-agent header. We plan to remove this behavior, and just use the configured global user-agent header.
- EXPLAIN and REINDEX support in WebSQL
EXPLAIN’s output is not guaranteed to be stable over SQLite versions, so developers cannot rely on it. REINDEX is only useful when collation sequence definitions change, and Chrome only uses the built-in collation sequences.
- Remove isomorphic decoding of URL fragment identifier
When Chrome opens a URL with a fragment id, it decodes %xx and applies isomorphic-decode 1 to it, then tries to find an element with the decoding result as an ID in some cases. No other browsers do this, and it’s not defined by the standard.
For example, if a user opens example.com/#%F8%C0, Chrome
- searches the page for an element with id=“%F8%C0”
- If it’s not found, it searches the page for an element with id=“øÀ”
1 https://infra.spec.whatwg.org/#isomorphic-decode
- Auto Picture-in-Picture
Video in installed Progressive Web Apps (PWAs) will enter and exit picture-in-picture automatically when a document’s visibility changes.
Web apps for video meetings will benefit by allowing picture-in-picture when users switch back and forth between web apps and other applications or tabs. This is currently not possible because a user gesture is required to enter picture-in-picture.
- Feature Policy violation reporting
Enable reporting of feature policy violations through the Reporting API.
- Skip Ad in Picture-in-Picture window
Show a “Skip Ad” button in Picture-in-Picture window that notifies websites when user a interacts with it.
- WebRTC audio jitter buffer RTX handling
Enables functionality in the audio jitter buffer in WebRTC to adapt the delay to retransmitted packets.
chromium74 Features:25
- Face Detection API
The Face Detection API is a subset of the Shape Detection API which provides the ability to detect human faces and facial landmarks in an image provided by script. The image may come from any type of image buffer source such as an <image>
, <video>
or <canvas>
tag.
- Text Detection API
The Text Detection API is a subset of the Shape Detection API which provides the ability to detect and optionally transcribe text in an image provided by script. The image may come from any type of image buffer source such as an <image>
, <video>
or <canvas>
tag.
- Add scaleResolutionDownBy to RTCRtpEncodingParameters
This setting scales down the resolution of a video’s layers in each dimension by the given value before sending. For example, setting the value to 2.0 scales each dimension by a factor of 2, sending a video a quarter of its size. The value must be greater than or equal to 1.0 (the default). The default value applies no scaling.
- AudioContextOptions.sampleRate
Allows developers to set the “sampleRate” for an AudioContext at the time it is created. This allows developers to set an arbitrary sample rate for audio processing in Web Audio API.
- Background Fetch API
Background Fetch API provides a service worker based download and upload mechanism which is persistent across service worker and browser restarts.
The system will provide a developer-controllable interface to schedule, query, pause, and cancel background downloads and uploads. After a scheduled fetch completes, the system will notify the developer of the outcome of the operation.
In-progress fetches will be visible to users in a notification.
- CSS Transition Events
The CSS Transitions specification specifies that transition events are sent when a transition is enqueued, starts, ends, or is canceled as transitionrun, transitionstart, transitionend, and transitioncancel respectively.
These events mirror the CSS animation events which allow developers to observe CSS animations.
- CSS prefers-reduced-motion media query
Support will be added for the CSS prefers-reduced-motion media query. The prefers-reduced-motion media query detects whether the user has requested that the system minimize the amount of motion it uses; in particular motion-based animation. This is for users who either require or prefer minimized motion. For example people with vestibular disorders often desire animation motion to be kept to a minimum.
- Disallow opener navigation downloads from cross origin popups
If a popup navigates its opener to a URL which results in a download, the download will be blocked and the navigation cancelled, if the popup is cross-origin to its opener. This resolves a long standing security issue.
- Feature Policy: JavaScript API
A JavaScript API will be exposed for feature policy. This API contains three functions.
document.featurePolicy.allowedFeatures() // What are the allowed features in this document?
document.featurePolicy.allowsFeature(‘geolocation’, <origin>
?) // Is geolocation allowed in this document or origin?
document.featurePolicy.getAllowlistForFeature(‘geolocation’) // What origins are allowed to use geolocation?
- Hashbang interpreter line
Allows the first line of a script or module source file to specify an interpreter to evaluate the script.
e.g.
#!/path/to/v8/v8-shell
print('Hello, world!');
- IntersectionObserver V2
Augment IntersectionObserver to report information about occlusion and visual effects.
Currently, IntersectionObserver does not consider whether a target element has been painted over (“occluded”) by other content or whether any visual effects have been applied which may alter or obscure the element’s display. This change adds a boolean field to IntersectionObserverNotification, indicating whether the UA can guarantee that the target will be displayed unoccluded and without visual effects.
- Intl.Locale
Intl.Locale class allows the following:
Parsing and manipulating the language, region and script of a locale;
Reading or writing the Unicode extension tags in a locale;
Storing user locale preferences for this API in a serializable, standard format (rather than using a combination of language and the options object).
- Make MediaDevices and related functions and types secure context only
Make the MediaDevices interface and its related functions and types, including getUserMedia(), enumerateDevices() and getDisplayMedia() available only in secure contexts.
- PaymentRequest.hasEnrolledInstrument()
The PaymentRequest.hasEnrolledInstrument() method returns a boolean indicating whether the user has a payment instrument in their profile that matches the payment identifier in a PaymentRequest and whether it is ready to handle payment at the time PaymentRequest.show() is called.
- Private class fields
This feature introduces private fields to classes in ECMAScript.
Note: This entry only pertains to the private fields part of the proposal, not the public fields.
- RTCIceCandidate and RTCIceCandidateInit
RTCIceCandidate and RTCIceCandidateInit will be made spec-compliant.
The RTCIceCandidate interface describes an ICE candidate in WebRTC. It is available in Chrome, but it is not spec compliant as it is missing some fields. There are also some deviations from the spec in terms of nullable and read-only attributes and errors thrown by the constructor.
- Reflect redirects to worker global scope’s URL
Worker global scope’s URL (self.location, referrer, and base URL) should reflect redirects (i.e. should be the response URL, not the request URL), according to the spec.
The worker global scope’s URL has been the response URL in Firefox and the request URL in Chromium/Safari/Edge.
Chromium is changing it to the response URL to match with the spec.
Spec issue: https://github.com/whatwg/html/issues/3760
- Remove [NoInterfaceObject] from DeviceOrientation Event interfaces
The [NoInterfaceObject] annotation is being removed from WebIDL. The DeviceOrientation Event specification has been updated to remove this annotation from the Acceleration and RotationRate interfaces and rename them to DeviceMotionEventAcceleration and DeviceMotionEventRotationRate in order to avoid polluting the global namespace with generic interface names.
- Signed Exchange Reporting for distributors
Signed Exchange Reporting for distributors extends the Network Error Logging to enable the distributors of signed exchanges to investigate signed exchange loading errors such as certificate verification errors.
- TextEncoder encodeInto() method
TextEncoder’s encodeInto() method allows an encoded string to be written directly “into” a supplied pre-allocated buffer, offering a performant alternative to using encode() to produce a buffer, and copying its contents into an existing buffer.
- WebAssembly Worker Based Threads
The WebAssembly Threads feature allows multiple WebAssembly instances in separate Web Workers to share a single WebAssembly.Memory object.
As with SharedArrayBuffers in JavaScript, this allows very fast communication between the Workers. This can be used to offload computation to another thread to keep the main thread and its UI responsive.
- XHR fallbacks UTF-8 when invalid encoding is specified
When an invalid encoding is specified for XMLHttpRequest (via overrideMimeType() or the response’s mime type), UTF-8 is used e.g. for responseText, which is spec conformant. Previously Latin-1 was used.
- service worker: client.postMessage() is buffered until the document is ready.
To prevent messages from being delivered before the destination is ready, client.postMessage() does not dispatch the message until one of the following has occurred on the destination:
- ‘DOMContentLoaded’ event is fired.
- onmessage is set.
- startMessages() is called.
- type in PerformanceObserver’s observe() dictionary
The addition of the ‘type’ member will allow passing in parameters specific to one entry type when calling observe() within PerformanceObserver. Right now, ‘entryTypes’ is used to specify potentially multiple entry types to be observed at the same time.
An observer can only use ‘entryTypes’ or ‘type’.
An observer can only specify additional parameters when using ‘type’.
An observer can still observe multiple entry types by calling observe() with ‘type’ multiple times.
- Remove PaymentAddress’s languageCode property
PaymentAddress’s languageCode property is browser’s best guess for the language of the text in the shipping, billing, delivery, or pickup address in Payment Request API.
chromium75 Features:27
- IFrame execution/freezing feature policy
Adds ability to pause execution of an iframe that is not rendered or scrolled out of view.
