chromium 54 chrome 各个版本发布功能列表(109-128)

admin管理员组

文章数量:1658588

chromium Features 109-128

From https://chromestatus/features

chromium109 Features:12

1. Auto range support for font descriptors inside @font-face rule

Auto range support for variable fonts in ‘font-weight’, ‘font-style’ and ‘font-stretch’ descriptors inside ‘@font-face’ rule.

2. CSS ‘lh’ Length Unit

The ‘lh’ unit adds support for expressing CSS lengths relative to the line-height.

That is typically useful for specifying the height of an element to fit a whole number of lines. Example: textarea { height: 5lh }

3. CSS hyphenate-limit-chars property

Specifies the minimum number of characters in a hyphenated word. When applying the hyphenation, the optimal minimum number of characters in the word, before the hyphen, or after the hyphen can vary by the design of the page, or by the language. This property allows the finer grained control of the hyphenation.

4. HTTP response status code in Resource Timing

Adds a field to PerfomanceResourceTiming to indicate the HTTP response status when the resource was fetched.

5. MathML

Supports MathML Core, a language for describing mathematical notation embeddable in HTML and SVG. MathML is rendered in a CSS-compatible way with OpenType MATH and exposed via platform accessibility APIs. MathML styling is enabled by CSS features including those dedicated to math layout (math-depth, math-shift and math-style properties, ‘math’ display value, ‘math’ font-family name and ‘math-auto’ text-transform). Finally, the MathMLElement interface provides a convenient way to manipulate MathML in scripts.

6. MediaTrackSupportedConstraints.suppressLocalAudioPlayback

Consider a Web application APP which is display-capturing a tab TAB. We add a mechanism by which APP may control whether the audio playing in TAB would be played out of the user’s local speakers.

7. Origin Private File System (OPFS) on Android

Enable the Origin Private File System (OPFS) part of File System Access API on Android. This includes all of the File System Access API surface, minus show*Picker() methods and Drag-and-Drop API integration.

With FSA API on OPFS, a site can access its per-origin, private file system and are able to perform file operations via FileSystemSyncAccessHandle with improved performance.

The original API, including both OPFS and non-OPFS, was shipped in M86 for desktop, and the extension with SyncAccessHandle was shipped in M102.
https://chromestatus/feature/6284708426022912
https://chromestatus/feature/5702777582911488

8. Same-site cross-origin prerendering triggered by the speculation rules API

Previously 1 we launched same-origin prerendering triggered by the speculation rules API. This expands coverage to also allow triggering same-site cross-origin pages 2. This prerendering will be done with credentials and storage access, but such prerender targets will need to opt in by using the Supports-Loading-Mode: credentialed-prerender header.

9. Snap border, outline and column-rule widths before layout

Snap border, outline and column-rule widths before layout to avoid gaps between backgrounds and borders caused by paint-time snapping. With this change, Blink will match Gecko and WebKit.

10. WebTransport BYOB readers

Support BYOB(bring-your-own-buffer) readers for WebTransport to allow reading into a developer-supplied buffer. BYOB readers can minimize buffer copies, as well as reduce memory allocations.

11. Deprecate Event.path

Event.path is a non-standard API that returns the event’s path, which is an array of the objects on which listeners will be invoked. It is supported by Blink only, causing web compatibility issues. Web developers should switch to the equivalent standard API EventposedPath(), which returns the same result.

12.Conditional Focus

Extend the getDisplayMedia() API by adding a CaptureController object which can be passed in as a parameter. This object exposes a setFocusBehavior() method. By calling this method, an app can control whether the captured tab/window is focused when capture starts, or whether the capturing page should retain focus.

chromium110 Features:17

1. AudioContext.setSinkId()

AudioContext.setSinkId sets the ID of the audio device to use for output. This allows the AudioContext to route audio to a connected output device of user’s choosing.

2. CSS Initial Letters

Enables a typographic decoration called “initial letter” or “drop caps.” Initial letters are large, decorative letters that have been used to start new sections of text since before the invention of printing. In fact, their use predates lowercase letters entirely.

3. Client Hints persistency in Android WebView

We aim to add support for persistent Client Hints to Android Webview for parity with the rest of the platform. For more details on the Client Hints system see: https://developer.mozilla/en-US/docs/Web/HTTP/Client_hints

4. FedCM: cross-origin iframe support

Adds cross-origin iframe support for the FedCM API via a permissions policy. It enables websites to sandbox the scripts from identity providers which trigger the FedCM API in a cross-origin iframe, so that they do not have full control over the whole page. This also allows use cases where it is the iframe itself which requires a sign-in from the user. In both cases, the parent frame must provide the iframe with the permissions policy ‘identity-credentials-get’.

5. FileSystemHandle.remove() method

A “remove self” method for a FileSystemHandle.

Currently, it is not possible to remove a file or directory given its handle. You must obtain the handle of the parent directory and call FileSystemDirectoryHandle.removeEntry().

This method enables the common use case where you obtain a file handle from showSaveFilePicker(), but then decide you don’t want to save after all, and delete the file.

6. Iframe credentialless

Iframe credentialless give developers a way to load documents in third party iframes using new and ephemeral contexts.

Iframe credentialless are a generalization of COEP credentialless to support 3rd party iframes that may not deploy COEP. Like with COEP credentialless, we replace the opt-in of cross-origin subresources by avoiding to load non-public resources. This will remove the constraint that 3rd party iframes must support COEP in order to be embedded in a COEP page and will unblock developers looking to adopt cross-origin-isolation.

This way, developers using COEP can now embed third party iframes that do not.

7. Methods that change Array and TypedArray by copy

Provides additional methods on Array.prototype and TypedArray.prototype to enable changes on the array by returning a new copy of it with the change.

8. Prefetching triggered by the speculation rules API

Prefetching fetches the main resource for a future navigation, keeping it in memory so that it can be used to speed up the next navigation. This launch includes both same-site prefetching, and cross-site prefetching in the case where no credentials are present for the destination site.

9. Private network access for workers: warning-only mode

Applies Private Network Access checks to web workers: dedicated workers, shared workers and service workers.

These checks apply to all worker-specific fetches:

• initial worker script fetch
• fetch within workers
• service worker script update fetch

If the fetch is from an insecure context, we’d show a warning in DevTools. If the fetch is from a secure context, we’d send a preflight. If the preflight fails, we’ll also show a warning in DevTools.

10. Secure Payment Confirmation - Opt-Out Support

Adds an ‘opt-out’ flow to Secure Payment Confirmation. When the (optional) input flag is set, the SPC UXes will render an ‘opt-out’ link of some sort that the user can interact with to indicate to the relying party that they wish to be opted out.

See https://github/w3c/secure-payment-confirmation/issues/172

11. Speculation rules: Content Security Policy extension

Speculation rules are inlined in script tags, but their use will be restricted by Content Security Policy as unsafe inline scripts even if the speculation rules are safe.

So, we extend the Content Security Policy to have a new source keyword, ‘inline-speculation-rules’, for inline uses of speculation rules. With this new keyword, we can permit inline speculation rules without permitting inline scripts.

12. TLS ClientHello extension permutation

Randomize the order of TLS ClientHello extensions, to reduce potential ecosystem brittleness.

This change is only visible to HTTPS server implementers.

13. Use Non-Transitional IDNA Processing in URLs

Enable IDNA 2008 in Non-Transitional Mode for URL processing, aligning Chrome’s behavior with Firefox and Safari.

Chrome currently uses IDNA 2008 in Transitional Mode in URL processing. The main difference between Transitional and Non-Transitional Mode is the handling of four characters known as deviation characters: ß (LATIN SMALL LETTER SHARP S), ς (GREEK SMALL LETTER FINAL SIGMA), ZWJ (Zero width joiner) and ZWNJ (Zero width non-joiner).

In Transitional mode, deviation characters are handled the same as IDNA2003: ß is mapped to ss, ς is mapped to σ, and ZWJ and ZWNJ are deleted. In Non-Transitional mode, domains containing these characters are allowed in domain names without mapping, and thus can resolve to different IP addresses. For example, typing “faß.de” in Chrome and Firefox opens different sites today.

Enabling Non-Transitional IDNA in Chrome will allow deviation characters in domain names. Firefox and Safari already made this change in 2016 and continue to use Non-Transitional URL processing.

14. web-share permission policy

Controls access to navigator.share().

By default, third-party iframes do not have permission to use the Web Share API.

15. Deprecate and remove WebSQL in non-secure contexts

We intend to deprecate and remove usage of WebSQL in non-secure contexts.

Deprecation: M105
Removal: M110

16. Features: Remove window.webkitStorageInfo

We propose to remove support for the legacy storage quota API, window.webkitStorageInfo.

Originally introduced in 2011, Chrome implemented the prefixed quota API which was immediately succeeded by the Quota API which as since been deprecated as well. The legacy storage quota API was never implemented by any other browser, and has been marked deprecated since 2013.

17. Web app launch handler

Add a “launch_handler” web app manifest member that enables web apps to customize their launch behavior across all types of app launch triggers.

Example usage:
{
“name”: “Example app”,
“start_url”: “/index.html”,
“launch_handler”: {
“client_mode”: “navigate-existing”
}
}

This will cause all launches of the Example app to focus an existing app window and navigate it (if it exists) instead of always launching a new app window.

chromium111 Features:19

1. Add “window-management” as an alias for permission and permission policy “window-placement”

Adds “window-management” as an alias for “window-placement” permission and permission-policy strings. This is part of a larger effort to rename the strings by eventually deprecating and removing “window-placement”. The terminology change improves the longevity of the descriptor as the Window Management API evolves over time.

2. CSS Color Module Level 4 and color-mix()

All features described in CSS Color 4 (https://www.w3/TR/css-color-4/) are now enabled! This includes four device-independent color types (lab, Oklab, lch and Oklch), the color() function and user-defined color spaces for gradients and animations. The incredibly useful color-mix() function from CSS Color 5 (https://www.w3/TR/css-color-5/#color-mix) has also been included as a bonus!

3. CSS Root Font Units: ‘rex’, ‘rch’, ‘ric’, ‘rlh’

Adds root font units.

Previously, only ‘rem’ has been supported in Chrome. This feature adds root element variants of ex, ch, ic, and lh.

4. CSS Selectors 4 Pseudo-Class :nth-child(an + b of S)

Extend :nth-child(an + b) to take a selector, and the same with :nth-last-child. So e.g. :nth-child(3 of .c) is the third .c under a given parent. (This is not the same as .c:nth-child(3), which is a .c that must also be the third element under a given parent.)

5. CSS Trigonometric functions

Add trigonometric functions sin(), cos(), tan(), asin(), acos(), atan(), atan2() to CSS math expressions.

MDN: https://developer.mozilla/en-US/docs/Web/CSS/CSS_Functions#trigonometric_functions

6. Media Session API: Presenting slides actions

Adds “previousslide” and “nextslide” actions to the existing Media Session API.

7. Resizable ArrayBuffer and growable SharedArrayBuffer

Extend the ArrayBuffer constructors to take an additional maximum length that allows in-place growth and shrinking of buffers. Similarly, SharedArrayBuffer is extended to take an additional maximum length that allows in-place growth.

8. Speculation rules: referrer policy key

This extends the speculation rules 1 syntax to allow developers to specify the referrer policy to use with speculative requests triggered by speculation rules.

This also reintroduces the “sufficiently-strict referrer policy” requirement 2.

1 https://chromestatus/feature/5740655424831488
2 https://github/WICG/nav-speculation/blob/main/fetch.md#stripping-referrer-information

9. Streaming declarative shadow DOM

Chromium has shipped 1 a version of declarative shadow DOM in M90 which currently has 0.014% usage 2. Mostly, that is due to the spec PR being stalled with no input from other implementers. Recently, there has been renewed interest in the feature, and discussions have resumed. As part of those discussions, two changes have been generally agreed upon:

1. Rename the <template> attribute from shadowroot to shadowrootmode.
2. Support streaming, by attaching the shadow root on the opening, rather than the closing, template tag.

While the PR hasn’t landed, and there is still an open issue (related to the DOMParser), we would like to ship the agreed upon behavior listed above.

1 https://chromestatus/feature/5191745052606464
2 https://chromestatus/metrics/feature/timeline/popularity/3196

10. String.prototype.isWellFormed and toWellFormed

Add two String.prototype methods for working with well-formed UTF-16 strings.

A JavaScript string value is well-formed UTF-16 if it has no unpaired surrogate code points. By default, JavaScript strings may be ill-formed.

• String.prototype.isWellFormed returns whether the receiver string is well-formed UTF-16.

• String.prototype.toWellFormed returns a string that is identical to the receiver string, except all unpaired surrogate code points are replaced with U+FFFD (REPLACEMENT CHARACTER).

11. Style Container Queries for CSS Custom Properties

Adds a style() function to @container rules to make it possible to apply styles based on the computed values of custom properties of an ancestor element.

style() queries can be combined with size container queries which shipped in M105.

12. View Transitions API

View Transitions is an API that enables the creation of polished transitions. Web developers only need minimal effort to make transitions look nice. They can choose to use some default animation properties, or they can customize their own transition effects to achieve a desired transition experience.

This is accomplished by leveraging user-agents’ ability to persist visual representations of rendered output (i.e. snapshots) and blend them with the live DOM state’s rendered output. The API also allows these animations to be customized via standard CSS animation properties.

13. WebRTC Scalable Video Coding extensions

This extension defines a standard method for picking between possible Scalable Video Coding (SVC) configurations on an outgoing WebRTC video track.

14. WebXR enabledFeatures attribute

Returns the set of features that were enabled for this XRSession as specified by XRSessionInit and the Implied Features required by the spec for the given mode/features. For a granted Session, this will contain all “requiredFeatures”, but may be a subset of optionalFeatures.

Most features have alternate ways to detect if they were granted; however, for some features the signal of whether or not a feature was enabled may tie closely with data for a feature just not being available “right now”, rather than data not being available “ever”. By querying enabledFeatures, you can determine if any helpful hints (e.g. to improve/start tracking) should be shown, or if a feature will never be supported in the current session. Future WebXR features may not have other signals to detect whether or not they were enabled, and would require querying this attribute.

15. baseline-source

The “baseline-source” properties allows web developers to specify if an inline-level box should use the “first” or “last” baseline for alignment within an linebox.

Today the default behaviour is confusing for web developers. Consider:

test <div style="display: inline-block;">line1<br>line2</div>
test <div style="display: inline-flex;">line1<br>line2</div>

The “inline-block” will align to the last baseline, and the “inline-flex” will align to the first baseline.

“baseline-source: auto” is the existing (confusing) behaviour.

Web developers can specify “baseline-source: first” or “baseline-source: last” to directly determine how they want these boxes to align within a line-box.

16. font-variant-alternates and the @font-feature-values at-rule

font-variant-alternates enables simpler access to glyph alternates in fonts such as as a swashes, character-variants, ornaments and more. It provides an easier method over having to use 4-letter-codes as arguments to font-feature-settings. font-variant-alternates refers to the @font-feature-values at-rule to map speaking feature names to OpenType feature numbers. In the font-variant-style rule, the requested feature activation becomes easy to use and to read and allows flexible combination of font features.

17. Deprecate and remove PaymentInstruments

PaymentInstruments is the Web API that backs non-JIT install of payment apps (see https://w3c.github.io/payment-handler/).

It was designed with the assumption that the browser would store the actual payment instrument details, which has not turned out to be true, and has some privacy leaks. It also has not shipped on any other browser, not have we seen any interest from other browser vendors.

As such, this API has been deprecated and removed.

18. Deprecate and remove: connect-src CSP bypass in Web Payment API

Deprecate the ability for Web Payment API to bypass the connect-src CSP policy when fetching the manifest.

After this deprecation, a site’s connect-src CSP policy will need to allow for the payment method URL specified in a PaymentRequest call, as well as any other URLs that the method chains to fetch its manifest.

19. Merchant identity in “canmakepayment” event

The “canmakepayment” service worker event lets the merchant know whether the user has a card on file in an installed payment app. It used to silently pass the merchant’s origin and arbitrary data to a service worker from payment app origin. This cross-origin communication happened on PaymentRequest construction in JavaScript, did not require a user gesture, and did not show any user interface. This silent data passage has been removed from the “canmakepayment” event (and the Android IS_READY_TO_PAY Intent).

chromium112 Features:10

1. CSS :has() : Non-forgiving parsing

Make :has() unforgiving - ‘:has()’ will be invalid if there is an invalid selector in its argument.

CSSWG issue resolution: https://github/w3c/csswg-drafts/issues/7676#issuecomment-1341347244

2. CSS @supports : Always non-forgiving parsing

Some functional selectors are parsed forgivingly. (e.g. :is(), :where())

If an argument of the functional selectors is unknown or invalid, the argument is dropped but the selector itself is not invalidated.

To provide a way of detecting the unknown or invalid arguments in those functional selectors, this feature applies the CSS Working Group issue resolution:

• @supports uses non-forgiving parsing for all selectors
  (https://github/w3c/csswg-drafts/issues/7280#issuecomment-1143852187)

3. “Reload this page” infobar no longer shown if top-level frame is observing permission changes

Suppresses the “Reload this page” infobar if the top-level frame is subscribed to the PermissionStatus.onchange event, which is taken as an indication that the application wishes to dynamically react to camera/microphone permission changes initiated through the page info dialog. Regardless of the presence of the event listener, the pre-existing behavior remains unchanged that media streams are terminated immediately once the permission is revoked.

4. Add optional submitter parameter to FormData constructor

Allow passing a submit button to the FormData constructor.

If the button has a name or is an image button, it will contribute to the form data set. This makes it possible to create a FormData object with the same data set as a vanilla form submission triggered by the button.

5. CSS Nesting

Add the ability to nest CSS style rules inside other style rules, combining selectors from the outer with the inner rule for increasing modularity and maintainability of style sheets.

6. CSS animation-composition property

Implement animation-composition property.

Allows to specify the composite operation to use when multiple animations affect the same property simultaneously.

7. RegExp v flag with set notation + properties of strings

Add set operations, string literals, nested classes and unicode properties of strings to regular expression character classes.

Set operations and unicode properties of strings allow developers to create regular expressions matching strings with certain unicode characters with ease. E.g. /[\p{Script_Extensions=Greek}&&\p{Letter}]/v matches all greek letters.

8. WebAssembly Tail Call

Add an explicit tail call and indirect tail call opcodes to WebAssembly.

9. WebGLContextEvent on Web Workers

The WebGLContextEvent type has been defined in Khronos’ WebGL specification for a number of years, but it was not noticed until recently that in Blink, this type is not exposed on web workers. (Most applications simply add an event listener for the type, and do not look for its prototype in the global scope.)

This is a simple fix to Blink’s Web IDL for WebGLContextEvent, but is a web exposed change.

10. Removal of X-Requested-With in WebView

Removes the default X-Requested-With header from HTTP requests made by WebView.

The X-Requested-With header is set by WebView, with the package name of the embedding apk as the value. This use of the header will be discontinued.

Developers who rely on this header can sign up for a deprecation origin trial 1 to continue to receive the header during the deprecation period.

The deprecation origin trial will be extended until replacement APIs are available to address use cases of the header, as explained in this Android Developer Blog Post 2

chromium113 Features:9

1. Remove support for Web Push Notifications using FCM Sender IDs

• Chrome shipped support for Web Push Notifications using FCM Sender IDs M42 (March 2015), after which we added support for a standardized authentication path in M52 (July 2016).

• We have been deprecating support for FCM Sender IDs since, adding console warnings and blocking the list of senders in 2019, and blocking all new subscription requests using sender IDs in 2020. Today we see <1000 unique senders still relying on Chrome to receive such messages in a 7-day window – this is a tiny portion of full Web Push usage.

• Following this prolonged deprecation path, we’re now proceeding to remove support for Chrome to receive messages for subscriptions that were once created using FCM Sender IDs. Users who receive such messages will stop receiving them until they re-visit the sender’s website, at which time it has the chance to renew the subscription. We unfortunately cannot automatically update such subscriptions. The roll-out will be done server-side.

2. CSS “overflow” media features

Implements “overflow-inline” and “overflow-block” media features.

Allows to distinguish styles for displays with different overflow characteristics.

3. CSS “update” media feature

Implements “update” media feature.

Allows to distinguish styles for print, slow and fast output displays:
print - for documents on the paper;
slow - for e-ink and underpowered displays;
fast - regular computer displays.

4. Fetch: Headers.getSetCookie()

Adds a way to get the values of multiple Set-Cookie headers without combining them.
In HTTP, Set-Cookie is a special header for historical reasons because it can appear multiple times in a response but cannot be combined, unlike other headers. Headers objects don’t currently support having multiple values of the Set-Cookie header, and this feature adds that capability.

5. Linear easing function

Introduces linear() easing function that allows linear interpolation between a number of points. It makes it possible to approximate complex functions by linear interpolation.

6. WebAuthn: Large blob storage extension (largeBlob)

Adds support for the WebAuthn largeBlob 1 client authenticator extension. This extension allows relying parties to store opaque data associated to a credential.

1 https://w3c.github.io/webauthn/#sctn-large-blob-extension

7. WebGPU

WebGPU is the successor to the WebGL and WebGL 2 graphics APIs for the Web. It provides modern features such as “GPU compute” as well as lower overhead access to GPU hardware and better, more predictable performance. WebGPU is developed by the “GPU for the Web” W3C community group.

8. image-set

image-set() is a CSS type for specifying a range of image options, such as different images for different screen densities, and letting the browser select the best one. It can be used with CSS properties such as background-image.

This feature adds the unprefixed “image-set” type so authors no longer need to use “-webkit-image-set”. The implementation has also been brought up to the current spec with new resolution units (dppx, dpi, dpcm), image type support (e.g., type(“image/avif”)), raw urls without “url()”, and gradient image options.

9. Secure Payment Confirmation: Rename rp --> rpId in CollectedClientAdditionalPaymentData

Secure Payment Confirmation (SPC) is a Web API to support streamlined authentication during a payment transaction. It builds on top of WebAuthn to bring strong authentication to payment flows.

In the initial spec and implementation of SPC, the output CollectedClientAdditionalPaymentData dictionary0 of the cryptogram contained a parameter named ‘rp’. This was renamed in the specification1 to ‘rpId’ to align with WebAuthn, and Chrome is changing its implementation to match (that is, adding ‘rpId’ and removing ‘rp’).

chromium114 Features:10

1. JSON.parse source text access

This proposal adds an object with a “source” property that is passed as the 3rd argument to the reviver function in JSON.parse. This property contains the raw source text for the value being parsed.

It is designed to address the issue that JSON parsing is lossy, e.g. around BigInt values. For example, JSON.parse(" 9999999999999999", (key, val, {source}) => BigInt(source)).

2. ArrayBuffer.prototype.transfer

Adds the ArrayBuffer.prototype.transfer method, which copies the receiver buffer, detaches the receiver, then returns the copy. This adds a JS API for what is possible via structured cloning.

Also adds ArrayBuffer.prototype.transferToFixedLength and the ArrayBuffer.prototype.detached getter.

This is a TC39 proposal.

3. CSS headline balancing

Adjusts the lengths of lines in a paragraph balanced, for better readability and to minimize typographic orphans.

This is often useful for headlines. For example:

h1, h2, h3, h4, h5, h6, blockquote { text-wrap: balance; }

More examplles can be found in a Chrome Developers blog <https://developer.chrome/blog/css-text-wrap-balance/>.

In addition to the “text-wrap” property, the “white-space-collapse” property is also supported, and the “white-space” property becomes a shorthand of these two properties.

4. Cookies Having Independent Partitioned State (CHIPS)

Chrome plans to obsolete third-party cookies, therefore developers need the ability to use cookies in third-party contexts that are partitioned by top-level site. This is necessary for use cases that are not cross-site tracking related. For example, SaaS embeds, headless CMS, and sandbox domains). The CHIPS cookie attribute of Partitioned enables developers to opt into having their third-party cookies partitioned by top-level site.

5. Scrollend Event

Helps developers reliably tell when a scroll has completed (including both the scroll itself and any updates to offsets from the scroll) through event listeners.

Knowing when a scroll has completed is useful for various reasons, e.g. synchronizing some logic on the snapped section, fetching stuff in a list, triggering new animations, etc.
This feature greatly simplifies the logic for handling end-of-scroll effects, ensuring that they are consistent across many different input modalities. Currently, developers address this need by observing scroll events and building ad-hoc timeout algorithms.

6. The Popover API

An API that can be used to build transient user interface (UI) elements that are displayed on top of all other web app UI. These include user-interactive elements like action menus, form element suggestions, content pickers, and teaching UI. This API uses a new popover content attribute to enable any element to be displayed in the top layer. This is similar to the <dialog> element, but has several important differences, including light-dismiss behavior, popover interaction management, animation and event support, and the lack of a “modal” mode.

7. Use RegExp v flag instead of u for HTML pattern attribute

The <input pattern> attribute allows developers to specify a regular expression pattern against which the input’s values are checked for validity.

<label>
  Part number:
  <input pattern="[0-9][A-Z]{3}" name="part"
         title="A part number is a digit followed by three uppercase letters.">
</label>

When the pattern attribute was first implemented, these regular expressions were compiled without any RegExp flags. In 2014, the HTML Standard changed this by implicitly enabling the u flag for the pattern attribute, enabling better Unicode support (including support for Unicode character properties like \p{Letter}). This change shipped in Chrome 53 (https://chromestatus/feature/4753420745441280).

Now, we’re taking this to the next level by enabling the new RegExp v flag instead of u, enabling the use of set notation, string literal syntax, and Unicode properties of strings.

(Context: The RegExp v flag is a JavaScript language feature which previously went through the Blink Intents process, and is now shipping in Chrome 112: https://chromestatus/feature/5144156542861312 This new ChromeStatus entry is specifically about integrating it with the HTML pattern attribute.)

8. Web Bluetooth exclusionFilters option in requestDevice()

The “exclusionFilters” option in navigator.bluetooth.requestDevice() allows web developers to exclude some devices from the browser picker. It can be used to exclude devices that match a broader filter but are unsupported.

9. WebAssembly extended-const Proposal

We implement the WebAssembly extended-const proposal according to https://github/WebAssembly/extended-const.
Specifically, we add i32.add, i32.sub, i32.mul, i64.add, i64.sub and i64.mul to the list of constant instructions.

10. overflow:overlay aliases overflow:auto

Removes the overflow:overlay scrolling mode, and makes overlay a legacy alias of auto.

overflow:overlay is the same as overflow:auto, except that it does not prevent content from extending into the scrollbar gutter, in cases where
non-overlay OS scrollbars are present. (If overlay scrollbars are present, there is no effect.) Example:

With overflow:overlay: https://output.jsbin/yujenuq/quiet

With overflow:auto: https://output.jsbin/ruzogaf/quiet

chromium115 Features:26

1. Deprecate the document.domain setter.

The document.domain setter allows developers to relax the same-origin policy, complicating the fundamental security boundary we aim to maintain, and putting roadblocks in the way of post-Spectre changes to Chromium’s process model. We should deprecate it, by making it opt-in via Origin-keyed agent clusters (https://chromestatus/features/5683766104162304)

The setter will remain, but the origin remains unchanged. In that case the compatibility risk is low.

2. HTTPS Upgrades

Automatically and optimistically upgrade all main-frame navigations to HTTPS, with fast fallback to HTTP.

3. Partitioning Storage, Service Workers, and Communication APIs

Note: this has launched in Chrome 115

We intend to partition a number of APIs in 3rd party contexts. This effort is focused on partitioning APIs above the network stack. This includes quota-managed storage, service workers, and communication APIs (like BroadcastChannel). See the explainer for more details:

https://github/wanderview/quota-storage-partitioning/blob/main/explainer.md

There is also a deprecation trial available as well as an enterprise policy:

https://developer.chrome/blog/storage-partitioning-deprecation-trial/
https://chromeenterprise.google/policies/#DefaultThirdPartyStoragePartitioningSetting

4. Scroll-driven animations

ScrollTimeline and ViewTimeline are an extension to the Web Animations spec which allow developers to use the position of a scroller or the position of an element within a scroller as an input ‘time’ rather than the default monotonic clock time. This enables fast scroll-based animations, such as a shrinking navigation bar, without requiring user script execution.

They can be declared and instantiated both via CSS and Javascript used in CSS animations and Web Animations.

5. Skip service worker no-op fetch handler

The feature makes the navigation of pages with no-op service worker fetch handlers fast by skipping them.

Some sites have a no-op (no operation) fetch listener (e.g. onfetch = () => {}). Since having the fetch listener was one of the requirements to be a progressive web app (PWA), we assume they did that to make their site recognized as PWA. However, it only brings overheads to start a service worker and execute a no-op listener without bringing any feature benefits like caching or offline capabilities because the code does nothing. To make the navigation to such pages faster, we would like to omit the service worker start and the listener dispatch from the navigation critical path if a user agent identifies that all the service worker’s fetch listeners are no-ops.

From version 112, Chromium starts to show console warnings if all the service worker’s fetch listeners are no-ops, and encourages developers to remove the useless fetch listeners. Hopefully sites stop using the useless fetch listeners and we can deprecate the feature in the future.

6. ‘display’ property with multiple values

CSS ‘display’ property supports two or three keywords.

Web authors can specify

• How the box and its neighbor boxes are located; inline or block
• How children of the box are laid out; flow, flex, grid, etc.
  separately.

For example,
display: inline flow instead of display: inline-block
display: block flex instead of display: flex

7. 8MB Limit for WebAssembly.Module() on the Main Thread

Chrome has extended the size limit on synchronous WebAssembly compilation on the main thread from 4KB to 8MB. This extension is possible thanks to improvements in the WebAssembly runtime V8. The 8MB limit has been determined through performance measurements on a Google Pixel 1 phone, which is currently considered a representative low-end phone. Future developments in V8 or in hardware may allow to extend the limit further. WebAssembly modules that are bigger than 8MB can be compiled asynchronously with WebAssemblypile(), or sychronously on a Worker.

8. Attribution Reporting API

This API measures ad conversions (e.g. purchases) and attributes them to ad interactions without using cross-site persistent identifiers like third-party cookies.

The API allows measurement through both event-level reports sent directly from the browser, and aggregatable reports which can be processed through a trusted service to create summary reports of attribution data.

An earlier version of this API was in Origin Trial from Chrome 86 through Chrome 97 which only supported click-through

9. Boolean Context Style Container Queries

Support style() container queries without a declaration value, only a property name, as a way of matching non-initial values.

Previously you would have to do:

not style(–my-property: initial)

Now you can do:

style(–my-property)

to match any non-initial value.

10. Clear BFCache during browsing data removal

When performing browsing data removal (e.g. via chrome://settings/clearBrowserData, hard reload, or the Clear-Site-Data header), the disk and in-memory cache for the HTTP response will be cleared. In addition to this, if the browsing data removal’s data type is “cache”, then all the BFCache entries matching the origin will be cleared as well.

11. FedCM: Support Credential Management Mediation Requirements for Auto Re-authentication

Supports “mediation requirements” to provide streamlined re-authentication UX for users who have created federated accounts on websites with FedCM API.

12. Fenced frames

Fenced frames are frames isolated from their embedding page. More details in the explainer here: https://github/WICG/fenced-frame/tree/master/explainer

The OT for fenced frames is part of the joint Privacy Sandbox OT, which follows the timeline here: https://privacysandbox/intl/en_us/open-web/

13. Permissions-Policy: unload

This feature allows pages to disable the running of unload event handlers. The goals are:

• allow sites that have removed all unload handlers to not regress (i.e. accidentally adding new ones)
• allow sites to “remove” (skip) unload handlers (e.g. if updating the code is infeasible, or if they have nondeterministic chains of third parties and would rather not risk the BFCache benefits over unload handlers in third party code).

Unload event handlers are problematic for various reasons and prevent use of BFCache on Desktop (see https://web.dev/bfcache/#never-use-the-unload-event). This is the first step to deprecating and removing unload handlers.

14. Privacy Sandbox Ads APIs

A collection of APIs to facilitate advertising: FLEDGE, Topics, Fenced Frames and Attribution Reporting.

15. Private State Token API

This is a new API for propagating user signals across sites, without using cross-site persistent identifiers like third party cookies for anti-fraud purposes. Anti-fraud methods that rely on third party cookies will not work once third party cookies are depreciated. The motivation of this API is to provide means to fight fraud in a world with no third party cookies.

Private State Token API does not generate or define anti-fraud signals. This is up to the corresponding first party and the token issuers. The API enforces limits on the information transferred in these signals for privacy concerns. Private State Token API is based on the Privacy Pass protocol from the IETF working group. It can be considered as a web-exposed form of the Privacy Pass protocols.

Private State Token API spec is to be updated for new versions and types of tokens. The API will be kept up to date with the Privacy Pass working group specs. Expected changes would be in the underlying cryptographic protocols and token issuance code. We do not expect changes in the developer facing fetch API.

The Private State Token API was formerly known as the Trust Token API. It is renamed to more accurately capture the underlying semantics and to highlight the privacy benefits to users.

16. Protected audience API (formerly FLEDGE)

Provides a privacy advancing API to facilitate interest group based advertising. The Protected Audience API shifts the interest data and the final ad decision browser-side instead of server-side, offering many advantages: strong privacy guarantees, as well as time limits on group membership, transparency into how the advertiser interest groups are built and used, and granular or global controls over this type of ad targeting.

17. Related Website Sets

Related Website Sets (“RWS”) provides a framework for developers to declare relationships among sites, to enable limited cross-site cookie access for specific, user-facing purposes. This is facilitated through the use of the Storage Access API.

18. Resource Timing: Expose interim response times

Expose PerformanceResourceTiming.firstInterimResponseStart

In cases where a navigation or subresource fetch encounters an interim 1xx response, e.g. 100 continue or 103 early hints, firstInterimResponseStart would now correspond to the time of that first interim response, while responseStart would correspond to the final response, e.g. with 200 status.

19. Topics API

The intent of the Topics API is to provide callers (including third-party ad-tech or advertising providers on the page that run script) with coarse-grained advertising topics that the page visitor might currently be interested in. These topics will supplement the contextual signals from the current page and can be combined to help find an appropriate advertisement for the visitor.

Explainer: https://github/jkarlin/topics

20. Update of “xml” prefix handling in lookupNamespaceURI() and createNSResolver()

Node.lookupNamespceURI() supports “xml” and “xmlns” prefixes by default. The function returns fixed namespace strings for them.

Document.createNSResolver() and XPathEvaluator.createNSResolver() stops to wrap the specified node to add “xml” prefix handling. They return the specified node as is.

Web developers can use an element as an XPathNSResolver without wrapping it with createNSResolver().

21. VisibilityStateEntry

Exposes visibility state (visible/hidden) in the performance timeline.

The timeline would always have an entry with a startTime of 0 and the initial visibility state, plus entries corresponding to any visibility state change.

22. WGSLLanguageFeatures for WebGPU

Adds the wgslLanguageFeatures getter on the GPU object for WebGPU, and its corresponding WGSLLanguageFeatures type.

23. WebDriver commands for interacting with FedCM dialogs

This exposes several WebDriver commands to allow browser automation, such as automated testing, to interact with FedCM dialogs.

24. Deprecate Mutation Events

Mutation Events, including DOMSubtreeModified, DOMNodeInserted, DOMNodeRemoved, DOMNodeRemovedFromDocument, DOMNodeInsertedIntoDocument, and DOMCharacterDataModified, are quite bad for page performance, and also significantly increase the complexity of adding new features to the Web. These APIs were deprecated from the spec (https://w3c.github.io/uievents/#legacy-event-types) in 2011, and were replaced (in 2012) by the much better-behaved Mutation Observer API. Usage of the obsolete Mutation Events must be migrated to Mutation Observer.