- Overscroll and Scrollend DOM events
Similar to scroll event, Chrome will send overscroll and scrollend DOM events.
- Allow PaymentRequest.show() to take optional detailsPromise
Some merchant sites may not know the total or line items at the time of attempting to open the payment sheet with show(). This feature is a way to signal that the browser should show a spinner or equivalent and wait on allowing end user interaction until an update.
- Animation constructor
Currently the Web Animations API allows developers to create animations using the Element.animate() method, which returns an Animation object that is internally constructed.
The full Animation constructor gives the developer more control over the created Animation, including specifying the timeline (currently useless, but in the future enables other types of timelines) and the exact KeyframeEffect object (see https://www.chromestatus.com/feature/4868532347076608)
- AnimationEffect and KeyframeEffect (excluding getKeyframes/setKeyframes & composite/iterationComposite)
AnimationEffect and KeyframeEffect are part of the Web Animations API. They allow a developer interactive control over the following parts of their Animation:
- the Animation target (i.e. what element is being animated)
- the Animation timing properties (duration, delay, etc)
We do not intend to ship the composite and iterationComposite members or the getKeyframes/setKeyframes methods at this time.
- AppCache: Cross-origin resource size padding
For quota accounting purposes, the size of cross-origin AppCache resources will be padded. Cross-origin resources are resources whose origin differs from the manifest’s origin. The size padding will be a random number, uniformly distributed between 0 and about 14MB.
Quota accounting purposes include the size reported by the Quota API and quota enforcement (an origin’s storage API calls are blocked when the origin exceeds its quota).
- CSP:
script-src-attr
,script-src-elem
,style-src-attr
,style-src-elem
directives
These 4 new directives provide the functionality of the script/style directive but with more granularity, applying to elements or attributes.
- HTMLVideoElement.playsInline
This is a hint a website may provide to a user agent to display a video content within the element’s playback area.
- Low latency canvas contexts with desynchronized
The getContext() method now supports a desynchronized option, which provides a low-latency alternative to the now deprecated NaCl/PPAPI solution which used native OpenGL rendering. The new solution uses either 2d or webgl rendering. For example:
let context_type = '2d’; // Or 'webgl' canvas.getContext(context_type, {desynchronized: true});
- MediaStreamTrack.getCapabilities() support for audio device-related constrainable properties.
Returns the device-related capabilities (namely sample size, sample rate, latency, and channel count) of the source associated to a MediaStreamTrack.
There is also a variant InputDeviceInfo.getCapabilities(), available in the results of MediaDevices.enumerateDevices().These devices are used as sources for MediaStreamTrack; in this case, getCapabilities() returns the same values as MediaStreamTrack.getCapabilities() for sampleSize, channelCount, and latency.
- Numeric separators
This feature enables developers to make their numeric literals more readable by creating a visual separation between groups of digits. Using underscores (_, U+005F) as separators helps improve readability for numeric literals, for ex: 1_000_000_000.
- RTCDtlsTransport
Adds a component to provide information about active transports. Specifically, this interface allows an application access to information about the Datagram Transport Layer Security (DTLS) transport over which RTP and RTCP packets are sent and received by RTCRtpSender and RTCRtpReceiver objects, as well other data such as SCTP packets sent and received by data channels.
- RTCIceTransport
Provides information about the state of the ICE transports used by RTCPeerConnection to send and receive media to another endpoint.
- Scroll Snap Stop
Normally an inertial scroll operation (such as a swipe gesture) may skip several possible snap positions in favor of a snap position that is closer to its natural end point (which depends on platform and gesture characteristics such as velocity). scroll-snap-stop enables authors to designate a snap position such that it traps the inertial scrolling operations preventing the scroll from skipping it.
- Service workers appear in Chrome’s Task Manager
Service workers now appear in Chrome’s Task Manager.
- Storage Quota Usage Details
This change adds a dictionary to the returned dictionary of storageManager.estimate() that contains details about usage for each storage backend. The goal is to aid in debugging issues around overuse of specific storage systems.
- Support noreferrer attribute for window.open()
Allows a web page to use window.open() without leaking referrer information by leaving the referrer header out of page navigations.
- Web Authentication API: FIDO CTAP2 PIN support
The Web Authentication API (WebAuthn) lets web applications authenticate users via external authentication devices called security keys. This feature extends Chrome’s implementation of WebAuthn to support local user authorization of security key operations via a user-defined PIN for keys that implement the FIDO CTAP2 protocol. Web sites using WebAuthn can request or require such authorization via the API’s “user verification” mechanisms (https://www.w3.org/TR/webauthn/#user-verification).
- Web notification inline replies
This feature adds support for text actions on web notifications. It allows web developers to let users quickly input text in response to a notification, within the notification itself. This is expected to be particularly useful for chat apps.
- WebAssembly Bulk Memory Operations
Adds a memmove type opcode to WebAssembly and enhances existing data sections to support importable base.This allows better optimization of large memcpy/memmove operations. Data section improvement will make shared libraries work better, especially with threads.
- WebAssembly Non-trapping Conversion
Adds opcodes to WebAssembly to support non-trapping float-to-integer conversion to improve the ergonomics of the bytecode format.
- stale-while-revalidate
The stale-while-revalidate attribute is used by the Cache-Control header and defines an extra window of time during which a cache (proxy, user agents) can use a stale asset while it revalidates it asynchronously.
This improves subsequent page load latencies as stale assets are non longer in the critical path.
- waitUntil/respondWith can be called inside a microtask during event dispatch.
To conform to the specification, ExtendableEvent.waitUntil() and FetchEvent.respondWith() can now be called during the microtask checkpoint at the end of event dispatch. Previously, this would throw an InvalidStateError.
- Remove cursors greater than 32x32 device-independent pixels intersecting native UI
Custom cursors with widths or heights greater than 32 DIP will be removed if
they intersect native UX (i.e. are not fully contained in the visual viewport).
Large cursors are being used abusively on the web, to confuse users (see https://crbug.com/880863). Specifically, large custom cursors can be used to cover important (sometimes security related) browser native UX with an arbitrary image to mislead users into thinking they are clicking outside the content area.
- Remove unimplemented -webkit-appearance keywords
Remove the following -webkit-appearance keywords:
button-bevel
caret
listitem
media-controls-background
media-controls-fullscreen-background
media-current-time-display
media-enter-fullscreen-button
media-exit-fullscreen-button
media-mute-button
media-overlay-play-button
media-play-button
media-time-remaining-display
media-toggle-closed-captions-button
media-volume-slider-container
menulist-textfield
menulist-text
progress-bar-value
They are parsable keywords, but has no painting code.
- overflow: -webkit-paged-x , overflow: -webkit-paged-y
These are old webkit-specific properties that allowed developers to fragment content over columns inside a scrollable region.
See: https://bl.ocks.org/grorg/99eb053b432070b05d1e29759d81458f
Practically speaking this isn’t used. Most developers use it accidentally, and typically when it is used this property to forces a new formatting context similar to setting “overflow: hidden”.
- WebRTC relative packet arrival delay statistic
Add new non-standard audio receiver metric to the WebRTC getStats() API called relativePacketArrivalDelay. The metric estimates the delay of incoming packets relative to the first packet received.
chromium76 Features:36
- Display alerts for SameSite cookie changes in the developer console
Show alerts in the developer console for “Cookies with SameSite by default” and “Reject insecure SameSite=None cookies” to warn developers of upcoming changes that may require their action.
- Feature Policy: focus-without-user-activation
A feature policy to restrict the use of programmatic focus, when not triggered by a user activation.
The proposed policy provides a way to control access to the focus API without user activation. The immediate use case would be restricting all sandboxed frames. Focus API, in this context refers to focus management API and autofocus.
- Pause Worklets and Dedicated Workers Execution on document freeze
Dedicated workers and worklets continue to execute even though documents may be frozen due to the page lifecycle.
- Add RTP timestamp to RTCRtpReceiver.RTCRtpContributingSource
Add RTP timestamp to RTCRtpReceiver.RTCRtpContributingSource. This is additional metadata to the existing RTP source.
- Animation.updatePlaybackRate
Animation.updatePlaybackRate() lets you seamlessly transition the playback rate of an animation such that there is no visible jump in the animation. Current time is preserved at the instance the new playback rate takes effect.
- Async Clipboard: Read and Write Images
Implements programmatic copying and pasting of images for the Async Clipboard API. This change also updates navigator.clipboard.read() and navigator.clipboard.write() to comply with the specification. Programmatic copying and pasting of images is Chromium’s top starred bug.
- CSS backdrop-filter property
The backdrop-filter CSS property applies one or more filters to the “backdrop” of an element. The “backdrop” basically means all of the painted content that lies behind the element. This allows designers to construct “frosted glass” dialog boxes, video overlays, translucent navigation headers, and more.
- Consume User Activation After Entering FullScreen Mode
To prevent a user activation from opening more than one fullscreen window, entering fullscreen will consume the user activation.
- DateTimeFormat dateStyle and timeStyle
Adds dateStyle and timeStyle options to functions on Intl.DateTimeFormat, specifically formatToParts() and resolveOptions(). These options provide a compact way to request the appropriate, locale-specific date and time of given length styles.
- Escape key is not a user activation
The Escape key is no longer treated as a user activation.
- Fetch Metadata
Introduces a new set of HTTP request headers, including Sec-Fetch-Site
, Sec-Fetch-Mode
and Sec-Fetch-User
, that sends additional metadata about a request’s provenance (is it cross-site, is it triggered from <img>
, etc.) to the server to allow it to make security decisions which might mitigate some kinds of attacks based on timing the server’s response (xsleaks and others).
- ImageCapture support for focusDistance constraint
The Image Capture API provides a means to set the focusMode to manual which is not useful if you cannot set the focus distance. This change provides an interface for getting focus range values and setting focus distance value.
- Implement Animation.pending
Adds the pending attribute to the Web Animations API.
A pending animation is one that is waiting on an asynchronous operation that affects the play state. Adding support for this attribute does not affect the rendering or timing of animations, but simply exposes the signal.
- Implement IDBCursor
request
attribute
This exposes the underlying IDBRequest of IDBCursor objects. It is a minor addition, exposing previously spec’d behavior.
- IndexedDB transaction explicit commit API call
Adds a commit() function to IDBTransaction objects, which explicitly marks a transaction as not accepting further requests.
Currently, IndexedDB only commits a transaction after all associated requests have had their completion event handlers executed, and no new requests have been queued by the event handlers. Developers can use the explicit commit() function to shave a few event loop cycles off of the latency of their transactions.
- Intl.DateTimeFormat.prototype.formatRange
Adds formatRange() and formatRangeToParts() methods to Intl.DateTimeFormat to format a range of times between two dates, such as ‘Jan 10 – 20, 2007’, or ‘Jan 10 – Feb 20, 2007’.
- Locale sensitive BigInt.prototype.toLocaleString and allow Intl.NumberFormat format/formatToParts to take BigInt.
Changes BigInt.prototype.toLocaleString() to locale-sensitive number formatting and changes Intl.NumberFormat.prototype.format() and formatToParts() to accept BigInt as input.
- Media Capabilities in Workers
Enables the Media Capabilities API in all types of workers to help websites pick the best media to stream from a worker. The information can then be used to create the MediaStream from a worker.
- Media Queries: prefers-color-scheme feature
Adds the ‘prefers-color-scheme’ feature, which lets authors adapt web content to user-selected dark theme in the OS or browser. Valid options are ‘light’, ‘dark’, or ‘no-preference’.
- PaymentMethodChangeEvent
Adds the PaymentMethodChangeEvent and the associated event handler PaymentRequest.onpaymentmethodchange. Handler invocation indicates that the user has changed payment methods. The event can be useful when a merchant re-calculates a total value with method details. For example, merchants can calculate tax by reading billing address information in the event.
- PaymentRequestEvent.changePaymentMethod()
Enables payment handlers to get the updated total from the merchant in response to a change in payment instrument selected within the payment handler. This fires the PaymentMethodChangeEvent on the merchant website.
- Promise.allSettled
Adds Promise.allSettled(), which returns a promise that is fulfilled with an array of promise state snapshots, but only after all the original promises have settled, in other words after it has either fulfilled or rejected.
- Push API : Allow passing a base64url-encoded value to
applicationServerKey
The applicationServerKey option is used by the user agent when establishing a push subscription with a push service. This is the key that the application server will use to authenticate itself when sending push messages to this push subscription. Currently, applicationServerKey only supports BufferSource in Chrome. After this change, it can also accept a base64url encoded value.
- RTCRtpSender.setStreams
Allows changing the association between the track associated with an RTCRtpSender and streams. Stream association causes tracks in the same stream to be synchronized. This is useful, for example, if during a call a user switches from a front-facing camera to a back-facing camera and the application uses RTCRtpSender.replaceTrack(). On the receiving end the new track must be associated with the existing stream and synchronized with its auto track.
- RTCRtpTransceiver.setCodecPreferences()
Adds the setCodecPreferences() method, which overrides the default codec preferences used by the user agent. This allows applications to disable the negotiation of specific codecs. It also allows an application to cause a remote peer to prefer the codec that appears first in the list for sending.
- Simpler reading methods for Blob interface
Adds three new methods to the Blob interface to perform read operations: text(), arrayBuffer(), and stream().
- The ImageBitmap rendering context for
<offscreenCanvas>
We are adding ImageBitmapRendererContext as a valid context for OffscreenCanvas. ImageBitmapRenderingContext allows direct transfer of an ImageBitmap to the canvas surface.
This is particularly important as a way to render an ImageBitmap to a Canvas from a Worker (without transferring the ImageBitmap to the main thread).
This is also currently the spec-defined way to render WebGPU content to the screen.
- Web Authentication API: Resident Keys
Security keys are generally stateless save for a global signature counter. While it’s technically possible to implement a stateful security key, physical tokens generally encrypt their state in a credential ID that is stored on the server of the relying party.
Resident keys allow the security key to keep state and thus allow a username-less login experience by just proving a local PIN to the device. Developers can exercise this via the existing Webauthn standard.
- WebAudio: MediaStreamAudioDestinationNode has no outputs
According to the specification, the MediaStreamAudioDestinationNode in WebAudio should have no outputs. Chrome’s implementation has a single output which will be removed.
- WebRTC RTCSctpTransport
Exposes information about the SCTP transport that is used to carry WebRTC DataChannels such as max-message-size and max channels.
- form.requestSubmit()
Adds the form.requestSubmit() function, which requests form submission. It includes interactive constraint validation, dispatches a ‘submit’ event, and takes a reference to the submitter button.
- white-space: break-spaces
Adds the break-spaces value for the white-space property which specifies that any sequence of preserved white space that would otherwise overflow a line and hang (as per the CSS Text Module spec’s Trimming and Positioning rules) must be broken.
- Feature Policy: lazyload
The lazyload feature policy allows developers to selectively control the lazyload attribute on <iframe>
and <img>
using the Feature-Policy header or the <iframe>
“allow” attribute. This provides more control over loading delay for embedded contents and images on a per origin basis. Use this policy to force loading to delayed or non-delayed for your entire website and all or parts of any embedded contents. Use of this policy benefits page load times.
- Remove Insecure Usage of DeviceMotionEvent
Chromium has been showing deprecation warnings since 2015 whenever the API is used in a non-secure browsing context. We now conclude the deprecation by restricting the API to secure browsing contexts. This change brings Chromium’s implementations in line with the privacy and security recommendations in the specification, and is aligned with the overarching effort to deprecate powerful features on insecure origins.
- Remove Insecure Usage of DeviceOrientationEvent
Chromium has been showing deprecation warnings since 2015 whenever the API is used in a non-secure browsing context. We now conclude the deprecation by restricting the API to secure browsing contexts. This change brings Chromium’s implementations in line with the privacy and security recommendations in the specification, and is aligned with the overarching effort to deprecate powerful features on insecure origins.
- Portable Native Client (PNaCl)
Run C/C++ code compiled to bitcode on any web page. The code runs inside the Native Client sandbox and has access to the same capabilities as JavaScript via the Pepper APIs.
chromium77 Features:38
- Add frozen or active lifecycleState to ServiceWorker Client
Exposes the client’s PageLifecycle state on the ServiceWorker Client API.
- ‘formdata’ event
The ‘formdata’ event enables any objects to provide form data. It helps avoid creating <input type=hidden>
representing application state, or making submittable custom elements.
- Alternative Text in CSS Generated Content
Currently there is no way to supply alternative text for CSS generated content. This change would allow alternative text to be supplied for elements that get their content from the content property.
- Automatically lazily load below-the-fold iframes and images for Lite Mode users
Enables deferring the load of below-the-fold iframes and images pages until the user scrolls near them, without requiring actions by web developers. This helps to reduce network data and memory use, and may also increase site speed by prioritizing content that users are viewing. This feature is enabled for Chrome Lite Mode users only.
- Deprecate insecure Web MIDI use
Stop exposing Web MIDI API to insecure origins from Chrome 77.
- Do not apply hover when mouse does not move
To update the hover state when a page scrolls or changes layout, Blink currently dispatches fake mouse moves based on a timer because the mouse does not move. Unfortunately, every mouse move does a hit test which affects both performance and testing. This change applies the hover effect only when a mouse physically moves, improving performance and eliminating issues created by fake mouse events.