Mutation events are deprecated starting in Chrome 115, and support will be disabled by default starting in Chrome 127, around July 30, 2024.

25. Private Aggregation API

A generic mechanism for measuring aggregate, cross-site data in a privacy preserving manner. The potentially identifying cross-site data is encapsulated into “aggregatable reports”. To prevent leakage, this data is encrypted, ensuring it can only be processed by the aggregation service. During processing, this service will add noise and impose limits on how many queries can be performed.

26. Shared Storage API

Allows for unpartitioned storage that may only be read in a secure environment with carefully constructed output gates. This API is intended to support many of the use cases of third-party cookies without permitting cross-site user tracking.

chromium116 Features:11

1. Display and content-visibility animations

Support specifying display and content-visibility in animations. This support allows for developers to create exit animations after which the element automatically becomes display: none or content-visibility: hidden without needing to write any javascript to handle that switch after the animation is finished. This allows exit animations for elements to be added purely in CSS.

2. AbortSignal.any()

AbortSignal.any(signals) returns a signal that is aborted when any of the source signals are aborted. Developers can use this to combine independent abort sources, e.g. timeouts specified with AbortSignal.timeout() and signals associated with user input, and pass them to async APIs like fetch().

3. BYOB support for Fetch

Makes Response.body be a readable byte stream instead of a “default” readable stream. This enables it to be used with bring-your-own-buffer (BYOB) readers, reducing garbage collection overhead and copies.

4. Bounce Tracking Mitigations

This feature mitigates bounce tracking on the web. It works by deleting state from sites that access storage during a redirect that the user has never directly interacted with. See the specification for more details.

5. CSS Motion Path

Motion path allows authors to position any graphical object and animate it along an author specified path.

This allows a number of powerful new transform possibilities, such as positioning using polar coordinates (with the ray() function) rather than the standard rectangular coordinates used by the translate() function, or animating an element along a defined path, making it easy to define complex and beautiful 2d spatial transitions.

Path can be specified as circle(), ellipse(), rect(), inset(), xywh(), polygon(), ray() and url(). With path() being already implemented before.

6. Document picture-in-picture

Document Picture-in-Picture adds a new API to open an always-on-top window that can be populated with arbitrary HTMLElements.

This is an expansion upon the existing HTMLVideoElement API that only allows for an HTMLVideoElement to be put into a PiP window. This allows web developers to provide a better PiP experience to users.

7. Expanded Wildcards in Permissions Policy Origins

Subdomain wildcards in allowlists provided some valuable flexibility, but differed from existing wildcard parsers and required novel code and spec work. This intent will reduce that overhead by reusing parts of the existing Content Security Policy spec and permitting ‘scheme + wildcard domain’ and ‘wildcard port’ in the allowlist.

Specifically, this intent would adopt the definition of host-source and scheme-source instead of origin in the Allowlist definition while requiring that the path-part is empty (as Permissions Policies apply to matching origins).

8. FedCM bundle: LoginHint, UserInfo, and Context

Allows customizations to federated login flows that use FedCM.

With LoginHint, the RP can specify a hint about the user account they want displayed in the FedCM UI. Accounts which do not match the hint are not displayed. This is mainly used to provide a better UX for returning users.

The UserInfo extension allows the IDP to personalize the login experience for returning users, for instance via personalized buttons. After the user has used FedCM with a given IDP on some RP site, this API provides some information about the user accounts to the IDP on subsequent visits to the RP.

With the context parameter, the IDP can request for the FedCM dialog to show a different title than “Sign in”, to improve the message being displayed to the user in the FedCM UI.

9. Non-composed Mouse and Pointer enter/leave events

Make the eventposed property in mouseenter, mouseleave, pointerenter and pointerleave events “false” to be spec compliant and to fix interop gaps.

Both the UI Events spec for Mouse Events and the Pointer Events spec define these events as non-composed. Both specs switched away from their original definitions few years ago:
https://github/w3c/uievents/pull/210
https://github/w3c/pointerevents/pull/461

In addition to addressing the interop gap, this change also fixes an erroneous double/triple dispatch of these events to a shadow DOM host in Chromium when the shadow DOM also listens to the event (https://crbug/1136584).

10. Remove document.open sandbox inheritance

Sandbox flags of the caller are currently applied to the callee when document.open targets a different window. Stop doing it.

11. Report Critical-CH caused restart in NavigationTiming

Websites can indicate that a particular Client Hint is critical to the page by including it in a Critical-CH HTTP response header. Doing so will trigger a connection restart if the hint listed in the Critical-CH HTTP response header could be (but wasn’t) included in the HTTP request initially sent. This intent proposes adding readonly attribute DOMHighResTimeStamp criticalCHRestart; to the PerformanceNavigationTiming interface.

chromium117 Features:30

1. CSS overlay property

Introduce an overlay property to allow authors to keep elements in the top layer for an exit transition.

The overlay property is added to indicate if an element is in the top layer or not. It can take two values: ‘none’, ‘auto’. User agent stylesheets add !important rules to control whether elements are rendered in the top layer or not, and not let author styles override. However, authors can add ‘overlay’ to the list of transition-properties for an element to defer the removal from the top layer for the duration of the transition. That way the author can do exit transitions for elements like dialogs:

transition-property: overlay
transition-duration: 0.4s

2. Storage Access API with Prompts

Provides a means for authenticated cross-site embeds to check their access to (unpartitioned) cookies and request access if they are blocked. Supports user prompts, and additionally includes user-agent-specific behaviors.

3. Warning on insecure downloads

To ensure users are aware of the risks of downloads delivered over an insecure connection, Chrome will display a bypassable warning for some downloads delivered over an insecure connection. Which downloads are warned about will depend on whether the user has enabled HTTPS-First Mode and whether the file type has a substantial risk of parsing vulnerabilities that can lead to code execution.

4. Array grouping

Adds news Object.groupBy(iterable, groupCallback) and Map.groupBy(iterable, groupCallback) to perform a grouping or bucketing operation. The Object method returns a plain object, where the groups are property keys. The Map method returns a Map, where the keys can be arbitrary values.

5. CSS @starting-style Rule

Allow authors to start CSS transitions on first style update

CSS transitions do not trigger transitions from initial styles on the first style update for an element, or when the display type changes from ‘none’ to some other type. That is done to avoid unexpected transitions from initial styles.

If the author wants to start a transition from the first style update, that can now be done by applying styles from within a @starting-style rule.

If there is no pre-existing style for an element, but there are selectors inside @starting-style rules that match the element, a style is computed with rules inside @starting-style matching, before the actual style is computed without @starting-style rules matching. Any differences in computed style for transitioned properties will trigger transitions between the styles with and without @starting-style rules applied.

Example which starts a background-color transition from green to lime on the first style update for a div:

div {
transition: background-color 0.5s;
background-color: lime;
}

@starting-style
div {
background-color: green;
}
}

6. CSS Subgrid

Implements the CSS Grid Layout Module Level 2 specification, which introduces the concept of a “subgrid” to nested grid containers.

7. CSS cap and rcap font units

‘cap’ is equal to the used cap-height of the first available font.
‘rcap’ is equal to the value of the cap unit on the root element.

8. CSS text-wrap: pretty

Adjusts line breaking to avoid a short single word on the last line (also known as typographic orphans.)

When text-wrap: pretty is specified, paragraphs that will end up with a short single word on the last line are adjusted so that the last line has two or more words. It also adjusts hyphenation if consecutive hyphenated lines appear at the end of a paragraph.

The algorithm is based on the Knuth-Plass algorithm, as used by TeX. It computes scores for all candidates, and chooses the best one. To balance between the typographic benefits and the performance impacts, it adjsuts the last 4 lines of paragraphs that meet certain conditions.

9. CSS transition-behavior property

The transition-behavior CSS property is a longhand of the transition property which allows discrete properties to be used in transitions. By specifying the “allow-discrete” value for transition-behavior, discrete properties will now start animations and flip from their initial value to their final value at 50%, except for transitions where display:none and content-visibility:hidden are one of the initial or final values, in which case the visible value will be used for the entire duration of the transition. More details here: https://drafts.csswg/css-transitions-2/#transition-behavior-property

10. Change beforeunload handler dialog condition

To comply with HTML standard, there are two new changes on how the cancel dialog gets prompted for beforeunload event.

1. If event.preventDefault() is called, prompt cancel dialog.

2. If event.returnValue is the empty string, do not prompt cancel dialog.

3. Clear Client Hints via Clear-Site-Data header

Websites will now be able to clear the client hints cache using Clear-Site-Data: “clientHints”. Client hints will also now be cleared when “cookies”, “cache”, or “*” are targeted by the same header. This is because if the user clears cookies in the UI client hints are already cleared as well, the client hints cache is a cache, and to be consistent with wildcard targets respectively.

12. Clear-Site-Data header wildcard syntax

Websites will now be able to clear all storage targets (“cookies”, “cache”, and “storage”) by sending Clear-Site-Data: “*”. Note that Chrome does not support clearing “executionContexts” at the moment, but if we added it in the future any header targeting “*” would then clear them too.

13. Deprecate TLS SHA-1 server signatures

Chrome is removing support for signature algorithms using SHA-1 for server signatures during the TLS handshake. This does not affect SHA-1 support in server certificates, which was already removed, or in client certificates, which continues to be supported.

SHA-1 can be temporarily re-enabled via the temporary InsecureHashesInTLSHandshakesEnabled enterprise policy. This policy will be removed in Chrome 123.

14. Make CaptureController derive from the EventTarget interface

The CaptureController interface enables further manipulation of a screen capture session. In the future, it is expected that the events related to a capture session are dispatched on that controller. To be able to manage listeners for such events, the EventTarget methods are made available on CaptureController.

15. Per-frame quantizer in VideoEncoder

Adds “quantizer” VideoEncoderBitrateMode for VideoEncoder.
This allows to specify quantizer parameter for each frame for AV1, VP9, and AVC video codecs.

Explainer: https://gist.github/Djuffin/3722232679b977058be787be0dff4254

16. PerformanceResourceTiming deliveryType

Expose information about how a resource was delivered. For example, resources which were delivered from the cache (currently exposed through transferSize) and navigations which were prefetched by the previous page are useful to identify.

17. Port overflow check in URL setters

The port value will be checked when setting url.port.

All the values that overflows the 16-bit numeric limit will be no longer valid.

For instance the following script behave differently after the change:

u = new URL("http://test");
u.port = 65536;
console.log(u.port);

Before the change the output is 65536. After the change the output will be 80.

18. RFC 7616 Digest auth: Support SHA-256 and username hashing

This change adds SHA-256 and username hashing support to HTTP Digest authentication.

It brings Chrome to parity with Firefox that already supports SHA-256.

19. Removal of WebRTC getStats datachannelIdentifier -1

The WebRTC getStats API exposes a dataChannelIdentifier property
https://w3c.github.io/webrtc-stats/#dom-rtcdatachannelstats-datachannelidentifier

It will no longer provide the value “-1” in cases where statistics are queried before the datachannel connection is established. Instead, the dictionary member will be omitted. This follows the general pattern not to return meaningless information described in
https://w3c.github.io/webrtc-stats/#guidelines-for-implementing-stats-objects

20. Removal of WebRTC getStats encoderImplementation/decoderImplementation “unknown”

The WebRTC getStats API exposes the encoder and decoder implementation names for outbound and inbound video:
https://w3c.github.io/webrtc-stats/#dom-rtcoutboundrtpstreamstats-encoderimplementation

It will no longer provide the value “unknown” in cases where statistics are queried before a video frame was encoded or decoded. Instead, the dictionary member will be omitted. This follows the general pattern not to return meaningless information described in
https://w3c.github.io/webrtc-stats/#guidelines-for-implementing-stats-objects

21. URL Standard-compatible IPv4 embedded IPv6 host parser

The behavior of parsing IPv4 embedded IPv6 host parser will be updated to strictly follow the web URL standard: https://url.spec.whatwg/#concept-ipv6-parser

The introduced restrictions on the IPv6 address are:

• The embedded IPv4 address shall always consist of 4 parts. Addresses with less than 4 parts like http://[::1.2] will be no longer valid.

The feature is a part of the URL interop 2023.

22. URL: Allow “%00” as a valid URL path

Chrome currently considers a URL invalid if the URL’s path part
contains “%00” (or null), which is not compliant with the URL Standard
1. For example, the following test fails in Chrome because new
URL(…) throws an Invalid URL exception.

assertEquals(new URL(“http://example/%00”).pathname, “/%00”);

According to the URL Standard, any character or byte sequence in URL
path should not make the URL invalid.

Note: In other parts of URL, “%00” may still be considered invalid. For example,

new URL(“http://example%00/”);

throws an exception because “%00” is not a valid host codepoint.

• 1 https://url.spec.whatwg/

23. Web Serial support for Bluetooth RFCOMM services

Support Bluetooth RFCOMM services in the Web Serial API.

The Bluetooth RFCOMM (Radio frequency communication) protocol provides emulated RS-232 serial ports. This feature would enable applications to make connections to RFCOMM services on paired Bluetooth Classic devices using the Web Serial API.

24. WebHID in Extension Service Workers

Allows web developers to use the WebHID API in service worker contexts in extensions by exposing WebHID API to extension service workers.

25. WebRTC RTP header extension control

Extend the WebRTC RTCRtpTransceiver API to offer control over which RTP header extensions are negotiated.

26. WebUSB exclusionFilters option in requestDevice()

The “exclusionFilters” option in navigator.usb.requestDevice() allows web developers to exclude some devices from the browser picker. It can be used to exclude devices that match a broader filter but are unsupported.

27. contain-intrinsic-size: auto none support

This feature extends the existing contain-intrinsic-size syntax:
none | <length> | auto && <length>

to also include auto && none:
none | <length> | auto && <length> | auto && none

The reason for this change is the CSSWG resolution (https://github/w3c/csswg-drafts/issues/8407#issuecomment-1440466558) to add an interaction between content-visibility: auto and contain-intrinsic-size. Specifically, that the former adds an “auto” keyword to the latter. For this to work, the resolution includes a note to extend contain-intrinsic-size syntax for “auto” to work with all existing keywords, including “none”.

28. CSS property -webkit-highlight

Remove the CSS property -webkit-highlight intended to highlight text, but never standardized. It has no visible effect in chromium (it is parsed but never used in rendering content). The property was removed from WebKit in 2014 (https://bugs.webkit/show_bug.cgi?id=128456), has been marked as deprecated on MDN, and has been replaced recently with the CSS Highlight Pseudo spec (https://www.w3/TR/css-pseudo-4/#highlight-pseudos).

29. TLS Encrypted Client Hello (ECH)

The TLS Encrypted ClientHello (ECH) extension enables clients to encrypt ClientHello messages, which are normally sent in cleartext, under a server’s public key. This allows websites to opt-in to avoid leaking sensitive fields, like the server name, to the network by hosting a special HTTPS RR DNS record. (Earlier iterations of this extension were called Encrypted Server Name Indication, or ESNI.)

If your organization’s infrastructure relies on the ability to inspect SNI, for example, filtering, logging, and so on, you should test it. You can enable the new behavior by navigating to chrome://flags and enabling the #encrypted-client-hello flag.

If you notice any incompatibilities, you can use the EncryptedClientHelloEnabled enterprise policy to disable support for ECH.

30. [WebRTC] Unship callback-based legacy getStats()

RTCPeerConnection has two versions of getStats(), one that is spec-compliant returning the report via resolving a promise, and one that is non-standard returning a very different report via a callback as the first argument. The callback-based one will soon be removed. Removal target: M117. A deprecation trial is available M113-M121 for apps that need more time. In the M114+ the method will throw an exception in Canary/Beta unless using the trial.

chromium118 Features:21

1. Scroll-Animations: view-timeline also sets view-timeline-inset

The view-timeline shorthand is now shorthand for view-timeline-name, view-timeline-axis, and view-timeline-inset. Previously, view-timeline-inset was not part of the shorthand.

2. WebUSB in Extension Service Workers

Allows web developers to use WebUSB API when responding to extension events by exposing WebUSB API to Service Workers registered by browser extensions. This API will not yet be exposed to Service Workers registered by sites but the implementation experience gained by supporting the API for extensions will be valuable for such a future project.

3. Zstd Content-Encoding

Zstandard, or “zstd”, is a data compression mechanism described in RFC8878. It is a fast lossless compression algorithm, targeting real-time compression scenarios at zlib-level and better compression ratios. The “zstd” token was added as an IANA-registered Content-Encoding token as per https://datatracker.ietf/doc/html/rfc8878#name-content-encoding.

Adding support for “zstd” as a Content-Encoding will help load pages faster and use less bandwidth, and spend less time and CPU/power on compression on our servers, resulting in reduced server costs.

4. @scope

Allows authors to scope style rules to a given scoping root, and style elements according to the proximity of that scoping root.

5. Block all cookies set via JavaScript that contain control characters

Updates how control characters in cookies set via JavaScript are handled. Specifically, all control characters cause the entire cookie to be rejected (previously a NULL character, a carriage return character, or a line feed character in a cookie line caused it to be truncated instead of rejected entirely, which could have enabled malicious behavior in certain circumstances). This behavior aligns Chrome with the behavior indicated by the latest drafts of RFC6265bis.

This change can be disabled using the --disable-features=BlockTruncatedCookies or the BlockTruncatedCookies enterprise policy, which will exist for several milestones in case this change causes any breakage.

6. CSS logical flow-relative values

Add these new values to existing CSS properties: ‘float: inline-start’, ‘float: inline-end’, ‘clear: inline-start’, ‘clear: inline-end’, ‘resize: block’, ‘resize: inline’.

These flow-relative directional keywords resolve to a physical value depending on the writing mode or direction of the element or its containing block.

7. Consistent minimum font size across languages

Changes the default setting for the “Minimum font size” of the 7 languages (Arabic, Farsi, Japanese, Korean, Thai, Simplified and Traditional Chinese) to be off by default to improve the interoperability and the accessibility.