- ElementTiming for img
The ElementTiming API will allow developers to know when certain important image elements are first displayed on the screen. It will also enable analytics providers to measure the display time of images that take up a large fraction of the viewport when they first show up.
- ElementTiming for text
The ElementTiming API will allow developers to know when certain important text elements are first displayed on the screen. It will also enable analytics providers to measure the display time of text that takes up a large fraction of the viewport when they first show up.
- Enter Key Hint
The enterkeyhint content attribute is an enumerated attribute that specifies what action label (or icon) to present for the enter key on virtual keyboards. This allows authors to customize the presentation of the enter key in order to make it more helpful for users.
- Error serialization
Enables serialization of errors, specifically, DOMException, Error, EvalError, RangeError, ReferenceError, SyntaxError, TypeError, and URIError. An example of where this capability may be used is to pass an Error to a worker using PostMessage().
- Feature Policy control over document.domain
The document-domain policy governs access to document.domain. It is enabled by default, and, if disabled, attempting to set document.domain will throw an error.
- First Input Timing
The PerformanceEventTiming interface provides timing information about the latency of the first discrete user interaction, specifically one of key down, mouse down, click, a pointer down followed by a pointer up. (Pointer down may be the start of scrolling, which is not tracked.) This is a subset of the EventTiming API, but will be exposed in advance because it provides key metrics to help measure and optimize responsiveness.
- Form-associated custom elements
Form-associated custom elements enable web authors to define and create custom elements which participate in form submission.
- Intervention: ignore input events targeting recently-moved iframes.
To prevent unintended clicks/taps, quietly discard input events that target cross-origin iframes that have recently resized or moved a non-trivial distance within the embedding page’s viewport.
The shipped version limits the intervention to cross-origin iframes that are using the V2 feature set of IntersectionObserver (https://github.com/w3c/IntersectionObserver/tree/v2).
- Intl.NumberFormat Unified API Proposal
This feature improves Intl.NumberFormat by adding support for measurement units, currency and sign display policies, and scientific and compact notation.
- Largest contentful paint
Largest Contentful Paint (LCP) is a new page load metric available as a performance API, which describes page speed as the speed of delivering the largest contentful element to the screen.
It is the high-level metric (where Element Timing is its low-level primitive) aiming to provide a meaningful result even for developers who don’t annotate their sites.
- Layout Instability Monitoring
Adds the LayoutShift interface to the Performance API, allowing developers to monitor changes to a DOM element’s on-screen position.
- Lazily load iframes and images via ‘loading’ attribute
Support the ‘loading’ attribute, which can be used to defer the load of below-the-fold iframes and images on the page until the user scrolls near them. This is to reduce data usage, memory usage, and to speed up above-the-fold content. Web developers can opt-in to lazy load by specifying loading=lazy on <iframe>
and <img>
elements.
- Limit
Referer
header’s length to 4k
Strips the Referer header down to an origin when it’s size exceeds 4k.
- Limit registerProtocolHandler() url argument to http/https
Limits registerProtocolHandler() to only accept URLs with http or https schemas. Because the intent of the API is to allow and endpoint to handle something like an SMS message, for example, it doesn’t make much sense for handlers to be data URLs, blob URLs, or whatever.
- New TextMetrics object in canvas
The implementation of an extended API of text metrics started in 2014: https://groups.google.com/a/chromium.org/d/msg/blink-dev/SgofW_bQ3ps/jNYamQHplAMJ
But was never shipped, and had multiple undefined values that were not addressed for years. The spec has now evolved and we intend to ship actualBoundingBoxLeft, actualBoundingBoxRight, actualBoundingBoxAscent and actualBoundingBoxDescent according to the current spec: https://html.spec.whatwg.org/multipage/canvas.html#textmetrics
- Overscroll Behavior logical longhands
Adds CSS flow-relative properties for controlling overscroll behavior through logical dimensions. flow-relative properties are those that are interpreted relative to the flow of content. The new properties are overscroll-behavior-inline and overscroll-behavior-block.
- Partition the HTTP Cache
Splits the HTTP cache using the top frame site and subframe site (where site = scheme://etld+1) to prevent documents from one site from knowing whether a resource from another site was cached.
The HTTP cache is currently one per profile, with a single namespace for all resources and subresources regardless of origin or renderer process. Splitting the cache on top frame site helps the browser deflect side-channel attacks where one site can detect resources in another site’s cache.
- PerformanceObserverInit buffered flag
Adds a buffered flag to observer.observe() so that PerformanceObserver can receive entries created before the call is executed.
- PointerEvent.getPredictedEvents()
Adds a method that returns a few predicted pointer move events. This enables apps such as drawing apps for example to draw a predicted line, reducing apparent latency for the user.
- Pointerrawupdate
Send pointerrawupdate events for move events as soon as they happen as oppose to pointermove events which are being rAF-aligned and hence may add half a frame of latency on average from when they happened until they are delivered to the javascript.
- Precise src: local() matching in CSS @font-faces by PostScript and Full Font Name
Precisely match locally installed fonts by PostScript name or full font name, when used in a local() value to a src: descriptor in a @font-face declaration. This means, you can precisely and uniquely select local fonts by specifying their PostScript name or full font name.
Previously Blink had implemented this incorrectly and was using the specified font name to perform a family match.
- Preserve request priorities through service worker
Preserves a request’s original priority when it passes through a service worker. Previously, all requests going through a service worker would get “High” priority. This means render-blocking style sheets would have their priority clamped, while less-important resources would get boosted.
The priority of network requests can be seen in the DevTools network tab. Render-blocking resources such as style sheets have “Highest” priority, while resources like async scripts have “Low” priority.
- RTCPeerConnection.onicecandidateerror
Adds the incecandidateerror event which provides detailed information about WebRTC ICE candidate gathering failures, including the ones defined by STUN (RFC5389) and TURN (RFC5766).
- RTCPeerConnection.restartIce()
Adds a method for triggering an ICE restart which causes a WebRTC connection to try to reconnect. This feature is already available in Chrome by passing the {iceRestart:true} argument to createOffer(). restartIce() is a version of this method that works regardless of signalingState.
- Service workers support basic HTTP authentication
Displays HTTP authentication dialog boxes even if the request was from a service worker. This shows the native login dialog shown when an HTTP 401 response is received.
Note: this requires the network service to be enabled, which is enabled by default on most platforms.
- Stop action for Media Session
Adds support for the “stop” action to the MediaSession interface. An action is an event tied specifically to a common media function such as pause or play. The “stop” action handler is called when the site should stop the playback and clear the state if appropriate.
- Support SRI verification on link preloads (script and style)
Add sub resource integrity verification to link preloads so that resources with an integrity attribute can be preloaded with causing a double download. This feature honors the integrity attribute on link preloads for the as=script and as=style destinations.
- Support step timing functions jump-start|end|both|none
The step timing functions jump-both, jump-none, jump-start and jump-end were introduced to the spec for easing functions in 2018. Two of these (jump-start and jump-end) are aliases for start and end. The remaining two provide increased flexibility for step transitions by enabling step functions in which both or neither endpoint has a discontinuous step. Previously, one and only one of the two endpoints could have a step discontinuity.
- Throw on invalid “basic-card” data
PaymentRequest constructor throws a TypeError when invalid “supportedNetworks” or “supportedTypes” are specified for “basic-card” payment.
- tab-size supports
<number>
css value type
Adds support for <number>
css value type to the CSS property tab-size, which determines the tab size used to render preserved tab characters. ‘tab-size’ accepts an <integer>
or a <number>
as its value type, and represents the measure as a real-number multiple of the space character’s advance width, in addition to its integer multiple.
- Card issuer networks as payment method names
Support for calling PaymentRequest with card issuer networks (e.g., “visa”, “amex”, “mastercard”) in the supportedMethods field.
- WebXR Plane Detection API
The feature allows WebXR applications to retrieve data about planes (flat surfaces) present in the user’s environment. This enables AR applications to create a more immersive experiences through the obtained information.
chromium78 Features:13
- Rendering Independent Scroll Offsets
Stops certain methods from snapping values to physical pixels, specifically scrollTop(), scrollLeft(), scrollX(), scrollY(), scrollTo(), and so on. Currently, calling window.scrollTo(0, 123.678) will snap the scroll offset to the nearest physical pixel. On a device with devicePixelRatio equal to 2 this would be 123.5, which is what is returned after this change.
- WebAssembly Type Reflection JS API
Expands the JavaScript API surface of WebAssembly to allow reflection on the data types of functions imported and exported from a WebAssembly module.