Before this change, this setting is off by default for all languages except the 7 languages. This change makes these languages consistent with other languages.

Note, this is not about changing the “Minimum font size” feature itself. It will be available without any changes for the accessibility and for readability.

8. Detect UA Transitions on same-document Navigations

Smooth visual transitions as users navigate on the web can lower cognitive load by helping users stay in context. However, the user experience is bad if both the site author and the UA add these transitions: the transitions may conflict and cause confusion for the user. This API avoids such cases to ensure only one visual transition is executed at a time.

The API adds a boolean on PopStateEvent and NavigateEvent to indicate whether the UA has executed a visual transition for this navigation. Authors can use this to skip their custom transition.

9. Form Controls Support Vertical Writing Mode

CSS property writing-mode should be enabled for form controls elements as it will allow lines of text to be laid out horizontally or vertically and it sets the direction in which blocks progress.

With this feature, we are allowing the form control elements select, meter, progress, button, textarea and input to have vertical-rl or vertical-lr writing mode. As needed for Web compatibility, we will slowly rollout the change for a number of form controls in 118 and continue in future milestones.

• –enable-features= FormControlsVerticalWritingModeSupport
• –enable-features= FormControlsVerticalWritingModeTextSupport

10. HTML search element

The <search> element applies a “search” role for accessibility. It is basically the same as <div role=search>.

From the HTML spec:
The search element represents a part of a document or application that contains a set of form controls or other content related to performing a search or filtering operation. This could be a search of the web site or application; a way of searching or filtering search results on the current web page; or a global or Internet-wide search function.

11. HTTP/3 protocol upgrade for HTTPS DNS records with h3 alpn parameter

HTTPS DNS resource records can provide information about supported protocols such as HTTP/3 with “alpn” parameter. If Chrome receives a HTTPS DNS record indicating HTTP/3 support, Chrome will connect to the server using the HTTP/3 protocol.

12. Horizontal rules inside select elements

This feature makes the HTML parser allow <hr> tags inside <select> tags. These <hr> elements create horizontal borders in between <option> elements in the listbox popup.

13. Make URL parser to not decode percent-encoded ASCII characters in URL’s path

Make URL parser to not decode percent-encoded ASCII characters in URL’s path, such as “%41” (‘A’).

Before this change:

const url = new URL(“http://example/%41”);
url.href
“http://example/A”

After this change:

const url = new URL(“http://example/%41”);
url.href
“http://example/%41”

14. Media Queries: prefers-reduced-transparency feature

Adds the prefers-reduced-transparency feature, which lets authors adapt web content to user-selected preference for reduced transparency in the OS, such as the ‘Reduce transparency’ setting on macOS.

Valid options are ‘reduce’ or ‘no-preference’.

15. Remove Payment Request User Activation Requirement

To help developers reduce friction in Payment Request flows, we are removing the user activation requirement. Spam and clickjacking mitigations are put in place to mitigate security and privacy risks with this change.

16. Remove Secure Payment Confirmation user activation requirement

To help developers reduce friction in Secure Payment Confirmation flows, we are removing the user activation requirement. Spam and clickjacking mitigations are put in place to mitigate security and privacy risks with this change.

17. Remove non-standard appearance keywords

Since only standard appearance keywords should be supported, we are removing the appearance (and -webkit-appearance) keywords that shouldn’t be supported anymore:

• inner-spin-button
• media-slider
• media-sliderthumb
• media-volume-slider
• media-volume-sliderthumb
• push-button
• searchfield-cancel-button
• slider-horizontal
• sliderthumb-horizontal
• sliderthumb-vertical
• square-button

Note that value “slider-vertical” will not be removed as part of this
patch it is used for allowing <input type=range> vertical. It will be
removed once feature FormControlsVerticalWritingModeSupport is enabled in stable.

With the feature enabled, if using any of the above keywords, a console warning will be shown, but the keyword will be recognized as a valid value.
With the feature disabled, the appearance property will be ignored.

As needed for Web compatibility, we will progressively remove the
appearance keywords based on their usage:

• –disable-features=NonStandardAppearanceValuesLowUsage
• –disable-features=NonStandardAppearanceValuesHighUsage

For release 118, we will disable the low usage values, currently at page load usage below 0.001%.

• media-slider at 0.000361
• media-sliderthumb at 0.000187%
• media-volume-slider at 0.000143%
• media-volume-sliderthumb at 0.000109%
• sliderthumb-horizontal at 0.000182%
• sliderthumb-vertical at 0.000014%

18. Remove quirks mode behavior for option label attribute

Option elements support a “label” attribute which will cause the option to render with the text inside the attribute rather than the child text of the option element itself. This functionality is disabled in quirks mode, where the label attribute is ignored and the child text is always rendered.

This change will always use the label attribute in both standards mode and quirks mode.

19. Support stroke-box, content-box and border-box in the transform-box CSS property

Allows changing how the reference box for the ‘transform’ property is computed. This adds additional capabilities that will allow creating transforms/graphical effects where - for example - the width of the border of an element does not influence the result (e.g rotation around a point in the content box) or the stroke of an (SVG) element should influence the result (e.g rotating a stroked shape around its center - including the stroke).

20. XML documents merge consecutive CDATA sections into single node

This change causes sibling CDATA section nodes in an XML document to be merged into a single CDATA node.

This is to mitigate a bug in libxml: when a single CDATA section spans multiple input parser chunks, libxml buffers and emits the CDATA input into 300 byte runs. This unexpectedly causes a single CDATA section to be outputted into multiple DOM nodes (if the length of the input chunk is > 300 bytes).

This change updates the parser to always merge adjacent CDATA nodes. This addresses the libxml bug but will also affect explicitly authored CDATA sections in the same way. For example: <![CDATA[foo]]><!CDATA[bar]]> will result in a single CDATA DOM node with content “foobar”.

For more details, see https://crrev/f848cbce89b422 .

21. Back/forward cache NotRestoredReason API

NotRestoredReason API will report the list of reasons why a page is not served from BFcache in a frame tree structure, via PerformanceNavigationTiming API.

chromium119 Features:20

1. Keyboard-focusable scroll containers

Improves accessibility by making scroll containers focusable using sequential focus navigation. Today, the tab key doesn’t focus scrollers unless tabIndex is explicitly set to 0 or more.

By making scrollers focusable by default, users who can’t (or don’t want to) use a mouse will be able to focus clipped content using a keyboard’s tab and arrow keys. This behavior is enabled only if the scroller does not contain any keyboard focusable children. This logic is necessary so we don’t cause regressions for existing focusable elements that might exist within a scroller like a <textarea>.

2. Payment handler minimal header UX

This is a refresh of the browser UI associated with the Payment Handler API. Although there are no changes to the API surface with this feature, we’d like to run an origin trial starting in M112 to give payment handler providers a chance to experiment with the new UI ahead of the launch.

3. Promise.withResolvers

Promise.withResolvers is a static method that returns a new Promise along with its resolver functions, i.e. const { promise, resolve, reject } = Promise.withResolvers().

This is a standard version of a common helper function found in many JS libraries. Historically, some may know it as defer or deferred.

4. :user-valid and :user-invalid CSS pseudo-classes

The :user-invalid and the :user-valid pseudo-classes represent an element with incorrect or correct input, respectively, but only after the user has significantly interacted with it. This is similar to :valid and :invalid, but with the added constraint that these pseudo-classes only match after the user has interacted with the element.

5. CSS Relative Color Syntax (RCS)

The relative color syntax allows developers to define colors by modifying the parameters of other colors. For example:

oklab(from magenta calc(l * 0.8) a b);

Will result in an oklab magenta that is 80% as light.

https://www.w3/TR/css-color-5/#relative-colors

6. CaptureStartFocusBehavior enum value “focus-capturing-application”

The Screen Capture API lets the user select a tab, window, or screen to capture as a media stream. Using the existing CaptureController setFocusBehavior() method, web apps control whether the captured tab or window will be focused when capture starts, or whether the browser will leave focus with whichever surface last had focus.

The new enum value “focus-capturing-application” allows web apps to give a hint to the browser that the capturing page prefers to remain focused. The old value “no-focus-switch” now indicates that the application prefers that the user agent not change focus, leaving focus with whichever surface last had focus following the user’s interaction with the user agent and/or operating system. In Chrome’s current implementation, this means leaving the capturing application focused. In the future, if Chrome adopts the macOS picker, it could behave differently on Mac. This behavior could prove useful for a11y-conscious applications that prefer to minimize the number of focus-changes a user experiences, as those can be challenging for users with screen-readers.

7. Clip-path geometry-box values

Clip-path supports <geometry-box> values to control the clip’s reference box, making clip-path easier to use. These box values can be used alongside basic shapes (for example, clip-path: circle(50%) margin-box), or they can be used alone to clip to the specified box (for example, clip-path: content-box).

8. Clip-path xywh() and rect() values

Support the xywh() and rect() values on clip-path, which make it easier to specify rectangular or rounded-rectangular clips.

9. DisplayMediaStreamOptions monitorTypeSurfaces

When getDisplayMedia() is called, the browser offers the user a choice of display surfaces: tabs, windows, or monitors. Using the monitorTypeSurfaces option, the web application may now hint to the browser if it prefers to include display surfaces whose type is monitor among the choices offered to the user.

10. Fenced Frames M119 functionality updates

1. Additional format option for Protected Audience ad size macros
   In the Protected Audience API within the Privacy Sandbox, there is an opt-in feature that allows you to macro the size of the ad that wins the auction into the ad’s url, like:

https://ad?width={%AD_WIDTH%}&height={%AD_HEIGHT%}

(See https://github/WICG/turtledove/pull/417 for more details.)

To be more consistent with other types of macros in Protected Audience, like those used by deprecatedReplaceInURN and registerAdMacro, in M119 we’re adding the ability to use ${AD_WIDTH} and ${AD_HEIGHT} as the format for the macros in addition to the current format.

2. Automatic beacons will now send to all registered URLs.

Previously, only destinations specified when calling setReportEventDataForAutomaticBeacons() receive automatic beacons, even if that destination called registerAdBeacon() for “reserved.top_navigation” in their worklet. Now, any destination that called registerAdBeacon() for “reserved.top_navigation” will get an automatic beacon, but only destinations specified in setReportEventDataForAutomaticBeacons() will get automatic beacon data along with the beacon.

The “once” parameter in setReportEventDataForAutomaticBeacons() will now determine whether the data is sent out once, rather than determine if the entire beacon is sent once.

11. Read Chrome device attributes

Device Attributes Web API is a subset of Managed Device Web API, that provides web applications the capability to query device information (device ID, serial number, location, etc).

12. Remove Authorization header upon cross-origin redirect

The Fetch standard has updated to remove Authorization header on cross origin redirects. Chrome should follow the spec change.

13. Replace dangling markup in target name to _blank

This change replaces the navigable target name (which is usually set by target attribute) to _blank, if it contains a dangling markup (i.e. \n and <).

Which fixes a bypass in the dangling markup injection mitigation.

14. Sec-CH-Prefers-Reduced-Transparency User Preference Media Features Client Hints Header

User Preference Media Features Client Hints Header defines a set of HTTP Client Hints headers around user preference media features as defined by Media Queries Level 5. If used as Critical Client Hints, these headers allow servers to make smart choices regarding, e.g., CSS inlining.

Sec-CH-Prefers-Reduced-Transparency reflects the user’s prefers-reduced-transparency preference.

15. Standard compliant URL host punctuation characters

Make Chrome’s handling of URL host punctuation characters
standard compliant.

Examples:

Before:

const url = new URL(“http://exa(mple”😉;
url.href
‘http://exa%28mple/’

‘(’ is a forbidden character, however, Chrome permits it wrongly.

After:

const url = new URL(“http://exa(mple”😉;
=> throws TypeError: Invalid URL.

Before:

const url = new URL(“http://exa!mple”😉;
url.href
“http://exa%2Ample”;

‘!’ is permitted, but escaping punctuation characters is non-compliant.

After:

const url = new URL(“http://exa!mple”😉;
url.href
“http://exa!mple”;

Here is a the summary of changes in M119:

Notation:

• ‘ESC’: Allowed, but Chrome escapes it, which is non-compliant.
• ‘-’: Allowed.
• ‘0’: Forbidden. URL will be invalid if the host contains a forbidden
  character.

Warning: SPACE and ASTERISK is still non-compliant.

| | Before | After | Standard |
|-----±-------±------±---------|
| SPC | ESC | ESC | 0 |
| ! | ESC | - | - |
| " | ESC | - | - |
| # | ESC | 0 | 0 |
| $ | ESC | - | - |
| & | ESC | - | - |
| ’ | ESC | - | - |
| ( | ESC | - | - |
| ) | ESC | - | - |
| * | ESC | ESC | - |
| + | - | - | - |
| , | ESC | - | - |
| - | - |

16. User-Agent Client Hints on Android WebView

User-Agent client hints aims to reduce the gaps between Android and Android WebView because Android already supported User-Agent Client hints starting from M89. It also intends to deprecate and replace the User-Agent header in order to reduce the passive fingerprinting surface we expose via HTTP requests. Here we only propagate User-Agent client hints for the major user case, which is that the final custom User-Agent contains WebView default User-Agent.

17. WebCodecs AudioEncoder bitrateMode

Some audio codecs support specifying the audio encoder bitrate modes. This feature adds a “bitrateMode” flag with a default value of “variable” to WebCodec’s AudioEncoderConfig, which mirrors the config option and default already present for VideoEncoderConfig.

This flag will allow web authors to choose between encoding audio with a variable bitrate or a constant bitrate. Specific codec encoder implementations might have slightly different terminology (e.g. CBR vs VBR for Opus), but all of them should map to the general concept of “constant” versus “variable” bitrate.

The two options have the following effects:
“variable”: allows an audio encoder to increase or lower its bitrate according to the content of the audio it is encoding, in order to preserve bandwidth/binary-size, while still maintaining a target quality. For example, an encoder might lower its bitrate when encoding silence, and revert to a full bitrate when encoding speech.
“constant” : forces an audio encoder to maintain the same bitrate, regardless of the audio content. This can be useful when a predictable bandwidth consumption is preferable.

As of M119, this flag will affect two codecs on Chromium: Opus and AAC.

18. WebRTC Codec Selection API

This new API extends WebRTC encoding parameters to allow developers to choose a specific negotiated codec to be used for encoding an RTP stream.

19. Deprecate non-standard shadowroot attribute for declarative shadow DOM

The standards-track shadowrootmode attribute, which enables declarative Shadow DOM, was shipped in Chrome 111 1. The older, non-standard shadowroot attribute is now deprecated. During the deprecation period, both attributes are functional, however the shadowroot attribute does not enable the new streaming behavior, whereas shadowrootmode allows streaming of content. There is a straightforward migration path: replace shadowroot with shadowrootmode.

The old shadowroot attribute is deprecated as of Chrome M112, and it will be removed (no longer supported) in Chrome M119, which goes to Stable on November 1, 2023.

1 https://chromestatus/feature/5161240576393216

20. Deprecate and Remove WebSQL

The Web SQL Database standard was first proposed in April 2009 and abandoned in November 2010. Gecko never implemented this feature and WebKit deprecated this feature in 2019. The W3C encouraged those needing web databases to adopt Web Storage or Indexed Database.

Ever since its release, it has made it incredibly difficult to keep our users secure. SQLite was not initially designed to run malicious SQL statements, and yet with WebsQL we have to do exactly this. Having to react to a flow of stability and security issues is an unpredictable cost to the storage team. With SQLite over WASM as its official replacement, we want to remove WebSQL entirely.

chromium120 Features:31

1. CSS <transform-function>/<transform-list> Syntax for registered Custom Properties

Supports using the <transform-function> and <transform-list> syntaxes for custom properties registered with @property or registerProperty().

The syntax can be used to restrict values of the custom property to represent transforms. This also makes it possible to use transitions and animations directly on these registered custom properties.

2. Deprecate and remove Theora support.

Chrome will deprecate and remove support for the Theora video codec in desktop Chrome due to emerging security risks. Theora’s low (and now often incorrect) usage no longer justifies support for most users.

Notes:

• Zero day attacks against media codecs have spiked.
• Usage has fallen below measurable levels in UKM.
• The sites we manually inspected before levels dropped off were incorrectly preferring Theora over more modern codecs like VP9.
• It’s never been supported by Safari or Chrome on Android.
• An ogv.js polyfill exists for the sites that still need Theora support.
• We are not removing support for ogg containers.

Our plan is to begin escalating experiments turning down Theora support in M120. During this time users can reactivate Theora support via chrome://flags/#theora-video-codec if needed.

The tentative timeline for this is (assuming everything goes smoothly):

• ~Oct 23, 2023: begin 50/50 canary dev experiments.
• ~Nov 1-6, 2023: begin 50/50 beta experiments.
• ~Dec 6, 2023: begin 1% stable experiments.
• ~Jan 8, 2024: begin 50% stable experiments.
• ~Jan 16th, 2024: launch at 100%.
• ~Feb 2024: remove code and chrome://flag in M123.
• ~Mar 2024: Chrome 123 will roll to stable.

3. Fenced Frames - Enable leaving IGs, and ads report at top level navigation start (Chrome - 120)

We are adding three functionality changes to Fenced Frames:

1. Enable leaving ad interest groups from urn iFrames and ad component frames
   Currently calling navigator.leaveAdInterestGroup() without any argument only works in fenced frames. This change enables this API for supporting navigator.leaveAdInterestGroup() without any argument: a) in urn iframes and b) in ad component frames.

2. Introduce reserved.top_navigation_start/commit
   Fenced frames or URN iframes, when loaded through an API like Protected Audience or Shared Storage, can send out reporting beacons automatically if some event occurs. With this change, we are adding support for top-level navigation start events, in addition to the existing top-level navigation commit events.

3. WebAssembly Multi-Memory

Add support for more than one memory per WebAssembly module as specified in the WebAssembly Multi-Memory proposal: https://github/WebAssembly/multi-memory/blob/main/proposals/multi-memory/Overview.md

5. Accordion pattern using name attribute on <details> elements

This feature adds the ability to construct exclusive accordions using a sequence of HTML <details> elements. It adds a name attribute to the element. When this attribute is used, multiple <details> elements that have the same name form a group. At most one element in the group can be open at once.

6. Allow transferring ArrayBuffer into VideoFrame, AudioData, EncodedVideoChunk, EncodedAudioChunk, ImageDecoder constructors

This will allow detaching array buffers and using corresponding buffers inside VideoFrame, ImageDecoder, EncodedVideoChunk, EncodedAudioChunk, AudioData without a copy.

Explainer: https://gist.github/Djuffin/1c8fac486ca9f402be85074166e89a16

7. CSS :dir() pseudo-class selector

The :dir() CSS pseudo-class selector matches elements based on directionality, which is determined based on the HTML dir attribute. :dir(ltr) matches left-to-right text directionality, and :dir(rtl) matches elements with right-to-left text directionality. It is not equivalent to [dir] attribute selectors because it matches against directions inherited from an ancestor with the dir attribute, and because it matches against the direction computed from use of dir=auto (which determines directionality from the first character in the text with strong directionality).

8. CSS <image> Syntax for registered Custom Properties

Supports using the <image> syntax for custom properties registered with @property or registerProperty().

The <image> syntax can be used to restrict values of the custom property to url() values and generated images like gradients.

9. CSS <transform-function> and <transform-list> Syntax for registered Custom Properties

Supports using the <transform-function> and <transform-list> syntaxes for custom properties registered with @property or registerProperty().

The syntax can be used to restrict values of the custom property to represent transforms. This also makes it possible to use transitions and animations directly on these registered custom properties.

10. CSS Exponential Functions

Add css exponential functions: pow(), sqrt(), hypot(), log(), exp() to CSS math expressions.

11. CSS Font Loading API - FontFaceSet: check() method

The FontFaceSet’s check() function verifies whether it’s possible to display text using the specified fonts without attempting to utilize fonts in the FontFaceSet that have not completed loading. This allows users to safely employ the font without later triggering a font replacement (i.e., font swap).

12. CSS masking

CSS mask, and related properties such as mask-image, mask-mode, etc, are used to hide an element (partially or fully) by masking or clipping the image at specific points.

This feature unprefixes the -webkit-mask* properties and brings them up to spec. This includes mask-image, mask-mode, mask-repeat, mask-position, mask-clip, mask-origin, mask-size, and mask-composite, as well as the “mask” shorthand. Local mask-image references are supported, serialization now matches the spec, and accepted values now match the spec (for example, “add” instead of “source-over” for mask-composite).

13. Dedicated workers and Storage Access API

Dedicated workers will inherit the “storage access status” of the parent context. I.e., if a document obtains storage access via document.requestStorageAccess and then creates a dedicated worker, the worker will also have storage access (and be able to access unpartitioned cookies).

14. FedCM: Error API and AutoSelectedFlag API

Dedicated APIs to help developers and users to better understand the authentication flow. Both APIs are triggered post user permission to sign in to an RP with an IdP. i.e. after user clicking the “Continue as” button.

• With Error API, if user’s sign-in attempt is failed, the IdP can share the reasons with the browser to keep both users and RP developers updated.
• With AutoSelectedFlag API, both IdP and RP developers could have a better understanding about the sign-in UX, evaluate performance and segment metrics accordingly.

15. Fenced Frames M120 functionality updates

1. Additional format option for Protected Audience ad size macros
   In the Protected Audience API within the Privacy Sandbox, there is an opt-in feature that allows you to macro the size of the ad that wins the auction into the ad’s url, like:

https://ad?width={%AD_WIDTH%}&height={%AD_HEIGHT%}

(See https://github/WICG/turtledove/pull/417 for more details.)

To be more consistent with other types of macros in Protected Audience, like those used by deprecatedReplaceInURN and registerAdMacro, in M120 we’re adding the ability to use ${AD_WIDTH} and ${AD_HEIGHT} as the format for the macros in addition to the current format.

2. Automatic beacons will now send to all registered URLs.

Previously, only destinations specified when calling setReportEventDataForAutomaticBeacons() receive automatic beacons, even if that destination called registerAdBeacon() for “reserved.top_navigation” in their worklet. Now, any destination that called registerAdBeacon() for “reserved.top_navigation” will get an automatic beacon, but only destinations specified in setReportEventDataForAutomaticBeacons() will get automatic beacon data along with the beacon.

The “once” parameter in setReportEventDataForAutomaticBeacons() will now determine whether the data is sent out once, rather than determine if the entire beacon is sent once.

16. Generic Sensors WebDriver extension commands

This exposes WebDriver commands for creating, removing, querying and setting readings for so-called virtual sensors: sensors that do not depend on underlying hardware or operating system support and can be used for testing.

17. Intersection Observer Scroll Margin

Intersection Observer scrollMargin allows developers to observe targets inside nested scroll containers that are currently clipped away by the scroll containers. This is achieved by expanding the container’s clipping rect by the scrollMargin when calculating the intersection.

18. Media Queries: scripting feature

The scripting media feature is used to query whether scripting languages, such as JavaScript, are supported on the current document.

Valid options are ‘enabled’, ‘initial-only’, ‘none’. However, ‘initial-only’ never matches inside a browser.

19. Media Session API: enterpictureinpicture action

Adds an ‘enterpictureinpicture’ action to the Media Session API. Websites can register an action handler which can be used to open a Picture-in-Picture or Document Picture-in-Picture window.

20. Media query support for video <source> elements

Adds support for CSS media queries to elements used with elements. Allowing developers to use media query syntax to tell the browser which source should be preferred for a given environment.

21. MediaStreamTrack Stats (Video)

An API that exposes frame counters (delivered, discarded, total) for MediaStreamTracks of kind video. Audio stats will be covered by a separate chrome feature launch.

22. Permissions policy violation reports

This integrates the Permissions policy API with the Reporting API, allowing web developers to configure endpoints to which permissions policy violation reports will be sent, allowing site owners to see when disallowed features are being requested on their pages in the field.

It also includes the Permissions-Policy-Report-Only header, which enables reports to be sent based on a proposed policy (analogous to Content-Security-Policy-Report-Only) so that policy changes can be evaluated for potential breakage before implementing them in the regular, enforcing mode.

23. Relaxed CSS Nesting

Allows nested style rules to begin with an identifier.

24. Remove data: URL in SVGUseElement

Assigning a data: URL in SVGUseElement can cause XSS. And this also led to a Trusted Types bypass.

Therefore, we plan to deprecate and remove support for it.

25. Remove same-origin blanket enforcement in CSPEE

Removes a special treatment for same-origin iframes from CSP Embedded Enforcement.
This aligns the behavior of enforcing CSP Embedded Enforcement for cross-origin iframes and same-origin iframes.

26. The Login Status API and its use in FedCM

The Login Status API 1 (formerly IdP Sign-in Status API) allows identity providers to signal to the browser when their users are logging-in/out. Our goal is to open this up to other websites in the future. This signal, in this intent, is used by FedCM to address a silent timing attack, and in doing so, allows FedCM to operate without third party cookies altogether. This update would address the last remaining backwards incompatible changes we had previously identified in the original I2S of FedCM 2 as part of our scope of work. In the future, we expect that the Login Status API may also be used outside of FedCM (e.g. the Storage Access API [3]) and may be useful for websites that are not identity providers (e.g. extending browser storage [4]). 1 https://github/fedidcg/login-status 2 https://groups.google/a/chromium/g/blink-dev/c/URpYPPH-YQ4/m/E9pgS7GEBAAJ [3] https://github/fedidcg/login-status#storage-access-api [4] https://github/fedidcg/login-status#extending-site-data-storage

27. URL.canParse

A static operation to determine whether a URL string is valid. More concise than catching an exception thrown from the URL constructor.

28. View Transitions: making callback non-nullable

The startViewTransition call currently takes an optional nullable callback type with a default value of null:
startViewTransition(optional UpdateCallback? callback = null)

This feature changes this to be a non-nullable type:
startViewTransition(optional UpdateCallback callback)

More details:
https://github/w3c/csswg-drafts/issues/9460

29. WebGPU f16 support

Allows for the use of the half-precision floating-point type f16 in WebGPU shaders (WGSL).

Developers can use the ‘shader-f16’ feature from the WebGPU spec and the ‘f16’ extension from the WGSL spec to access 16-bit floating point variables and APIs in their shaders.

30. WebGPU maxBindGroupsPlusVertexBuffers limit

The WebGPU maxBindGroupsPlusVertexBuffers limit is the maximum number of bind group and vertex buffer slots used simultaneously, counting any empty slots below the highest index. It is validated in createRenderPipeline() and in draw calls.

This change adds maxBindGroupsPlusVertexBuffers to the GPUSupportedLimits interface, and as an accepted key by the GPUDeviceDescriptor.requiredLimits record.

31. Unprefix -webkit-background-clip for text and make it an alias

It allows to use the unprefixed version for background-clip: text and makes -webkit-background-clip an alias for background-clip.

Also, it drops support for non-suffixed keywords (content, padding and border) for better round-trip with alias.

chromium121 Features:27

1. Support in Chrome for the VoiceIsolation getUserMedia constraint

This is about adding support in Chrome for the VoiceIsolation getUserMedia constraint (https://w3c.github.io/mediacapture-extensions/#voiceisolation-constraint).
The constraint only takes effect on platforms where there is low-level support for voice-isolation style denoising. Currently this is limited to a selected number of ChromeOS devices, but further platforms will be added.

2. Array.fromAsync

Array.fromAsync is the async version of Array.from. It takes async iterables, iterates them, and collects the results into an array.

3. CSS Scrollbars: scrollbar-color, scrollbar-width

The CSS Scrollbars spec allows authors to style scrollbars by specifying their colors and thickness. This spec adds the following two properties.

The scrollbar-color property provides the capability of changing the color scheme of scrollbars so they fit better into the particular style of a web page.

The scrollbar-width property allows the use of narrower scrollbars that may be more suitable for some use cases, or even to hide the scrollbars completely without affecting scrollability.

4. CSS font-palette property animation

The CSS font-palette property allows selection of a specific palette used to render a color font. With the newly added support for animating this property, transitioning between palettes is no longer a discrete step, but becomes a smooth transition between two selected palettes. This works everywhere in CSS animations and transitions.

5. CSS spelling and grammar features

CSS highlight pseudo-elements for styling text that the UA has flagged as misspelled or grammatically incorrect, and line decorations exposing the UA’s default decorations for spelling and grammar errors.

These features allow authors to choose more legible colors for the default spelling and grammar errors, highlight misspelled words with background colors or other decorations, and implement custom spell checking with native appearance.

6. Document picture-in-picture: require user gesture for resize APIs

This enables the resizeBy() and resizeTo() Windows methods on document picture-in-picture windows, but with the added restriction of a user gesture requirement to mitigate the abuse potential

7. EditContext API

The EditContext API simplifies the process of integrating a web app with advanced text input methods such as VK shape-writing, Handwriting panels, speech recognition, IME Compositions etc., improves accessibility and performance, and unlocks new capabilities for web-based editors.

8. Feature detection for supported clipboard formats

Currently during async clipboard write operation, there is no way for the web authors to detect if a particular mime type is supported by the UAs or not before attempting to actually write the formats to the clipboard. This not only affects developer ergonomics as now web authors have to attempt to write to the clipboard first in order to find out whether write failed due to a particular mime type not supported by the UAs (or sometimes add version checks that are unreliable at best), but also leads to unnecessary cost in terms of CPU cycles, COGS etc in order to produce an expensive web custom format which may not be supported by a particular browser.

9. HTMLSelectElement showPicker()

Developers have been asking for a way to programmatically open the option picker of a select element. See https://www.google/search?q=programmatically+open+select+site%3Astackoverflow

This is currently impossible in almost every browser. Providing showPicker() gives developers a supported way to do this. Following the pattern of input.showPicker().

10. Improved CSS masking for SVG

This is a follow-on to the improved CSS mask support in chromium 120 (https://chromestatus/feature/5839739127332864) and adds new mask support to SVG (multiple masks, as well as mask-mode, mask-composite, mask-position, and mask-repeat). In addition, remote SVG masks (e.g., mask: url(masks.svg#star)) are now supported.

Explainer: https://docs.google/document/d/1IzQv56NzfV1hA6YPr2j1chtb5qijNxykkYY7JyccZgc/edit?usp=sharing

11. MediaCapabilities: Query HDR support with decodingInfo()

Extends the Media Capabilities API to allow detection of HDR rendering support via three new VideoConfiguration dictionary fields: hdrMetadataType, colorGamut, transferFunction.

Chromium implements its own tone-mapping algorithms so will always return true for HDR10 (smpteSt2086) static metadata. smpteSt2094-40 (HDR10+) and smpteSt2094-10 dynamic metadata are not currently supported, so will return false.

We anticipate adding support for dynamic metadata in the future, so this API will allow developers to select the appropriate content for users with support.

12. Multiple Readers and Writers in File System Access API

Currently, only one FileSystemSyncAccessHandle may be open at a time per file, preventing an origin from reading and writing to the same file from multiple tabs easily. Conversely, multiple FileSystemWritableFileStreams can be simultaneously open, letting multiple writers clobber each other.

Introducing new locking modes for FileSystemSyncAccessHandle and FileSystemWritableFileStream allows opening either multiple readers/writers or an exclusive writer to a file entry, depending on the application’s use case.

13. No-Vary-Search Hint for Prefetch Speculation Rules

Adds a hint to speculation rules that informs the navigation prefetch cache that the URL to be prefetched expects to receive the same No-Vary-Search header in the response.
The hint is useful because prefetches that depend on No-Vary-Search to match to navigations do not benefit the user if the navigation happens before prefetch headers return from the server. Using the hint, the web browser will expect, but verify, that the No-Vary-Search hint matches with the No-Vary-Search header. If the No-Vary-Search hint does not match the No-Vary-Search header received then the web browser will send a new request.

14. No-Vary-Search support in navigation prefetch cache

Enables prefetch to match even if URL query parameters change. The No-Vary-Search HTTP response header declares that some or all parts of a URL’s query can be ignored for cache matching purposes. It can declare that the order of query parameter keys should not cause cache misses, that specific query parameters should not cause cache misses or that only certain known query parameters should cause cache misses. It could apply to multiple caches, but this entry refers to support for prefetch cache.

15. Private Aggregation API: aggregation coordinator selection

Modification to the Private Aggregation API to provide a mechanism for selecting which coordinator to use for payload encryption (from an vendor-specified allowlist). The choice of service is made with an additional option in Shared Storage’s run() and selectURL() calls, and in Protected Audience’s runAdAuction() and joinAdInterestGroup() calls. The broad approach largely aligns with Attribution Reporting’s approach (see https://chromestatus/feature/5197591256236032).

16. Protected Audiences k-Anonymity Enforcement

The Protected Audience API (formerly known as FLEDGE) is a Privacy Sandbox proposal to serve remarketing and custom audience use cases, designed so third parties cannot track user browsing behavior across sites. The k-anonymity enforcement feature enhances user privacy by limiting ads that can win protected audience auctions to those ads that are k-anonymous. Enforcing the k-anonymity requirement improves user privacy and limits the ability of advertisers to target specific users by requiring each ad be shown to a minimum number of users. Details for the timeline for k-anonymity enforcement is in https://developers.google/privacy-sandbox/relevance/protected-audience-api/k-anonymity

17. Remote Playback API

This specification defines an API extending the HTMLMediaElement that enables controlling remote playback of media from a web page. In M56, this will work on Android only (desktop will report no devices available) with the desktop backend being added later.

18. Ruby-specific display values

New CSS display property values, “ruby” and “ruby-text”, are added.

The default display values of and are changed to “ruby” and “ruby-text” respectively, and ruby layout respects these display values. Web authors can use any elements such as

to render ruby by setting the new display values.

19. Speculation rules: delivery via Speculation-Rules header

Currently developers can only specify speculation rules using inline script tags. The proposed feature provides an alternative through the “Speculation-Rules” header. Its value must be a URL to a text resource with “application/speculationrules+json” MIME type. The resource’s rules will be added to the document’s rule set.

20. Speculation rules: document-sourced rules

An extension to speculation rules syntax that lets the browser obtain URLs for speculation from link elements in a page. They may include criteria which restrict which of these links can be used.

21. Speculation rules: eagerness field

To make the web user experience more instant, the user agent (UA) could pre-connect to the server, prefetch resources, or prerender them ahead of time. These actions are referred to as preloading actions. Since performing any preloading action may cause side effects (e.g. log the user out) and has an overhead (e.g. extra data/cpu usage), to perform the action the UA should know if the action is safe to perform and also if it is worth performing.

Being able to consistently determine which actions are safe for a given target without feedback from the developer is not an easy task. Speculation rules expose the necessary API to let developers specify that.

Adding the eagerness field to the speculation rules will let the developers control how eagerly the browser preloads links in order to balance the performance advantage against resource overhead. This field accepts one of “conservative”, “moderate” or “eager” strings as the value, and it is applicable to both “prefetch” and “prerender” actions and both “list” or “document” sources. If not explicitly specified, list rules default to “eager” and document rules default to “conservative”.

22. SpeechSynthesis and SpeechSynthesisVoice interface objects

This is about the interface objects for SpeechSynthesis and SpeechSynthesisVoice, not about the functionality itself which was already supported. These interfaces should be exposed according to spec.

Feature detection using window.speechSynthesis was already possible, but this makes feature detection using SpeechSynthesisVoice.prototype possible.

Note that SpeechSynthesisEvent, SpeechSynthesisErrorEvent and SpeechSynthesisUtterance interface objects were already exposed.

23. URLPattern: Inherit left, wildcard right

Behavior changes to patterns which are constructed using a base URL, the constructor string syntax, or both – but not any pattern which explicitly specifies components separately without a base URL.