- Apply opacity for the default style of INPUT/TEXTAREA placeholder
Changes the default style for ::placeholder from #757575 to rgba(0, 0, 0, 0.54).
- CSS Properties and Values API Level 1 (Houdini)
The CSS Properties and Values API spec defines a registerProperty() function which can be called from JavaScript to register typed and animatable custom CSS properties. This API expands the existing CSS custom properties to improve usability of other Houdini APIs. Being able to animate these and customize inheritance and initial values makes it more useful for custom layout/paint, and having types associated with these allows the typed object mode to work more effectively with custom properties.
- Disallow sync XHR in page dismissal
Chrome now disallows synchronous XHR during page dismissal when the page is being navigated away from or closed by the user. This involves the following events (when fired on the path of page dismissal): beforeunload, unload, pagehide, and visibilitychange.
A temporary opt-out is available via Origin Trial “Allow Sync XHR In Page Dismissal”:
https://developers.chrome.com/origintrials/#/trials/active
- Extend byte-for-byte update check to all service worker importScripts() resources
This implements byte-for-byte update check for service worker scripts imported by importScripts().
- PaymentResponse.prototype.retry()
In cases where there is something wrong with the payment response’s data (e.g., you find out that the shipping address is a PO box), the retry() method of a PaymentResponse instance allows you to ask a user to retry a payment.
- Percentage opacity
Adds support for percentage values to the opacity properties, specifically, opacity, stop-opacity, fill-opacity, stroke-opacity, and shape-image-threshold.
For example, opacity: 50%; is equivalent to opacity: 0.5;
https://drafts.csswg.org/css-color/#transparency
- Redact address in PaymentRequest.onshippingaddresschange event
Removes fine-grained information from the shipping address before exposing it to the merchant website in ShippingAddressChange event.
- Seeking for Media Session
Adds a media session action handler for “seekto”. An action handler is an event tied specifically to a common media function such as pause or play.
The “seekto” action handler will be called when the site should move the playback time to a specific time.
This also adds a MediaSessionActionDetails dictionary that will be passed when an action handler is called. Use this as a basis for passing additional data for “seekbackward”, “seekforward” and “seekto”.
- User Timing L3
User Timing Level 3 extends the existing User Timing API to enable two new use cases:
-
Developers can pass custom timestamps to performance.measure() and performance.mark(), so as to conduct measurement across arbitrary timestamps.
-
Developers can report arbitrary metadata with performance.mark() and performance.measure(), which provides rich data to analytics via a standardized API.
-
Web Bluetooth getAvailability()
getAvailability() returns a promise that resolves with true if the user agent is running on a system that has a Bluetooth radio and false otherwise. The powered state of the Bluetooth radio does not influence the availability because applications can prompt users to turn on the radio using requestDevice(). The availabilitychanged event can be used to detect changes in the availability of the Bluetooth radio.
- XSS Auditor
Remove the XSS Auditor from Chrome.
chromium79 Features:17
- Web Bluetooth Scanning
Enables Bluetooth Low Energy Scanning
- WebXR Anchors
This API is an extension to the WebXR Device API that provides a way to indicate to the underlying XR system that a 3D pose is meant to be kept up to date. Tracked poses may be arbitrary or attached to real world geometry. In current AR systems, poses evolve over time as the system understands more of the real world that surrounds it. As the system’s understanding evolves, anchors enable the application to update poses of virtual objects so that they maintain their relationship to real world.
- Autofocus support for any focusable HTML/SVG element
Adds the ‘autofocus’ attribute to any focusable HTML or SVG element.
- CSS min(), max() and clamp()
Adds the comparison functions min(), max(), and clamp() to math expressions for numeric CSS values.
- Compute img/video aspect ratio from width and height HTML attributes
Computes the aspect ratio of an image using the HTML width and height attributes so that it can be used for sizing an image using CSS before it loads.
- Maskable App Icons (PWA - Android)
Allow Maskable (“Adaptive”) icons for installed WebAPKs on Android.
- Out-Of-Renderer Cross-Origin Resource Sharing (aka OOR-CORS or OutOfBlinkCors)
Cross-Origin Resource Sharing (CORS) is an established web standard protocol to protect servers from unexpected cross-origin network accesses.
Chrome implemented the CORS protocol in the rendering engine, Blink, running in a renderer process before this change. However, once the OOR-CORS feature is enabled, it inspects network accesses in the network service, running in a separate process.
- Reject Worklet.addModule() with a more specific error
When Worklet.addModule() fails, a promise rejects with a more specific error object than it did previously.
Worklet.addModule() can fail for various reasons, including, for example, network errors and syntax errors. Before this change, Worklet.addModule() rejected with AbortError regardless of the actual cause. That made it difficult for developers to debug worklets. After this change, Worklet.addModule() rejects with a clearer error such as SyntaxError.
- Remove [NoInterfaceObject] from Geolocation API interfaces
The [NoInterfaceObject] annotation is being removed from WebIDL. The Geolocation API specification has been updated to remove this annotation from all interfaces and perform the following renames to avoid polluting the global namespace with generic interface names,
Coordinates -> GeolocationCoordinates
Position -> GeolocationPosition
PositionError -> GeolocationPositionError
- ServiceWorkerGlobalScope#serviceWorker to get a service worker object corresponding to a worker itself
This allows a service worker to get its ServiceWorker object with self.serviceWorker in a service worker script and its current state with self.serviceWorker.state in the script.
- Stop evaluating script elements moved between Documents during fetching
Do not evaluate scripts or fire error/load events, if <script>
elements are moved between Documents during fetching.
Script elements can be still moved between Documents, but they won’t be executed.
- WebXR Device API
Provides access to input and output capabilities commonly associated with Virtual Reality (VR).
This API is intended to completely replace the WebVR API (https://www.chromestatus.com/feature/4532810371039232). It has been designed to address the issues found in the prior API based on developer, web platform, hardware manufacturer, and implementer feedback.
- WebXR Gamepads Module - Level 1
The WebXR Gamepad Module defines how the Gamepad API integrates with WebXR to communicate the state of various physical inputs (such as buttons, touch pads, and triggers) of an XRInputSource.
Previously the Gamepad API was used in conjunction with the deprecated WebVR API, and was adopted by WebXR with additional ergonomic improvements to support it’s input needs. It is being shipped as a module rather than part of the WebXR core API to allow it to evolve more flexibly.
- font-optical-sizing
The font-optical-sizing property automatically sets the font-size to the opsz - optical sizing axis of variable fonts that support optical sizing. This improves styling and legibility of fonts depending on font size because the font chooses a glyph shape that works optimally at the given font size. For example, the glyph contrast is improved in fonts in heading sizes when compared to the same font at body text size. See the spec link for an illustration of optical sizing.
- list-style-type:
<string>
Allows a stylesheets to use an arbitrary character for the list style marker. Examples include “-”, “+”, “★” and “▸”. Since CSS Level 2, list-style-type has supported keywords like “disc” or “decimal” to define the appearance of the list item marker.
- aria-help
Remove the aria-help attribute.
- -webkit-appearance keywords for arbitrary elements
Changes -webkit-appearance keywords to work only with specific element types. If a keyword is applied to a non-supported element, the element has the default appearance.
chromium80 Features:35
- Split HTTP auth cache by NetworkIsolationKey
This feature will partition the server entries in the cache using top frame origin (and also possibly the subframe origin) to prevent sites from using this cache to track users across sites.
- “numberingSystem” option for Intl.NumberFormat / “calendar” and “numberingSystem” option for Intl.DateTimeFormat
Allows the calendar and numbering system to be specified in the options object of the DateTimeFormat() and NumberFormat() constructors.
- AppCache: Resource override scope checking
Manifests previously allowed overriding any URL within a given origin. Scope checking is being introduced to ensure only URLs within a manifest’s scope can be overridden. The default manifest scope will be the path to the manifest’s enclosing directory. Sites that desire a manifest be given a broader scope can add a response header “X-AppCache-Allowed: /” to manifest responses to preserve the previous behavior.
- Autoupgrade Audio/Video Mixed Content
This feature will autoupgrade optionally-blockable mixed content (HTTP content in HTTPS sites) by rewriting the URL to HTTPS, without a fallback to HTTP if the content is not available over HTTPS. In the first version (targeted for M80) only audio and video content will be upgraded.
- Compression Streams
Provides a means of performing gzip and deflate compression from JavaScript using streams. This covers two interfaces: CompressionStream and DecompressionStream.
- Contacts API
Provides a way for websites to request information about the user’s contact(s) and provides a UI for the user to share those details in a way that makes it clear what is being shared with the website. This could be used for bootstrapping a friends list on a social network or (in an email/messaging application) to select message recipients.