• Components are not inherited from a base URL if an “earlier” component is explicitly specified.
• In the string format, unspecified “later” components are implicitly wildcarded, rather than required to be empty (with the exception of the port, which is always taken to be specified when the hostname is).
• Username and password are never implicitly specified or inherited.

This makes patterns more expansive than before, in cases where wildcards are likely to be desirable.

See https://github/whatwg/urlpattern/pull/198.

24. URLPattern: RegExp v flag instead of u

The URL Pattern API allows developers to specify pattern strings. Those are transformed to regular expressions internally.

When the API was first implemented, these regular expressions were compiled with the u flag. We’re going to update it to the v flag, enabling Unicode sets.

25. WebGPU default entry points to shader modules

WebGPU now allows developers to omit entry points to shader modules when creating a pipeline, improving ergonomics. If no default entry point is found, a GPUValidationError will be triggered as usual.

26. WebGPU timestamp queries

WebGPU timestamp queries allow WebGPU applications to measure precisely (down to the nanosecond) how much time their GPU commands take to execute, especially at the beginning and end of passes. Timestamp queries are heavily used to gain insights into the performance and behavior of GPU workloads.

While the WebGPU specification makes timestamp queries an optional feature due to timing attack concerns, we believe that timestamp queries quantization provides a good middle ground by reducing the precision of timers with a resolution of 100 microseconds.

27. Discard Input Events To Recently Moved Cross-Origin Iframes

If a cross-origin iframe has moved recently within its embedding page, then we will silently discard events targeting the iframe. The rationale is that if the iframe moved recently, it is likely that the user did not intent to click or tap on it. For more information about the risks of mis-clicks:

https://www.w3/Security/wiki/Clickjacking_Threats#Repositioning_the_trusted_window

This intervention shipped in limited form in 2019: it only affected iframes containing script using V2 features of IntersectionObserver (i.e. occlusion/effect detection). This launch expands this behavior to all cross-origin iframes, regardless of whether they are using IntersectionObserver V2.

chromium122 Features:18

1. Async Clipboard API: Read unsanitized HTML.

This proposal provides an unsanitized option in read() method to get unsanitized HTML format… Unless sites choose to adopt the new API, reading from the clipboard will be sanitized.

Currently, when we read text/html MIME types using the async API, the sanitizer is invoked to strip out contents from the HTML markup due to security concerns, and styles are inlined in the HTML, which leads to a bloated HTML payload and loss of fidelity of HTML content when read by web authors or native apps. Currently, Firefox provides access to unsanitized HTML via DataTransfer APIs, which matches Chromium’s behavior, and Safari only allows access to unsanitized HTML if it’s being read within the same origin.

2. Enable clipboard access via Async Clipboard API in event handlers

This change removes the requirement for the “clipboard-read” permission when using the Async Clipboard API from within a “paste” event handler.

It also applies to writing to the clipboard inside a “copy” or “cut” event, although writing plain text to the clipboard was already permitted on ANY user gesture, so this is a less notable change.

Browser vendors differ in the details of how they permit access to the Async Clipboard API, but this change brings Chromium into alignment with other vendors and the specification 1 which states that read access is to be permitted when

the current script is running as a result of user interaction with a “Paste” element created by the user agent or operating system.

1 https://www.w3/TR/clipboard-apis/

3. InputDeviceInfo.getCapabilities() for unavailable devices

Make InputDeviceInfo.getCapabilities() return empty for cameras that are unavailable to the UA because they are opened in exclusive mode by other applications.
The only platform affected in practice is Windows, which is the only platform that exhibits the issue.

4. Navigational prefetch: follow redirects

Today, Chromium does not follow redirects when prefetching for navigation (most notably from speculation rules). With this change, it will follow redirects, even cross-origin and cross-site redirects.

This is consistent with following redirects during other kinds of fetches, though additional privacy constraints apply to cross-site navigational prefetches.

5. Set IndexedDB transaction durability to relaxed by default

IndexedDB offers two durability modes for readwrite transactions: relaxed and strict. This may be specified via the optional options struct when creating a transaction. See https://developer.mozilla/en-US/docs/Web/API/IDBDatabase/transaction for more details.

If not specified, the current default in Chromium is strict. Due to performance considerations, we plan to change the default to relaxed, which also aligns Chromium with FireFox and Safari.

Blog post: https://developer.chrome/blog/indexeddb-durability-mode-now-defaults-to-relaxed

6. Allow setting IDP login status from same-site subresources

We now also allow same-site (same eTLD+1) subresources to set a login status (for the origin of the subresource). This is useful for IdPs where the IdP login happens on one subdomain, but the FedCM endpoint is on a different subdomain. To make sure that FedCM works correctly, the login status needs to be set on the FedCM subdomain.

7. CSS @container with unsupported Features never match

@container selectors that contain unsupported queries will never select any containers, meaning they will never match.

That means this query will never match any container even if there is a size container that will match the width query that would otherwise make the selector match in cases like this:

@container (width > 0px) or (unknown) {}

This is a recent change to the specification to avoid forward-compatibility issues.

8. CSS Pseudo Element ::backdrop inheriting from Originating Element

The ::backdrop pseudo element used to inherit from initial values. That meant ::backdrop could not use custom property values unless specified directly on the ::backdrop rule.

The specification has now changed so that ::backdrop inherits from the originating element, and with that the implementation.

9. CSS supports() condition for @import

It allows to import stylesheets and layers conditioned on supports(). If the support() doesn’t match, the import will not be fetched.

10. Do not delete File kind objects in dataTransfer.clearData()

As per the spec https://html.spec.whatwg/multipage/dnd.html#dom-datatransfer-cleardata, clearData() does not affect the File objects. It only deletes the text kind objects.

More info: https://docs.google/document/d/1Y8WW9kxQQ6Q0YCo3FQkLQBIJWb2c9fZBBOOT7YUkU8o/edit?usp=sharing

11. FedCM: disconnect

Allows disconnecting a federated login account via the relying party website. With the disconnect API, a relying party may notify the identity provider that a previously used account is now disconnected, and hence using that account again via federated login would require treating it as a new account.

12. Interoperable mousedown event cancellation in iframe

Make mouse event targets agnostic to mousedown event cancellation when the pointer is dragged out of an iframe.

When the mouse is dragged out of an iframe, all browsers (including Chrome) send mousemove and mouseup events to the iframe. However, if the mousedown event is cancelled, Chrome today maintains an old WebKit exception that mousemove and mouseup events are sent to the outer frame. WebKit removed this exception last year, and Mozilla never showed this behavior in recent years. This feature will remove the Chrome-only exception for this special case.

13. Iterator helpers

Iterator helpers are new methods on iterator prototype to allow general usage and consumption of iterators.

14. RTCRtpSender setParameters() extensions for requesting the generation of a key frame

Adds an optional second parameter to WebRTC’s RTCRtpSender.setParameters call which can be used to ask the associated encoder to generate a key frame.

15. Set methods

Set methods are new methods like union and intersection that are added to JavaScript’s built-in Set class.

16. Storage Buckets API

Storage Buckets gives sites the ability to organize on-device data into separate “buckets”, allowing user agents to evict the grouped data independently of that which is in other buckets, and enabling sites to ergonomically manage semantically related data. Each storage bucket can contain data associated with established storage APIs such as IndexedDB and CacheStorage.

17. URLPattern: hasRegExpGroups

Allows easy inspection of whether a URLPattern uses one or more ECMAScript regular expression groups, and therefore may not be suitable for use in cases where an ECMAScript engine is not available (such as some upcoming planned APIs).

Strictly speaking this reflects back something developers could know anyway from inspecting the pattern, but having easy access to the UA’s implementation of this check makes that more straightforward.

18. WebGL drawingBufferStorage

WebGL allows rendering into textures and renderbuffers of many different pixel formats (e.g, 8-bit, floating-point, sRGB-encoded, etc).

The drawing buffer of WebGL (the buffer that is passed to the compositor) is 8-bit by default. This feature allows WebGL to configure the pixel format of this drawing buffer.

This feature enables WebGL developers to:

• avoiding an an extra copy convert their rendering to the default drawing buffer pixel format
• draw content that has a more than 8 bits of precision

The latter feature unlocks several additional applications

• very wide color gamut content without loss of precision
• medical applications which require >8 bits of precision
• high dynamic range applications (when available)

chromium123 Features:24

1. ‘pagereveal’ event

The pagereveal event is fired on a Document’s window object at the first render opportunity after a Document is: initially loaded, restored from the back-forward cache, or activated from a prerender.

It can be used by a page author to setup a page entry UX - such as a ViewTransition from a previous state.

This feature is split out from the larger ViewTransition-on-Navigation project.

2. Allow for WebAuthn credential creation in a cross-origin iframe

This feature allows web developers to create WebAuthn0 credentials
(that is, “publickey” credentials, aka passkeys) in cross-origin iframes.
Two conditions are required for this new ability:

1. The iframe has a publickey-credentials-create-feature permission policy.
2. The iframe has transient user activation.

This will allow developers to create passkeys in embedded scenarios, such as after an identity step-up flow where the Relying Party is providing a federated identity experience.

3. CJK punctuation kerning: the CSS text-spacing-trim property

Applies the kerning to CJK punctuation characters to produce the visually pleasing typography as defined by JLREQ (Requirements for Japanese Text Layout) and CLREQ (Requirements for Chinese Text Layout).

Many CJK punctuation characters include glyph-internal spacing. For example, the CJK full stop and the CJK close parenthesis usually have glyph-internal spacings on the right half of their glyph spaces, to give them a constant advance as other ideographic characters. But when they appear in a row, the glyph-internal spacings become excessive. This feature adjusts such excessive spacing.

This feature adjusts the glyph-internal spacing for three cases: 1) adjacent characters (pair kerning), 2) at the line start, and 3) at the line end. To avoid the risk of excessive kerning, fonts must have the OpenType halt or chws feature, or both. If the font doesn’t have either feature, the effect is disabled.

This feature implements 4 values: normal, trim-start, space-all, and space-first.

4. CSS light-dark() Color Function

Allows authors to provide separate colors for light and dark color-schemes on a per element basis.

System colors and UA form controls are rendered with different colors depending on the color-scheme set on an element. Authors can have the same possibility through the light-dark() function:

#target {
background-color: light-dark(lime, green);
}

The #target element will have a green background if the used color-scheme for the element is ‘dark’. Otherwise, the background will be lime.

5. CSS paint-order for non-SVG text

Adds support for the existing CSS property paint-order. This change only affects html (non-SVG) text; SVG text already supports paint-order via attribute or CSS property.

6. CSS picture-in-picture display mode

Adds support to the CSS display-mode media feature for picture-in-picture. This allows web developers to write specific CSS rules that are only applied when (part of the) the web app is shown in picture-in-picture mode.

7. CSSKeyframesRule.length

Exposes length attribute of CSSKeyframesRule. Interfaces that support indexed properties must define an integer-typed attribute named “length”.

8. Document picture-in-picture: allow Window’s focus() API to focus opener

This enables opener.focus() from a document picture-in-picture window to bring system-level focus to the tab that owns the document picture-in-picture window.

This allows developers to bring the original tab back to the foreground when necessary, e.g. when the user needs to access a more full UI/experience that doesn’t fit in the smaller picture-in-picture window.

9. Import attributes ‘with’ syntax

Import attributes^{1 are a JavaScript feature to allow annotating import declarations, for example `import xxx from “mod” with { type: “json” }'.}

Chrome originally shipped a previous version of the proposal (in M91) using ‘assert’ as the keyword. This version has then been updated to use ‘with’ due to some changes needed while integrating it with HTML for JSON and CSS modules^2.

10. Long Animation Frame Timing

This is a extension of long tasks. It measures the task together with its subsequent rendering update, adding information such as long running scripts, rendering time, and time spent in forced layout and style (“layout thrashing”).

Developers can use this as a diagnostic for “sluggishness”, which is measured by INP, by finding the causes for main-thread congestion which is often the cause for bad INP.

11. NavigationActivation

navigation.activation stores state about when the current Document was activated (e.g., when it was initialized, or restored from the back/forward cache).

12. Private Aggregation debug mode for auctionReportBuyers reporting

Adds support for Private Aggregation’s debug mode for the per-buyer extended Private Aggregation reporting to Protected Audience sellers (aka auctionReportBuyers reporting). This is done with a new, optional auctionReportBuyerDebugModeConfig field passed to runAdAuction().

auctionReportBuyers reporting is currently the only use of Private Aggregation reports that does not have a way to enable its debug mode (a temporary mechanism tied to third-party cookie eligibility that relaxes some of the API’s privacy constraints to allow for easier debugging and integration).

13. ServiceWorker static routing API

This API allows developers to configure the routing, and allows them to offload simple things ServiceWorkers do. If the condition matches, the navigation happens without starting ServiceWorkers or executing JavaScript, which allows web pages to avoid performance penalties due to ServiceWorker interceptions.

14. WGSL: packed 4x8 integer dot product (DP4)

Functionality added to the WebGPU/WGSL spec after its first shipment in a browser. Adds support new WGSL builtins to work with 4 8-bit numbers packed in a u32. The new dot product functionality is especially useful for executing machine learning models that work on 8-bit weights.

15. WGSL: pointer composite access

Functionality added to the WebGPU/WGSL spec after its first shipment in a browser. Provides better ergonomics for accessing member of a composite through a pointer. For example (*ptr).i can now be written ptr.i.

16. WGSL: unrestricted pointer parameters

Functionality added to the WebGPU/WGSL spec after its first shipment in a browser. Loosens restrictions on which pointers can be passed to WGSL functions such that pointers to storage/uniform/workgroup address spaces are allowed.

17. WebGPU: separate Read-only depth-stencil

Functionality added to the WebGPU/WGSL spec after its first shipment in a browser. Loosens a restriction where using readonly depth-stencil attachments in a render pass required both aspects (depth and stencil) to be readonly. This was too strict, and prevent use-cases where for example the depth is used readonly for contact shadow tracing, while the stencil buffer is written to do identify pixels for further processing. (Both Unity and Unreal do things with mixed depth-stencil readonliness).

18. Zstd Content-Encoding

Zstandard, or “zstd”, is a data compression mechanism described in RFC8878. It is a fast lossless compression algorithm, targeting real-time compression scenarios at zlib-level and better compression ratios. The “zstd” token was added as an IANA-registered Content-Encoding token as per https://datatracker.ietf/doc/html/rfc8878#name-content-encoding.

Adding support for “zstd” as a Content-Encoding will help load pages faster and use less bandwidth, and spend less time and CPU/power on compression on our servers, resulting in reduced server costs.

19. align-content CSS property for blocks

align-content CSS property works for block containers and table cells.

The property worked only for flex containers and grid containers. It supports block containers and table cells, that is to say display: block, display: list-item, display: table-cell, etc.

20. blocking=render on inline module scripts

Currently

See https://github/whatwg/html/issues/10034

21. field-sizing CSS property

By ‘field-sizing’ property, web authors can disable fixed default sizes of form controls, and make their size depend on their content. It’s very easy to provide automatically-growing text fields.

22. Add JavaScript timer wake up alignment for unimportant cross-origin frames

Align wake ups of JavaScript timers for unimportant cross-origin frames.

Currently, DOM timers <32ms are all opt-out from AlignWakeUps 1 due to performance concerns. This is very conservative and actually some unimportant frames are eligible to use JS timer alignment. WebKit uses the policy to align DOM timer of non-interacted cross origin frames to 30ms.

This feature adds JavaScript timer wake up alignment for unimportant frames on foreground pages. Unimportant frames have 3 criteria: they are cross origin, visible but have non-large proportion of page’s visible area, and have no user interaction. All 3 conditions should be met. The alignment interval is 32ms.

1 https://chromium-review.googlesource/c/chromium/src/+/4589092

23. Back/forward cache NotRestoredReason API

NotRestoredReason API reports the list of reasons why a page is not served from BFcache in a frame tree structure, via PerformanceNavigationTiming API.

24. Cross App and Web Attribution Measurement

Extends the Attribution Reporting API to allow attributing conversions that happen on the web to events that happen off the browser, within other applications.

The proposal here takes advantage of OS-level support for attribution. In particular, it gives the developer an option to allow events on the mobile web to be joinable with events in Android’s Privacy Sandbox, although support for other platforms could also be implemented.

chromium124 Features:21

1. ‘pageswap’ event

The pageswap event is fired on a Document’s window object when a navigation will replace this Document with a new Document. The event provides activation info about the navigation (type, NavigationHistoryEntry for the new Document).

If the navigation has a cross-document ViewTransition, the event is dispatched before capturing state for the old Document. This allows the page-author to configure the old state captured for the transition based on the navigation’s activation info and the current visual state of the old Document.

This feature is split out from the larger ViewTransition-on-Navigation project.

2. Async Clipboard: SVG support

Adds image/svg+xml standard type support to the Async Clipboard API. The current implementation of the Async Clipboard API only supports text/plain, image/png, and text/html standard types. SVG images are popular due to their ability to encode images in a space efficiently and their ability to maintain image quality even when zooming in.
Note that image/svg+xml as a standard type is not supported in DataTransfer APIs.

3. Form Controls Support Vertical Writing Mode Direction Support

CSS property writing-mode allow elements to go vertical, but users cannot set the direction in which value changes.

With this feature, we are allowing the form control elements meter, progress and range input type to have vertical writing mode and choose the form control’s value direction. If direction is rtl, the value is rendered from bottom to top. If direction is ltr, the value is rendered from top to bottom.

For Web compatibility, we plan to slowly rollout the change in 123 and enable in stable in 124.

4. Shadow root clonable attribute

This enables individual control over whether a shadow root is clonable (via standard platform cloning commands such as cloneNode()). Imperative shadow roots can now be controlled via a parameter to attachShadow({clonable:true}). Declarative shadow roots can be controlled via a new attribute, <template shadowrootmode=open shadowrootclonable>.

5. SharedWorker script inherit controller for blob script URL

According to https://w3c.github.io/ServiceWorker/#control-and-use-worker-client, workers should inherit controllers for the blob URL. However, existing code allows only dedicated workers to inherit the controller, and shared workers do not inherit the controller.