- DOMMatrix setTransform/getTransform on OffscreenCanvas
Adds setTransform(DOMMatrix2DInit) and getTransform() to OffscreenCanvasRenderingContext2D.
- Don’t allow popups during page unload
Pages may no longer use the window.open() API to open a new page during its unload.
The popup blocker already prohibits this, but now it is prohibited whether or not the popup blocker is enabled.
Enterprises used to be able to use the AllowPopupsDuringPageUnload policy flag to allow popups during unload. We removed this flag in Chrome 88.
- ES Modules for dedicated workers (‘module’ type option)
JavaScript will support modules in dedicated workers. Using a new value for the constructor’s type attribute, worker scripts are loaded as ES modules and the import statement is available on worker contexts. With this feature, web developers can more easily write programs in a composable way and share them among a page and workers.
- Fetch Metadata Destination header
The Sec-Fetch-Dest
HTTP request header exposes information about a request’s destination
to servers, which allows them to make better-informed decisions about the implications of serving a given response. https://w3c.github.io/webappsec-fetch-metadata/#intro lays out the motivation.
- HTMLVideoElement.getVideoPlaybackQuality()
This simple API tells sites how a video playback is performing. When performance is poor, sites may use the information to reduce the video bitrate / framerate / resolution for a better user experience.
- JavaScript optional chaining
Provides safe access to descendent object members with parents that may or may not be null. This applies to objects as well as functions. For example, consider an object reference with three levels such as a.b.c. Testing for the existence of c would previously require nesting said test inside a test for b. This change allows you to test for c directly without an error being thrown when b is null.
- Media Capabilities: decoding encrypted media
Adds encrypted media support from the Decoding Information API. Chrome 66 introduced this API (https://www.chromestatus.com/feature/5869632707624960) to answer the question can this device decode this media? The API additionally notes whether the decoding will be smooth (performant) and/or power efficient. This new feature allows authors to ask the same question for encrypted media.
- New System Color Keywords
Give users the ability to customize their sites with the relevant system colors when in forced colors mode. The keywords being added are ActiveText, Field, and FieldText.
ActiveText is for active links. Field is for input field backgrounds. FieldText is for input field text.
- Nullish coalescing
Adds support for the ‘nullish’ operator to JS.
- Periodic Background Sync
Periodic Background Sync is an extension of Background Sync that allows websites to register tasks to be run in a service worker at periodic intervals with network connectivity.
- RTCPeerConnection.setLocalDescription() that implicitly creates the offer or answer
Makes the RTCSessionDescription argument optional for setLocalDescription(). Previously, it required a value returned by createOffer() or createAnswer(). With this change Chromium generates the the offer or answer implicitly when no argument is provided. This avoids possible edge-case races.
- RTCPeerConnection.setRemoteDescription() with “rollback”
Adds rollback, which is a way to cancel an on-going negotiation. This is needed if two WebRTC endpoints attempt to send an offer at the same time. In this case, one of the endpoints has to cancel its local offer by rolling back so that it can accept the incoming offer. This lets it complete the remote negotiation then create a follow-up offer after it becomes stable. Without it, negotiation cannot complete.
- Remove ‘no-preference’ from prefers-color-scheme @media feature
The prefers-color-scheme feature in Media Queries Level 5 supported three values: ‘no-preference’, ‘light’, ‘dark’. Remove the support for the ‘no-preference’ value because it has been removed from the specification.
- Scroll to Text Fragment
This feature allows a user or author to link to a specific portion of a page, using a text snippet provided in the URL. When the page is loaded, the browser highlights the text and scrolls it into view.
For example, the URL:
[https://en.wikipedia.org/wiki/Cat#:~:text=On%20islands,%20birds%20can%20contribute%20as%20much%20as%2060%%20of%20a%20cat%27s%20diet]
This loads the page for Cat, highlights the specified text, and scrolls directly to it.
- ServiceWorkerContainer.onmessageerror
Notifies the receiver when a posted message could not be decoded. This is similar to https://www.chromestatus.com/features/5729005244252160 but applies to ServiceWorkerContainer.
- Support for SVG in favicons
Allows using images in SVG format as favicons with <link rel="icon">
.
- WebAssembly Multi-Value
Add support for WebAssembly functions and blocks that return more than one value.
- [Payments] shipping address and contact info delegation
Changes the Payment Handler API, to let the browser delegate handling of shipping address and payer’s contact information to Payment Handlers.
- line-break: anywhere
The ‘line-break: anywhere’ declaration allows soft wrapping around every typographic character unit, including around any punctuation character or preserved spaces, or in the middles of words. It disregards any prohibition against line breaks, even those introduced by characters with the GL, WJ, or ZWJ character class (see UAX 14) or mandated by the word-break property.
- overflow-wrap: anywhere
The new value ‘anywhere’ allows an otherwise unbreakable sequence of characters to be broken at an arbitrary point if there are no otherwise-acceptable break points in a line.
Additionally, soft wrap opportunities introduced by ‘anywhere’ are considered when calculating min-content intrinsic sizes.
- WebVR v1.1
Added support for virtual reality head mounted displays, such as the Oculus Rift and Google Cardboard.
This API being replaced by the WebXR Device API (https://www.chromestatus.com/feature/5680169905815552), which is expected to ship in Chrome 79. The WebVR Origin Trial ended on July 24, 2018.
Removal is expected in Chrome 80.
- -webkit-appearance:button for arbitrary elements
Changes -webkit-appearance:button to work only with <button>
and <input>
buttons. If ‘button’ is specified for an unsupported element, the element has the default appearance.
This is a follow-up of https://chromestatus.com/feature/5070237827334144
- Custom Elements V0
Custom Elements v0 is deprecated at M70, and will be removed in M80, by February, 2020.
Please see this post for more information:
https://developers.google.com/web/updates/2019/07/web-components-time-to-upgrade
For the original Intent to Deprecate: https://groups.google.com/a/chromium.org/d/msg/blink-dev/h-JwMiPUnuU/sl79aLoLBQAJ
Custom Elements v0 was an experimental technology, never implemented in any other browser. The spec is superseded by Custom Elements v1, which is widely supported.
- HTML Imports
HTML Imports are deprecated at M70, and will be removed in M80, by February, 2020.
Please see this post for more information:
https://developers.google.com/web/updates/2019/07/web-components-time-to-upgrade
For the original Intent to Deprecate: https://groups.google.com/a/chromium.org/d/msg/blink-dev/h-JwMiPUnuU/sl79aLoLBQAJ
HTML Imports was an experimental technology, never implemented in any other browser. The spec is superseded by ES modules, which is widely supported.
- Non-origin-clean ImageBitmap serialization and transferring
This change raises errors when a script tries to serialize or transfer a non-origin-clean ImageBitmap. A non-origin-clean ImageBitmap is one that contains data from cross cross-origin images that is not verified by CORS logic.
- Shadow DOM v0
Shadow DOM v0 is deprecated at M70, and removed in M80. All code has been deleted as of M89.
Intent to Deprecate: https://groups.google.com/a/chromium.org/d/msg/blink-dev/h-JwMiPUnuU/sl79aLoLBQAJ
Shadow DOM v0 was an experimental technology, never implemented in any other browser. The spec is superseded by Shadow DOM v1, which is widely supported.
Note that the /deep/ combinator, which was changed to a no-op in M63, has been completely removed in M89.
- registerProtocolHandler from non-secure contexts
HTML’s registerProtocolHandler() gives a webpage a mechanism to register itself to handle a protocol after a user consents. For example, a web-based email application could register to handle the mailto: scheme. A corresponding unregisterProtocolHandler() API allows a site to abandon its protocol-handling registration.
- CacheStorage Code Cache Hint
This experiment will allow participating sites to provide hints to cache_storage that full code cache should not be generated in a service worker install event. The hint will be communicated as a header on the Response being stored.
This is a change to an unspecified optimization in chrome. Full code cache generation during the install event was added in M64. It is only observable indirectly through changes in timing and disk quota usage.
- Contacts API Addresses/Icons
Extends the Contacts API (https://www.chromestatus.com/feature/6511327140904960) to support requesting addresses/icons as well.
chromium81 Features:27
- ‘submitter’ property of ‘submit’ event
The ‘submit’ event, which is dispatched on form submission, gets its own interface, SubmitEvent, which has a ‘submitter’ property.
- -webkit-margin-*-collapse
Adds properties controlling margin collapsing: -webkit-margin-top-collapse, -webkit-margin-before-collapse, -webkit-margin-before-collapse, and -webkit-margin-after-collapse. These properties have two values:
“separate”: disables margin collapsing by “separating the margins”, e.g. https://www.software.hixie.ch/utilities/js/live-dom-viewer/?saved=7507
(its a lot more complex than this example)
“discard”: ignores all margins:
https://www.software.hixie.ch/utilities/js/live-dom-viewer/?
- Badging API
Allows web apps (as defined by the Web App Manifest standard) to set an app-wide badge in operating-system-specific places such as the shelf or home screen. Additionally, it gives the app a small, visible place to notify the user of new activity that might require attention, without showing a full notification. It can show additional information, such as an unread count or event type. It allows the app to convey this information when its windows are closed.
- Buffered flag for long tasks
This feature tracks https://www.chromestatus.com/feature/5118272741572608 for the case of PerformanceLongTask entries
- CSS Color Adjust: color-scheme meta tag
Many operating systems now have a “dark mode” preference. Some browsers already offer an option to transform webpages into a dark theme. The prefers-color-scheme media query is a way for an author to support their own dark theme, so they have full control over their own experience. The meta tag is needed so that a site can explicitly opt-in and say that they fully support a dark theme and that the browser should load a different UA sheet and not ever apply transformations.
- CSS Color Adjust: color-scheme property
Let the author opt-in to follow the preferred color scheme when rendering UI elements such as default colors of form controls and scrollbars as well as the used values of the CSS system colors.
- Default accessibility semantics for custom elements
Lets custom element authors use ElementInternals to set a custom element’s default accessibility role, states, and properties, much like the default accessibility semantics for native elements.
- EME: Query supported encryption schemes
A new method will allow applications to query whether a specific encryption scheme is supported by Encrypted Media Extensions (EME).
- IntersectionObserver Document Root
Allow the IntersectionObserver constructor to take a Document as the ‘root’ argument, causing intersections to be calculated against the scrolling viewport of the document.
- Intl.DisplayNames
Provides a new API to get localized names of language, region, script, currency codes of international standard as well as commonly used names of date fields and symbols.
- Move onwebkit{animation,transition}XX handlers to GlobalEventHandlers
Currently, the prefixed onwebkit{animation,transition}XX handlers are only available on the Window object in Chrome. By the spec0, these should be on GlobalEventHandlers1 - i.e. available on HTMLElement, Document, and Window.
Note that although standardized, these event handlers are still obsolete - web developers should use the non-prefixed versions instead!
- Periodic prioritization of rendering on the renderer’s main thread
Previously, the rendering tasks (i.e. BeginMainFrame) were always run at default priority on the main thread. This means that rendering could be starved by other normal priority work, for example tons of postMessages (crbug.com/943621). This feature is an internal scheduling change which prevents this from happening by periodically increasing the priority of rendering if we have not rendered in a while. It targets a lower frame-rate of 10 fps.
- PointerLock unadjustedMovement
Adds the ability to request unadjusted/unaccelerated mouse movement data when in PointerLock. If this unadjustedMovement is set to true, then the pointer movements will not be affected by the underlying platform modifications such as mouse acceleration.
- Position State for Media Session
Adds support for tracking position state in a media session. The position state is a combination of the playback rate, duration and current playback time. This can then be used by browsers to display position in the UI and with the addition of seeking can support seeking/scrubbing too.
By default, the position state is taken from the media element. However, this does not work in all cases and therefore this provides a setPositionState() method to the site to specify a custom position state.
- RTCPeerConnection.onicecandidateerror event changes
Replaces hostCandidate with explicit address and port for oncecandidateerror event according to the latest WebRTC 1.0 spec - https://github.com/w3c/webrtc-pc/pull/2322/
- Streams API: WritableStream close()
Add a close() method to WritableStream objects. This permits closing the stream if it is unlocked. It is directly equivalent to getting a writer, using the writer to close the stream, and then unlocking it again.
- Support for CSS image-orientation property
Enable the CSS image-orientation feature, currently hidden behind a flag. Change the default value to from-image, and apply the property to all images, both content and style.
In practice this means that the exif orientation, when present in an image, will be used to orient the image unless the “image-orientation: none” CSS property is present.
- WebAudio: ConvolverNode.channelCount and channelCountMode
For a ConvolverNode, the channelCount can now be set to 1 or 2. The channelCountMode can be “explicit” or “clamped-max”. Previously, a channelCount of 1 was not allowed and neither was a mode of “explicit”.
- WebAudio: Refine BiquadFilterNode AudioParam limits
The WebAudio spec has updated the limits for the frequency, detune, and gain AudioParam attributes for a BiquadFilterNode. Previously these allowed any floating-point value.
- WebXR AR Module
WebXR AR Module brings Augmented Reality support to WebXR Device API.
- WebXR Hit-test
The Hit-test API is an extension to the WebXR Device API that provides the capability of raycasting into the real world as understood by the underlying XR system. The goal is to provide a simple API that allows apps to place objects in the real world by casting rays that can be evaluated against the underlying platform’s understanding of the real world geometry, regardless of how that is implemented (e.g., hit test against detected planes, point clouds, meshes, etc.).
- WorkerOptions for shared workers constructor
Adds the WorkerOptions object as the second argument for a shared worker constructor. The previous second argument, a DOMString containing the worker’s name is still supported.
- hrefTranslate attribute
This attribute defines the ability to for a page author to hint to the user agent’s translation engine that an href should be translated if followed.
- onclosing event on RTCDataChannel
Adds the onclosing event, which signals to the user of a data channel that the other side has started closing the channel; the browser user agent will continue reading from the queue (if it contains anything), but no more data can be sent.
- Remove supportedType field from BasicCardRequest
Specifying “supportedTypes”:[type] parameter for “basic-card” payment method shows cards of only the requested type, which is one of “credit”, “debit”, or “prepaid”.
- Remove the
<discard>
element
The <discard>
element is part of the SVG Animations (draft) specification. It provides a way to declaratively remove elements at a specific point in time and be a mechanism for streaming animations.
- TLS 1.3 downgrade hardening bypass
TLS 1.3 includes a backwards-compatible hardening measure to strengthen downgrade protections. However, when we shipped TLS 1.3 last year, we had to partially disable this measure due to incompatibilities with some non-compliant TLS-terminating proxies. Chrome currently implements the hardening measure for certificates which chain up to known roots, but allows a bypass for certificates chaining up to unknown roots. We intend to enable it for all connections.
chromium82 Features:0
chromium83 Features:20
- Replaceable animations
When a fill forward animation finishes, it remains in effect. If enough of these animations build up, they can negatively impact performance and leak memory.
There are 3 main parts to this feature:
- Automatically remove animations that no longer contribute to the effect stack and fire remove events.
- Animation.persist() to force an animation to remain that would otherwise be removed.
- Animation.commitStyle() to inject an inline style based on the current property values.
- ‘auto’ keyword for ‘-webkit-appearance’ CSS property
‘-webkit-appearance’ CSS property will have new ‘auto’ keyword, which indicates the default appearance of the target element.
- ‘font-display: optional’ without relayout
Tweak web font loading, so that:
-
Web fonts with ‘font-display: optional’ never cause relayout
-
Web font preloading is allowed to slightly block rendering (for all font-display values), so that if the font loads fast enough, we don’t need to render with fallback.
Therefore, when ‘font-display: optional’ and preloading are used together, we’ll never see layout shifting from font swapping, and still have a good chance to use the font if it loads fast enough (e.g., from disk cache).
- @supports selector() feature query function
Adds a function that queries whether a user agent supports a selector.
- ARIA Annotations from ARIA 1.3 draft
Support the new markup in the ARIA annotations editor’s draft (3 new roles, 1 new property): suggestion, mark, comment, aria-description
This feature enables new semantics:
- Comments
- Text highlights with semantic meaning, just like
<mark>
- Suggestions for changes, e.g. by another author in a Google Doc
- Additional related information to be semantically tied to an element, allowing descriptions, definitions, footnotes and comments to be tied to another element.
- Barcode Detection API
The Barcode Detection API is a subset of the Shape Detection API which provides the ability to detect and decode barcodes in an image provided by script. The image may come from any type of image buffer source such as an <image>
, <video>
or <canvas>
tag.
Some native platforms include built-in libraries for performing text detection and optical character recognition (OCR) in images. The availability of these libraries means that developers do not need to include a large third party library.
- CSS contain-intrinsic-size
The contain-intrinsic-size property allows developers to specify a placeholder size which would be used while contain: size is applied. With contain-intrinsic-size specified, elements lay out as if they had a single child with fixed size (specified by contain-intrinsic-size) unless they have an explicit width/height.
This is helpful when size containment may be dynamically added/removed so that there is a fallback size during size containment but a content-based size during regular sizing.
- Cross-Origin-Embedder-Policy
Add a new HTTP header that prevents documents and workers from loading non-same-origin requests unless explicitly allowed via CORS or CORP.