This is the fix to make Chromium behavior adjust to the specification.

6. Update LongTask code to use Long animation frames as a backend

Using the LoAF implementation for reporting longtasks is an implementation detail, but it would have the following web-observable impact:

• we would stop reporting longtasks for hidden tabs
• a few longtask bugs would disappear, resulting in more reported longtasks

Note that this would not affect the Lighthouse TBT score, that anyway relies on trace events.

7. ‘priority’ HTTP request header

This feature adds the ‘priority’ request header for all HTTP requests with the priority information for the request at the time that it was sent.

RFC 9218 (Extensible Prioritization Scheme for HTTP) defines a ‘priority’ HTTP request header to use for signaling request priority to origins (and intermediaries). It also defines negotiation processes and protocol-level frames for HTTP/2 and HTTP/3 to carry the same priority information.

The header can only signal the initial priority for a resource when it was first requested while the frame-based mechanisms allow for modifying the priority after the fact.

The header can operate end-to-end to the origin servers (and provide a mechanism for the origin to override the priority if recognized by intermediaries) while the frames are limited to operating on a link level.

This feature is specifically for supporting the header-based prioritization scheme.

8. ‘writingsuggestions’ attribute

UAs are starting to provide writing suggestions to users as they type on various editable fields across the web. While this is generally useful for users, there are cases when developers may want to turn off UA-provided writing assistance, such as extensions or sites that wish to provide similar functionality on their own. To that end, developers need a solution that would turn on/off UA-provided writing assistance.

The new attribute ‘writingsuggestions’ has values ‘true’/‘false’ that would allow developers to turn on/off browser-provided writing suggestions. The attribute’s state for an element can also be inherited from ancestor elements, thereby allowing developers to control this functionality at a per-element or per-document/sub-document scale.

9. Document Render-Blocking

This feature enables authors to block rendering of a Document until the critical content has been parsed, ensuring a consistent first paint across all browsers. Without this feature, the first paint’s state depends on the heuristics for parser yielding which can vary across browsers.

This is particularly important for View Transitions where the parsed DOM state on the first frame can drastically change the transition created.

Note that this feature specifically implements a
<link rel=expect href="#id"> syntax that allows a link element to reference another expected element on the page. The rendering is then blocked until the expected element is fully parsed. This supersedes previous implementation of html attribute that allows the whole document to be render blocked.

10. Document picture-in-picture: add option to hide back-to-tab button

This adds a new parameter (“disallowReturnToOpener”) to the document picture-in-picture API that, when set to true, hints to the user agent that they should not show a button in the picture-in-picture window that allows the user to return to the opener.

While having a button to return content to the opener always makes sense in the video picture-in-picture case (the video stream can be returned to the video element in the opener tab), this is not always the case for document picture-in-picture experiences. This gives developers more control over the user experience when they determine that such a button does not make sense for their use case.

11. Permissions Prompt for Web MIDI API

# Rationale

There have been several reported problems around the Web MIDI API’s drive-by access to client MIDI devices.1 To address this problem, the Audio WG decided to place an explicit permission on the general MIDI API access.[3][4] Originally, the explicit permission was only required for advanced MIDI usage (System Exclusive messages) in Chrome, but the completion of this work will expand the scope of the permission even to regular MIDI API usage.

# Project Scope

This feature gates the Web MIDI API access behind a permissions prompt. Today the use of SysEx messages with the Web MIDI API requires an explicit user permission. With this implementation, even access to the Web MIDI API without SysEx support will require a user permission.

1 https://crbug/1251044
2 https://www.phpied/nightmare-scenarios-with-webmidi/
[3] https://www.w3/TR/webmidi/#requestmidiaccess
[4] https://webaudio.github.io/web-midi-api/#permissions-integration

12. Private Network Access permission to relax mixed content

In order to establish connections to devices on a local network that do not have globally unique names, and therefore cannot obtain TLS certificates, this feature introduces a new option to fetch() to declare a developers’ intent to talk to such a device, a new policy-controlled feature to gate each sites’ access to this capability, and new headers for the server’s preflight response to provide additional metadata.

13. SVG context-fill and context-stroke

Implements an existing SVG feature that allows the keywords ‘context-fill’ and ‘context-stroke’ when specifying fill and stroke properties:

https://svgwg/svg2-draft/painting.html#context-paint

This only affects SVG sub-trees that are instantiated via a element, and elements that are instantiated via the ‘marker’ property on a element. In those circumstances, ‘context-fill’ and ‘context-stroke’ are resolved to the value of the ‘fill’ and ‘stroke’ properties on the <use> or <path>.

14. Streams API: ReadableStream async iteration

The streams APIs provide ubiquitous, interoperable primitives for creating, composing, and consuming streams of data. This change adds support for the async iterable protocol to the ReadableStream API, enabling readable streams to be used as the source of for await…of loops.

15. WebGPU: ServiceWorker and SharedWorker support

Functionality added to the WebGPU spec after its first shipment in a browser.

ServiceWorker and SharedWorker support is added to WebGPU, aligning with existing WebGL capabilities.

16. WebGPU: read-write storage textures

Functionality added to the WebGPU/WGSL spec after its first shipment in a browser. Adds support for (read-only and) read-write storage textures which allow more general access to texture memory for GPU computation and can unlock more advanced graphical algorithms. This feature has been request by developers very often.

17. WebSocketStream

The WebSocket API provides a JavaScript interface to the RFC6455 WebSocket protocol. While it has served well, it is awkward from an ergonomics perspective and is missing the important feature of backpressure. The intent of the WebSocketStream API is to resolve these deficiencies by integrating WHATWG Streams with the WebSocket API.

18. Windows ClearType Text Tuner Integration

This feature tracks the work to support picking the contrast and gamma values from the Windows ClearType Text Tuner setting and applying them to Skia text rendering. This ensures that users’ text rendering preferences are respected on Windows devices.

19. jitterBufferTarget

JitterBufferTarget attribute allows applications to specify a target duration of time in milliseconds of media for the RTCRtpReceiver’s jitter buffer to hold. This influences the amount of buffering done by the user agent, which in turn affects retransmissions and packet loss recovery. Altering the target value allows applications to control the tradeoff between playout delay and the risk of running out of audio or video frames due to network jitter.

20. setHTMLUnsafe and parseHTMLUnsafe

The setHTMLUnsafe and parseHTMLUnsafe methods allow Declarative ShadowDOM to be used from javascript. In the future, they may also get new parameters for sanitization.

21. X25519Kyber768 key encapsulation for TLS

Starting in Chrome 124, Chrome enables by default on all desktop platforms a new post-quantum secure TLS key encapsulation mechanism X25519Kyber768, based on a NIST standard (ML-KEM). This protects network traffic from Chrome with servers that also support ML-KEM from decryption by a future quantum computer. This is exposed as a new TLS cipher suite. TLS automatically negotiates supported ciphers, so this change should be transparent to server operators. This cipher will be used for both TLS 1.3 and QUIC connections.

However, some TLS middleboxes might be unprepared for the size of a Kyber (ML-KEM) key encapsulation, or a new TLS ClientHello cipher code point, leading to dropped or hanging connections. This can be resolved by updating your middlebox, or disabling the key encapsulation mechanism via the temporary PostQuantumKeyAgreementEnabled enterprise policy, which will be available through the end of 2024. However, long term, post-quantum secure ciphers will be required in TLS and the enterprise policy will be removed. Post-quantum cryptography is required for CSNA 2.0.

https://blog.chromium/2023/08/protecting-chrome-traffic-with-hybrid.html

chromium125 Features:19

1. CSS Anchor Positioning

CSS anchor positioning allows authors to “tether” an absolutely positioned element to one or more other elements on the page (the “anchors”), in a declarative way, without the use of Javascript. Anchor positioning works performantly when the anchors are scrollable. A common use case is to position a popover such as a tooltip next to the element that invoked it, or a select menu and its popover options list. Before the anchor positioning feature, these use cases required Javascript to dynamically position the popover, and keep it anchored as the invoking element was scrolled, which is a performance footgun and difficult to get right. With anchor positioning, these use cases can be implemented performantly and declaratively.

The anchor positioning feature consists of a large number of CSS properties, which are fully described in the spec (https://drafts.csswg/css-anchor-position-1). A few of the key features/properties include:

• anchor-name: sets up an element to be an anchor for other elements.
• position-anchor: describes the “default” anchor that an anchored element should use for anchor positioning.
• The anchor() function: used to refer to the position of the anchor element, in positioning the anchored element.
• inset-area: a shorthand for positioning, for common relative positions.

…and many more.

2. Declarative shadow DOM serialization

The prototype implementation (which was shipped in 2020 and then shape-changed in 2023) contained a method called getInnerHTML() that could be used to serialize DOM trees containing shadow roots. That part of the prototype was not standardized with the rest of declarative shadow dom, and only recently has it reached spec consensus (https://github/whatwg/html/issues/8867).

As part of that consensus, the shape of the getInnerHTML API changed. This feature represents the desire to ship the new, agreed-upon shape, which is:

• getHTML({serializableShadowRoots:bool, shadowRoots:[roots]}).

3. Accept HTTP(S) URLs when constructing WebSocket

These URLs are interpreted relative to the base URL and translated to
corresponding WS(S) URLs, which enables use of relative URLs.

4. CSS Stepped Value Functions

The stepped-value functions, round(), mod(), and rem(), all transform a given value according to another “step value”.

The round() CSS function returns a rounded number based on a selected rounding strategy.

The mod() CSS function returns a modulus left over when the first parameter is divided by the second parameter, similar to the JavaScript remainder operator (%). The modulus is the value left over when one operand, the dividend, is divided by a second operand, the divisor. It always takes the sign of the divisor.

The rem() CSS function returns a remainder left over when the first parameter is divided by the second parameter, similar to the JavaScript remainder operator (%). The remainder is the value left over when one operand, the dividend, is divided by a second operand, the divisor. It always takes the sign of the dividend.

5. CSS custom state new :state() syntax

This is the new syntax for the CSS custom state feature for custom elements. The old syntax, :–foo, is being deprecated and removed. This new syntax, :state(foo), is shipping in WebKit.

Deprecation for old syntax: https://groups.google/a/chromium/g/blink-dev/c/JvpHoUfhJYE
Spec for new syntax: https://github/whatwg/html/pull/8467

6. CSS view-transition-class and class VT argument syntax

This feature introduces a new CSS property view-transition-class which allows the developer to specify one or more view transition classes. The developer can then select the ViewTransition pseudo elements using these classes (e.g. ::view-transition-group(*.class)).

This is an extension to the ViewTransition API that simplifies styling of view transition pseudo elements in a similar way that CSS classes simplify styling of regular DOM elements.

7. Direct Sockets API in Chrome Apps

Allows web apps to establish direct transmission control protocol (TCP) and user datagram protocol (UDP) communications with network devices and systems. This API is supposed to provide a modern alternative to the deprecated chrome.sockets APIs.

8. Extending Storage Access API (SAA) to non-cookie storage

This launches the proposed extension of the Storage Access API (backwards compatible and currently in OT) to allow access to unpartitioned cookie and non-cookie storage in a third-party context. The current API only provides access to cookies, which have different use-cases than non-cookie storage (discussed more in the Motivation section). The API can be used as follows (JS running in an embedded iframe):

// Request a new storage handle via rSA (this may prompt the user)

let handle = await document.requestStorageAccess({all: true});

// Write some 1P context sessionstorage

handle.sessionStorage.setItem(“userid”, “1234”);

// Write some 1P context localstorage

handle.localStorage.setItem(“preference”, “A”);

// Open or create an indexedDB that is shared with the 1P context

let messageDB = handle.indexedDB.open(“messages”);

// Use locks shared with the 1P context

await handle.locks.request(“example”, …);

The same flow would be used by iframes to get a storage handle when their top-level ancestor successfully called requestStorageAccessFor, just that in this case the storage-access permission was already granted and thus the requestStorageAccess call would not require a user gesture or show a prompt, allowing for “hidden” iframes accessing storage.

9. FedCM CORS requirement on ID assertion endpoint

The fetches in the FedCM API are hard to reason about because of the properties required of them. After lengthy discussions, it was decided that the ID assertion endpoint should use CORS. This aligns security properties of this fetch more closely to other fetches in the web platform.

10. FedCM: Credentialed requests will no longer send SameSite=Strict cookies

We recently changed FedCM to send ID assertion requests with CORS (see https://chromestatus/feature/5094763339710464). As a side-effect, that change also meant that we no longer send SameSite=Strict cookies to the ID assertion endpoint (we still send SameSite=None). Since it does not make sense to send a different set of cookies to the accounts endpoint and the ID assertion endpoint, this change makes them consistent. Not sending SameSite=Strict cookies is also consistent with requestStorageAccess behavior (https://developers.google/privacy-sandbox/3pcd/related-website-sets-integration#cookie_requirements) and cross-site requests in general.

11. Interoperable mousemove default action

Canceling mousemove will not prevent text selection or drag-and-drop.

Chrome allowed canceling mousemove events to prevent other APIs like text selection (and even drag-and-drop in the past). This does not match other major browsers; nor does it conform to the UI Event spec:
https://w3c.github.io/uievents/#event-type-mousemove

Through this feature, text selection will no longer be the default-action of mousemove. Text selection and drag-and-drop can still be prevented through canceling selectstart and dragstart events respectively, which are spec compliant and fully interoperable.

12. RegExp duplicate named capture groups

https://github/tc39/proposal-duplicate-named-capturing-groups

13. RegExp modifiers

RegExp modifiers adds the ability to locally modify the ‘i’, ‘m’, and ‘s’ flags inside a pattern. To enable a flag for a subexpression, use (?X:subexpr) where X is one of ‘i’, ‘m’, or ‘s’. To disable a flag for a subexpression, use (-X:subexpr).

For example, for the case-insensitivity ‘i’ flag:

const re1 = /^[a-z](?-i:[a-z])$/i;
re1.test("ab"); // true
re1.test("Ab"); // true
re1.test("aB"); // false

const re2 = /^(?i:[a-z])[a-z]$/;
re2.test("ab"); // true
re2.test("Ab"); // true
re2.test("aB"); // false

14. Remove Discontinuity for (ok)lab/lch colors with lightness of nearly 100% or 0

Before this change, all lab, lch, oklab and oklch colors with a lightness value of 100% were rendered as white, regardless of the other two parameters. All colors in these spaces with a lightness value of 0 were rendered as black. These two mappings caused discontinuities in gradients and were generally surprising to web developers.

With this rollback chromium no longer maps these colors artificially and the resulting displayed color will be continuous with nearby colors and will depend on the gamut mapping of the display.

See: https://crrev/c/5400609

15. Remove window-placement alias for permission and permission policy descriptors

Chrome 125 removes the window-placement alias for permission and permission policy descriptors. All instances of window-placement are replaced with window-management, which better describes the related API functionality. This is a follow-up to Window Management API feature enhancements and renaming from “Multi-Screen Window Placement API”; for more details, see https://chromestatus/feature/5146352391028736

16. Support “color-interpolation: linearrgb” on SVG gradients

Allows SVG gradients to interpolate in a linear-light sRGB color space. Currently all SVG gradients interpolate in a gamma-encoded sRGB color space.

17. View Transitions: transition types

This feature allows View transition API use to be customized for different types of transitions.

Specifically, this adds an ability to add “types” to startViewTransition call which will identify the types of the transition. As well, it will match a pseudo-class, called :active-view-transitions(...) with a parameter matching the type for the duration of the view transition.

Combined these two features provide a way for the author to declare several view transitions once and only trigger one at a time.

See example usage in the spec: https://drafts.csswg/css-view-transitions-2/#the-active-view-transition-pseudo

18. WebGPU: render to slice of 3D texture

Functionality added to the WebGPU/WGSL spec after its first shipment in a browser. Adds support using a render pass to render to slices of 3D textures in addition to rendering to 2D textures. This is used in graphical algorithm to do voxelization between others.

19. Compute Pressure

The Compute Pressure API offers high-level states that represent the pressure on the system. It allows the implementation to use the right underlying hardware metrics to ensure that users can take advantage of all the processing power available to them as long as the system is not under unmanageable stress.

“Pressure” is a generic term by design – at the moment it is calculated based on CPU load, but future plans include using signals from temperature and battery status, for example.

chromium126 Features:11

1. Align navigator.cookieEnabled with spec

navigator.cookieEnabled currently indicates if “the user agent attempts to handle cookies” in a given context. A change in Chrome, shipping as part of third-party cookie deprecation (3PCD), would cause it to indicate whether unpartitioned cookie access is possible (causing it to return false in most cross-site iframes). We should restore the prior behavior of navigator.cookieEnabled which indicated only if cookies were enabled/disabled for the site and rely on the cross-vendor function document.hasStorageAccess to indicate if unpartitioned cookie access is possible.

2. Close requests for CloseWatcher, , and popover=“”

“Close requests” are a new concept that encompasses user requests to close something currently open, using the Esc key on desktop or the back gesture/button on Android. Integrating them into Chromium comes with two changes:

• CloseWatcher, a new API for directly listening and responding to close requests.

• Upgrades to and popover=“” to use the new close request framework, so that they respond to the Android back button.

3. Gamepad API Trigger-Rumble Extension

Extend the GamepadHapticActuator interface to expose the trigger-rumble capability in the Web for compatible gamepads.

This extension will allow web applications that take advantage of the Gamepad API to also vibrate the triggers of gamepad devices that come equipped with this functionality.

4. MP4 container support for MediaRecorder

Adds support for muxing audio/video into MP4 containers with MediaRecorder.

Developer can record media format, container, with MP4 of H264 video and AAC audio codecs in the MediaRecorder API.