Combined with Cross-Origin-Opener-Policy (COOP), this feature allows documents (and workers) to use powerful APIs such as SharedArrayBuffer.
- Cross-Origin-Opener-Policy
The Cross-Origin-Opener-Policy response header provides a way for a document to request a new browsing context group to better isolate itself from other untrustworthy origins. Optionally, browsers can also choose to place top-level documents in a different process from documents without a matching Cross-Origin-Opener-Policy.
- ES Modules for shared workers (‘module’ type option)
JavaScript will support modules in shared workers. Setting ‘module’ type by the constructor’s type attribute, worker scripts are loaded as ES modules and the import statement is available on worker contexts.
- HTMLVideoElement.requestVideoFrameCallback()
HTMLVideoElement.requestVideoFrameCallback() registers a one-shot callback, called when a video frame has been presented for composition. It also provides useful metadata about that frame.
- IndexedDB relaxed durability transactions
Exposes an optional relaxedDurability parameter on IDBDatabase.transaction to control flushing to disk.
- RTCRtpEncodingParameters.maxFramerate
This encoding parameter allows developers to limit the framerate on a video layer before sending.
- RTCRtpSendParameters.degradationPreference
When encoding video, and some constraint (bandwidth, CPU) prevents encoding at the configured framerate and resolution, the encoder must make a choice on how to modify the encoding parameters.
An attribute is defined for RTCRtpSendParameters that allows this to be explicitly indicated for an RTCRtpSender.
- Reversed range for
<input type=time>
According to the HTML spec, <input type=time>
, which allows users to input time in hours, minutes, and seconds, should support reversed ranges because it has a defined maximum of “23:59:59”. A reversed range is when the input has a min and max attribute where the max is less than the min, and in this state, the input should allow values which are less than the min or greater than the max, but not in between them.
This has been in the spec for many years but has not been implemented until now.
- Support “JIS-B5” and “JIS-B4” @page
The CSS Paged Media Module Level 3 spec includes a list of page size names that may be used in the “size” property of the @page rule.
Among these are two names for Japanese Industrial Standard page sizes which are currently not being recognized by Chrome:
“JIS-B5” refers to JIS B5 size (182mm wide by 257mm high)
“JIS-B4” refers to JIS B4 size (257mm wide by 364mm high)
This feature completes the implementation of this section of the standard by adding support for these two page size.
- Trusted Types for DOM Manipulation
‘Trusted Types’ offers an (optional) mechanism for web sites to protect themselves against XSS (cross-site scripting) attacks.It limits the attack surface from potentially the entire code base to a handful of “policies” that a developer can implement and install, and whose usage the browser will then enforce. “Trusted types” then ensure that all risk-ful parts of the DOM can only be used by data that has gone through such a developer-supplied policy.
Release is expected in Chrome 83.
- WebXR DOM Overlay
Allows WebXR applications using immersive-ar on handheld devices to optionally activate a DOM overlay mode where the 2D page content is shown as an interactive transparent layer on top of the application-drawn WebGL content and camera image.
While the current implementation is limited to ARCore-based handheld devices, the specification is intended to also support implementation on AR headsets.
- display:inline-grid/grid/inline-flex/flex for
<button>
The ‘display’ keywords ‘inline-grid’, ‘grid’, ‘inline-flex’, and ‘flex’ property will now function with <button>
when align item is applied.
- Download in Sandboxed Iframes
Sandboxed iframe can initiate or instantiate downloads.
Chrome is planning on removing this capability - i.e. Chrome is going to block all downloads initiated from or instantiated in a sandboxed iframe by default. The embedder may add “allow-downloads” to the sandbox attributes list to opt in. This allows content providers to restrict malicious or abusive downloads.
chromium84 Features:18
- Content Indexing API
Allows websites to register offline enabled content in the browser. This allows the browser to improve the offline experience and allow content browsing when the user is offline. This data could also be used to improve on-device search and to augment browsing history.
- Gutters in flexbox: row-gap and column-gap properties
This css property allows you to specify spacing between flex items and/or flex lines.
- JavaScript weak references
Weak references enable JavaScript developers to create weak references to JavaScript objects.
Weak references and finalizers help web developers define cleanup routines that don’t keep the related objects alive but are (optionally) executed after the related object is garbage-collected.
- Layout Instability Shifted Element Surfacing
Extends the layout instability API with information about specific DOM element(s) that experienced a shift.
- Private methods and accessors
Keeping state and behavior private to a class lets library authors present a clear, stable interface, while changing their code over time behind the scenes. The class fields proposal provides private fields for classes and instances, and this proposal builds on that by adding private methods and accessors (getter/setters) to JavaScript. With this proposal, any class element can be private.
- ReportingObserver on workers
Expose ReportingObserver (https://www.chromestatus.com/feature/4691191559880704) to workers.
This has already been specified, but it was exposed only to Window because we didn’t need it on workers.
As we are introducing new reports reported to workers we need to expose it to Worker too.
- Resize Observer Updates
ResizeObserver is a an existing DOM observer API intended to be used for observing the size of DOM elements. There have been three updates to the spec:
- A new ResizeObserverSize type was added
- New properties on ResizeObserverEntry, specifically contentBoxSize, borderBoxSize, and devicePixelContentBoxSize
- Exposure of new properties as sequences
- Screen Wake Lock API
An API that allows web applications to request a screen wake lock. Under the right conditions, and if allowed, the screen wake lock prevents the system from turning off a device’s screen.
- Unprefixed ‘appearance’ CSS property
This feature introduces ‘appearance’ CSS property, which is the unprefixed version of ‘-webkit-appearance’.
- Unprefixed ruby-position CSS property
The ‘ruby-position’ CSS property controls the position of ruby annotation. It’s the unprefixed version of the ‘-webkit-ruby-position’ property. This property has three possible keywords: ‘over’, ‘under’, and ‘inter-character’. For now, only the first two are being implemented. This change creates feature parity with Firefox.
- Web Animations API
Update the web animations JavaScript API to align with the specifications in https://drafts.csswg.org/web-animations-1/.
The Animation interface is extended to include support for promises, replaceable animations, and read-only access to the animation timeline.
The Animatable and DocumentOrShadowRoot interfaces are expanded to support getAnimations.
The KeyframeEffect interface is expanded to support compositing modes, getKeyframes, setKeyframes, and pseudoElement.
- Web Authenticator API: cross-origin iframe support
Adds support for web authentication calls from cross-origin iframes if enabled by a feature policy. This brings Chrome in line with the Web Authentication level two specification (https://w3c.github.io/webauthn/#sctn-iframe-guidance).
- WebOTP
The WebOTP API (formerly called the SMS Receiver API) notifies an application when a specially-crafted SMS message is delivered to the user’s phone. The message must be addressed to the application’s origin. The application only receives an OTP code in the message.
- fractionalSecondDigits option for Intl.DateTimeFormat
Enhances the Intl.DateTimeFormat API by adding a “ fractionalSecondDigits” option to control the format of fractions of a second.
- revert keyword
The ‘revert’ keyword allows authors to roll back the cascade to the previous cascade level for a given CSS property.
For example, on a <div>
element, specifying ‘display:revert’ will cause the computed value of ‘display’ to be ‘block’ (assuming no user styles).
- @import rules in CSSStyleSheet.replace()
The original spec for constructable stylesheets allowed for calls to sheet.replace(“@import(‘some.css’);”). This use case is being removed - calls to replace() will throw an exception if @import rules are found in the replaced content.
The CSS Working Group resolved to remove this feature on Feb 19, 2020: https://github.com/WICG/construct-stylesheets/issues/119#issuecomment-588352418.
This feature was deprecated in M83, and will be removed in M84.
- TLS 1.0 and TLS 1.1
This removal has been delayed in Stable until Chrome 84.
TLS 1.0 and 1.1 were deprecated in Chrome 72 with a planned removal in Chrome 81 (in early 2020). Other browsers are also removing support for TLS 1.0 and 1.1 at this time. Previously, we showed a deprecation warning in DevTools. In M-79, Chrome marked affected sites as “Not Secure”. In M-84, Chrome will show a full page interstitial warning on sites that do not support TLS 1.2 or higher. In M-98, the error will no longer be bypassable.文章来源:https://www.toymoban.com/news/detail-722424.html
- Blocking insecure downloads from secure (HTTPS) contexts
Chrome intends to block insecurely-delivered downloads initiated from secure contexts (“mixed content downloads”). Chrome will begin warning on, then blocking, progressively more mixed content downloads until all such downloads are silently blocked.文章来源地址https://www.toymoban.com/news/detail-722424.html
到了这里,关于chromium 52 chrome 各个版本发布功能列表(58-84)的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!