5. OpusEncoderConfig signal and application parameters

OpusEncoderConfig.signal and OpusEncoderConfig.application were recently added to the WebCodecs spec 1. Both parameters are mapped directly to implementation specific encoder knobs. These allow web authors to provide hints as to what type of data is being encoded, and in which context the data is being used.

signal can be one of {“auto”, “music”, “voice”}. It configures the encoder for the best performance in encoding the specified type of data.

application can be one of {“voip”, “audio”, “lowdelay”}. It configures the encoder to favor speech intelligibility, faithful reproduction of the original input, or minimal latency.

1 : https://github/w3c/webcodecs/pull/777

6. View Transitions Same-Origin Navigation

The first phase of the View Transitions API, explained in https://groups.google/a/chromium/g/blink-dev/c/7SMI3IklO4g/m/JS-JojxNAwAJ, allows authors to define visual transitions in SPAs (DOM state changes in the same Document).

This intent is about expanding the API to support MPAs. MPA implies same-origin navigations that replace the document with another document (in the main frame or nested iframe).

This is a highly requested additional feature. Examples are: https://chriscoyier/2022/11/08/astro-stands-to-benefit-highly-from-view-transitions/, https://adactio/journal/19578.

7. WebGLObject Web IDL superinterface

The WebGL specification has defined a WebGLObject superinterface for many years, but Chromium’s implementation never exposed it. This did not significantly affect applications in practice, but prevented enabling WebGL IDL tests in the Interop suite. The WebGL working group also aims to finally utilize this superinterface to improve application-level debugging.

This feature exposes the WebGLObject type in the same contexts where the WebGL API is exposed - on the main thread and workers.

8. toJSON for GeolocationCoordinates and GeolocationPosition

Add .toJSON() methods to the GeolocationCoordinates and GeolocationPosition interfaces.

These methods will aid in developing automated tests for the Geolocation API and may be useful for debugging as well. If the API were developed today, these WebIDL interfaces would likely be WebIDL dictionaries instead. However, given compatibility constraints, this is the next best option for making these types serializable.

9. visualViewport.onscrollend Support

Scrollend is a JavaScript event that fires to signal that a scrolling operation has come to an end.

Similar to the Element interface1, the visualViewport interface2 includes an onscrollend event handler that should be invoked when a scrolling operation on the visualViewport has ended. Chromium already supports adding a scrollend event listener via visualViewport.addEventListener("scrollend"). This just makes it possible to also add an event listener using visualViewport.onscrollend.

1https://html.spec.whatwg/multipage/webappapis.html#handler-onscrollend
2https://drafts.csswg/cssom-view/#dom-visualviewport-onscrollend.

10. Deprecate and remove import assertion ‘assert’ syntax

TC39 has consensus for trying to deprecate and remove the assert keyword in favor of the new with keyword in import attribute syntax.

That is, import m from 'foo' assert { type: 'json' } will now throw a SyntaxError, and developers must change to import m from 'foo' with { type: 'json' }.

https://github/tc39/proposal-import-attributes/issues/135

11. Tabbed web apps

Allow web app windows to have a tab strip.

This adds a new display mode “tabbed” and a new manifest field to allow customizations to the tab strip.

chromium127 Features:17

1. Conversion to RGB in VideoFrame: copyTo() method

VideoFrame.copyTo() can convert pixel data to RGB pixel format

Converting YUV video frames to RGB is often required for processing them in libraries like TensorFlow.js and OpenCV.js. Previously the only possible way to achieve this was rendering the frame on a canvas.

Specifying VideoFrameCopyToOptions.format and VideoFrameCopyToOptions.colorSpace make it possible to convert frames to RGB pixel format by calling VideoFrame.copyTo() without having to use an extra canvas.

2. Deprecate old CSS custom state syntax

The CSS custom state pseudo-class is being renamed from :–foo to :state(foo). The new syntax, :state(foo), has been enabled by default, and now we have to deprecate and remove the :–foo syntax.

Gecko and webkit never implemented the old syntax and they have both shipped the new syntax.

We are currently shipping both the new syntax and the old syntax at the same time. There have been console errors and DevTools deprecations for the old syntax for many milestones already.

Previous thread on this topic: https://groups.google/a/chromium/g/blink-dev/c/JvpHoUfhJYE/m/uRtWiqoHAQAJ

The UseCounter is currently at 0.04% https://chromestatus/metrics/feature/timeline/popularity/3796

For Enterprise customers who need more time, please use the CSSCustomStateDeprecatedSyntaxEnabled policy. This policy will be removed in Chrome 131.

3. Dispatch selectionchange event per element

Dispatches selectionchange event per element when this element(input/textarea) provides a text selection or its selection changes. This is to match the latest specification of selectionchange event. This also matches Safari behavior.

4. No-Vary-Search Hint for Prerender Speculation Rules

Adds a hint to speculation rules that informs the navigation prerender cache that the URL to be prerendered expects to receive the same No-Vary-Search header in the response.
The hint is useful because prerenders that depend on No-Vary-Search to match to navigations do not benefit the user if the navigation happens before prerender headers return from the server. Using the hint, the web browser will expect, but verify, that the No-Vary-Search hint matches with the No-Vary-Search header. If the No-Vary-Search hint does not match the No-Vary-Search header received then the web browser will send a new request.

5. No-Vary-Search support for prerender

Enables a prerender entry to match even if URL query parameters change. The No-Vary-Search HTTP response header declares that some or all parts of a URL’s query can be ignored for cache matching purposes. It can declare that the order of query parameter keys should not cause cache misses, that specific query parameters should not cause cache misses or that only certain known query parameters should cause cache misses. It could apply to multiple caches, but this entry refers to support for prerender.

6. Automatic Fullscreen Content Setting

A new “Automatic Fullscreen” content setting permits Element.requestFullscreen() without a user gesture, and permits browser dialogs to appear without exiting fullscreen.

The setting is blocked by default. Sites can query for permission (starting in M128), but cannot prompt. New UI controls are limited to Chrome’s settings pages 1 and the site info bubble. Users can allow Isolated Web Apps 2, and enterprise admins can allow additional origins with the AutomaticFullscreenAllowedForUrls policy.

Combined with Window Management permission [3] and unblocked popups [4], this unlocks valuable fullscreen capabilities:

• Open a fullscreen popup on another display, from one gesture
• Show fullscreen content on multiple displays from one gesture
• Show fullscreen content on a new display, when it’s connected
• Swap fullscreen windows between displays with one gesture
• Show fullscreen content after user gesture expiry or consumption

1 chrome://settings/content/automaticFullScreen and site details pages
2 User control is initially scoped to security-sensitive apps; see https://chromestatus/feature/5146307550248960
[3] For multi-screen window placement features; see https://chromestatus/feature/5252960583942144
[4] To similarly permit window.open() without a user gesture; see chrome://settings/content/popups

7. CSS font-size-adjust

The font-size-adjust CSS property specifies that font size should be chosen based on the height of lowercase letters rather than the height of capital letters. It was once dropped since css 2.1, but newly defined in CSS3 font.

8. CSS font-size-adjust: two-value syntax

The font-size-adjust CSS property adjusts the font size based on the height of lowercase letters rather than that of uppercase letters for consistency in readability. However, there have been voices that the adjusting metric is obscure and impractical. This new two-value syntax reflects such voices by allowing developers to specify a font metric for adjusting the size. This feature is standardized in CSS Font Module Level 5.

9. Document picture-in-picture: propagate user activation

This makes user activations in a document picture-in-picture window usable inside its opener window and vice versa. This makes it more ergonomic to use user-activation-gated APIs, since often event handlers in the document picture-in-picture window are actually run in the opener’s context, so the opener’s context needs access to the user gesture.

10. Multi-argument alt text in CSS Generated Content

The CSS content property allows developers to specify alternative text for accessibility with the following syntax:
.has-before-content::before {
content: url(“cat.jpg”) / “A cute cat”;
}

This functionality, where the alt text is given by a single string, is already supported in Chromium (https://chromestatus/feature/4550056227110912). However, the spec allows the alt text to be given by an arbitrary number of elements, which in addition to strings can be attr() functions or counters. For example:
.has-before-content::before { content: url(“cat.jpg”) / "A cute " attr(data-animal); }

This feature tracks the expansion of the Chromium implementation to support an arbitrary number of arguments as well as attr() functions in addition to strings.

Note that this feature entry does not include the addition of counter support.

11. Support Video Chapter in MediaMetadata

The corresponding implementation on the blink layer based on the w3c api change, which is to add the ChapterInformation attribute in the existing MediaMetadata. ThisChapterInformation applies to audio as well as video, since MediaSession is for both audio and video.

See the propose: https://github/w3c/mediasession/issues/273
And the specs change pr: https://github/w3c/mediasession/pull/308

12. The ServiceWorker static routing API not condition support

The ServiceWorker static routing API is an API used for routing the request to the network, the ServiceWorker fetch handler, or directly looking up from cache, and so on. Each route consists of a condition and a source, and the condition is used for matching the request.

For Chromium implementations, the “or” condition is only the supported condition. However, to write the condition more flexibly, supporting the “not” condition is expected, which matches the inverted condition inside.

13. Used color scheme root scrollbars

Makes the browser use the user’s preferred color scheme to render the viewport scrollbars if the value of “page’s supported color schemes” is ‘normal’ or not specified, and the computed value of the color-scheme for the root element is ‘normal’. Viewport scrollbars can be considered to be outside the web content. Therefore, the user agents should honor the user’s preferred color scheme when rendering viewport scrollbars if page authors have not explicitly specified support for color schemes.

14. WebGPU: GPUAdapter info attribute

Functionality added to the WebGPU spec after its first shipment in a browser.

Adds a synchronous GPUAdapter info attribute to retrieve same information about the physical adapter as with the asynchronous GPUAdapter requestAdapterInfo() method. A separate Intent will be sent to deprecate and remove the asynchronous GPUAdapter requestAdapterInfo() method.

15. WebRTC encoded transform - Modify Metadata functions

Allow WebRTC Encoded Transform API to manipulate audio and video frame metadata.

Some WebRTC Encoded Transform use cases involve manipulation of not only the payload of encoded video / audio frames but also its metadata. Some examples:

• Altering the timestamp of a frame to introduce a delay,
• Changing the mime type of the frame if the transform changes the type of the payload.
• Forwarding of media to a new peer connection set up to use different metadata values

Use cases:
https://w3c.github.io/webrtc-nv-use-cases/#live-encoded-media
https://w3c.github.io/webrtc-nv-use-cases/#stored-encoded-media
https://w3c.github.io/webrtc-nv-use-cases/#auction

Issue link: https://github/w3c/webrtc-nv-use-cases/issues/77

16. Deprecate Mutation Events

Mutation Events, including DOMSubtreeModified, DOMNodeInserted, DOMNodeRemoved, DOMNodeRemovedFromDocument, DOMNodeInsertedIntoDocument, and DOMCharacterDataModified, are quite bad for page performance, and also significantly increase the complexity of adding new features to the Web. These APIs were deprecated from the spec (https://w3c.github.io/uievents/#legacy-event-types) in 2011, and were replaced (in 2012) by the much better-behaved Mutation Observer API. Usage of the obsolete Mutation Events must now be migrated to Mutation Observer.

Mutation event support will be disabled by default starting in Chrome 127, around July 30, 2024. Code should be migrated before that date to avoid site breakage. If more time is needed, there are a few options:

• The Mutation Events Deprecation trial (https://developer.chrome/origintrials/#/view_trial/919297273937002497) can be used to re-enable the feature for a limited time on a given site. This can be used through Chrome 134, ending March 25, 2025.
• A MutationEventsEnabled enterprise policy (https://chromeenterprise.google/policies/#MutationEventsEnabled) can also be used for the same purpose, also through Chrome 134.

Please see this blog post for more detail:
https://developer.chrome/blog/mutation-events-deprecation

Report bugs here: https://issues.chromium/new?component=1456718&template=1948649

17. Restrict “private network requests” for subresources from public websites to secure contexts.

Requires that private network requests for subresources from public websites may only be initiated from a secure context. Examples include internet to intranet requests and internet to loopback requests.

This is a first step towards fully implementing Private Network Access: https://wicg.github.io/private-network-access/

chromium128 Features:15

1. Coalesce selectionchange events

This feature is not to fire selectionchange event when there is already one pending. For web developers, selectionchange event listeners will be called less often with this feature.

Before this feature, every time the mutation of the selection on one target(input/textarea/document) would make the listener to be called once.
Now with this feature, before the selectionchange event listner is finally called, multiple mutations of the selection on one target would make the listener to be called only once.

2. Standardized CSS zoom

Updates the existing implementation of the previously non-standard CSS zoom property to align with the new standard. This changes various JS APIs to align with the spec (see design doc), changes zoom to apply to iframe content documents, and changes it to apply to all inherited length properties (previously it only changed inherited font-size).

3. AudioContext.onerror

AudioContext creation and audio rendering errors are reported to web applications via a callback assigned to AudioContext.onerror.

4. CSS ruby-align property

Support of new CSS property ruby-align is added.

The property accepts one of space-around space-between start and center keywords, and controls alignment of ruby base text and ruby annotation text.

5. Cross-site ancestor chain bit for CookiePartitionKey of partitioned cookies

Chrome 128 adds a cross-site ancestor bit to the keying of the partitioned cookie’s CookiePartitionKey. This change unifies the partition key with the partition key values used in storage partitioning and adds protection against clickjacking attacks by preventing cross-site embedded frames from having access to the top-level-site’s partitioned cookies.

If an enterprise experiences any breakage with embedded iframes, they can use the CookiesAllowedForUrls policy or use SameSite=None cookies without the Partitioned attribute and then invoke the Storage Access API (SAA) to ensure that embedded iframes have access to the same cookies as the top level domain.

6. Line-breakable ruby

Line-breaks are possible within elements with display: ruby.

A single pair of a ruby-base and a ruby-text has never been line-breakable, and it has been pushed to the next line if the current line had no enough space for the entire pair. Now each of the ruby-base and the ruby-text can be split into multiple lines.

7. Minimum size of <option> within <select> dropdown

The WCAG (accessibility guidelines) specify that the size of pointer inputs must be at least 24x24 CSS pixels. The element within the dropdown currently does not meet this height requirement.

8. PointerEvent.persistentDeviceId for Multi-Pen Inking

As devices with advanced pen input capabilities are becoming increasingly prevalent, it is important that the web platform continues to evolve to fully support these advanced features in order to unlock rich experiences for both end users and developers. One such advancement is the ability for a device’s digitizer to recognize more than one pen device interacting with it simultaneously. This feature is an extension to the PointerEvent interface to include a new attribute, persistentDeviceId, that represents a session-persistent, document isolated, unique identifier that a developer can reliably use to identify individual pens interacting with the page.

9. Private Aggregation API: filtering IDs

Modifies the Private Aggregation API to add a ‘filtering ID’ to the aggregatable reports’ encrypted payloads. This ID allows histogram contributions with different filtering IDs to be processed separately on the aggregation service. A list of filtering IDs could be provided in an aggregation query and any contributions not matching a listed ID will be filtered out, not contributing to the result.

To support the new feature, we update the report version to “1.0” (from “0.1”). By the time this is launched to Stable, all valid aggregation service releases will support the new report version, avoiding backwards compatibility concerns. (Old releases are deprecated on a regular schedule.)

10. Promise.try

Promise.try is a new static method. Promise.try(f) is shorthand for new Promise(resolve => resolve(f())).

11. Rename position-try-options to position-try-fallbacks

The CSSWG resolved to rename this property, because “fallbacks” more accurately describes what this property controls. The word “options” is a bit deceiving, since the styles outside of position-try blocks will be tested first, and if they result in a layout that fits within the containing block, none of the “options” will get used. So “fallbacks” is a better word to describe this behavior.

https://github/w3c/csswg-drafts/issues/10395#issuecomment-2192127524

One note for developers: there is a position-try shorthand (see https://drafts.csswg/css-anchor-position-1/#position-try-prop) that can be used to help this migration. If you set position-try instead of position-try-options or position-try-fallbacks, the shorthand will set the proper longhand before and after this rename.

12. SkipAd media session action

Support the SkipAd media session action. This skipad action allows Chrome to show a button in the system media controls or in the PiP window.

13. WebAuthn hints

The new hints parameter1 in WebAuthn requests allows sites to provide guidance to browsers to guide their UI. The canonical use case are enterprises which know that their internal sites use only security keys and want to be able to communicate that so that browsers focus the UI on that case.

But hints also resolve a tension where the current authenticatorAttachment parameter is strict: setting it to platform excludes all cross-platform options and vice versa. This has proven less than ideal in some cases.

1 https://w3c.github.io/webauthn/#enum-hints

14. Write image/svg+xml content in UTF-8 format on Windows.

On Windows, popular native apps 1 use UTF-8 format to read/write SVG images from/to clipboard.
Proposal is to switch to UTF-8 on Windows while writing image/svg+xml format to the clipboard. This is similar to the HTML format where we use UTF-8 on Windows. When SVG image content is read from the clipboard, Chromium converts it into UTF-16.

Alternative considered
It was attempted to add a BOM character to the UTF-16LE encoded SVG image content, but the sampled native apps 1 were unable to parse the images correctly.
1 Here is an inventory of all the sampled native apps that read/write image/svg+xml format: https://docs.google/document/d/1ULlihA0FOJOqcyD9MgzLZrAbk0uTQPJqDPuPJ2aiuS4/edit?usp=sharing
2 https://learn.microsoft/en-us/windows/win32/dataxchg/html-clipboard-format#:~:text=The%20only%20character%20set%20supported%20by%20the%20clipboard%20is%20Unicode%20(UTF%2D8).

15. document.caretPositionFromPoint API

This new API allows users to get current caret position from a given screen point.

The API returns a CaretPosition object which represents the caret position indicating current text insertion point including the containing DOM node, caret’s character offset, and the client rectangle of caret range. The API also supports get CaretPosition inside Shadow DOM. To get CaretPosition inside Shadow DOM, caller needs to provide reference to all the shadow roots that this API can pierce into.

---

1. https://github/tc39/proposal-import-attributes/ ↩︎

2. https://github/whatwg/html/issues/7233 ↩︎

本文标签： 版本功能列表Chromiumchrome