chromium 54 chrome 各个版本发布功能列表(109-119)

chromium Features 109-119

From https://chromestatus.com/features

chromium109 Features:12

1. Auto range support for font descriptors inside @font-face rule

Auto range support for variable fonts in 'font-weight', 'font-style' and 'font-stretch' descriptors inside '@font-face' rule.

2. CSS 'lh' Length Unit

The 'lh' unit adds support for expressing CSS lengths relative to the line-height.

That is typically useful for specifying the height of an element to fit a whole number of lines. Example: textarea { height: 5lh }

3. CSS hyphenate-limit-chars property

Specifies the minimum number of characters in a hyphenated word. When applying the hyphenation, the optimal minimum number of characters in the word, before the hyphen, or after the hyphen can vary by the design of the page, or by the language. This property allows the finer grained control of the hyphenation.

4. HTTP response status code in Resource Timing

Adds a field to PerfomanceResourceTiming to indicate the HTTP response status when the resource was fetched.

5. MathML

Supports MathML Core, a language for describing mathematical notation embeddable in HTML and SVG. MathML is rendered in a CSS-compatible way with OpenType MATH and exposed via platform accessibility APIs. MathML styling is enabled by CSS features including those dedicated to math layout (math-depth, math-shift and math-style properties, 'math' display value, 'math' font-family name and 'math-auto' text-transform). Finally, the MathMLElement interface provides a convenient way to manipulate MathML in scripts.

6. MediaTrackSupportedConstraints.suppressLocalAudioPlayback

Consider a Web application APP which is display-capturing a tab TAB. We add a mechanism by which APP may control whether the audio playing in TAB would be played out of the user's local speakers.

7. Origin Private File System (OPFS) on Android

Enable the Origin Private File System (OPFS) part of File System Access API on Android. This includes all of the File System Access API surface, minus show*Picker() methods and Drag-and-Drop API integration.

With FSA API on OPFS, a site can access its per-origin, private file system and are able to perform file operations via FileSystemSyncAccessHandle with improved performance.

The original API, including both OPFS and non-OPFS, was shipped in M86 for desktop, and the extension with SyncAccessHandle was shipped in M102.

https://chromestatus.com/feature/6284708426022912

https://chromestatus.com/feature/5702777582911488

8. Same-site cross-origin prerendering triggered by the speculation rules API

Previously 1 we launched same-origin prerendering triggered by the speculation rules API. This expands coverage to also allow triggering same-site cross-origin pages 2. This prerendering will be done with credentials and storage access, but such prerender targets will need to opt in by using the Supports-Loading-Mode: credentialed-prerender header.

9. Snap border, outline and column-rule widths before layout

Snap border, outline and column-rule widths before layout to avoid gaps between backgrounds and borders caused by paint-time snapping. With this change, Blink will match Gecko and WebKit.

10. WebTransport BYOB readers

Support BYOB(bring-your-own-buffer) readers for WebTransport to allow reading into a developer-supplied buffer. BYOB readers can minimize buffer copies, as well as reduce memory allocations.

11. Deprecate Event.path

Event.path is a non-standard API that returns the event's path, which is an array of the objects on which listeners will be invoked. It is supported by Blink only, causing web compatibility issues. Web developers should switch to the equivalent standard API Event.composedPath(), which returns the same result.

12.Conditional Focus

Extend the getDisplayMedia() API by adding a CaptureController object which can be passed in as a parameter. This object exposes a setFocusBehavior() method. By calling this method, an app can control whether the captured tab/window is focused when capture starts, or whether the capturing page should retain focus.

chromium110 Features:17

1. AudioContext.setSinkId()

AudioContext.setSinkId sets the ID of the audio device to use for output. This allows the AudioContext to route audio to a connected output device of user's choosing.

2. CSS Initial Letters

Enables a typographic decoration called "initial letter" or "drop caps." Initial letters are large, decorative letters that have been used to start new sections of text since before the invention of printing. In fact, their use predates lowercase letters entirely.

3. Client Hints persistency in Android WebView

We aim to add support for persistent Client Hints to Android Webview for parity with the rest of the platform. For more details on the Client Hints system see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Client_hints

4. FedCM: cross-origin iframe support

Adds cross-origin iframe support for the FedCM API via a permissions policy. It enables websites to sandbox the scripts from identity providers which trigger the FedCM API in a cross-origin iframe, so that they do not have full control over the whole page. This also allows use cases where it is the iframe itself which requires a sign-in from the user. In both cases, the parent frame must provide the iframe with the permissions policy 'identity-credentials-get'.

5. FileSystemHandle.remove() method

A "remove self" method for a FileSystemHandle.

Currently, it is not possible to remove a file or directory given its handle. You must obtain the handle of the parent directory and call FileSystemDirectoryHandle.removeEntry().

This method enables the common use case where you obtain a file handle from showSaveFilePicker(), but then decide you don't want to save after all, and delete the file.

6. Iframe credentialless

Iframe credentialless give developers a way to load documents in third party iframes using new and ephemeral contexts.

Iframe credentialless are a generalization of COEP credentialless to support 3rd party iframes that may not deploy COEP. Like with COEP credentialless, we replace the opt-in of cross-origin subresources by avoiding to load non-public resources. This will remove the constraint that 3rd party iframes must support COEP in order to be embedded in a COEP page and will unblock developers looking to adopt cross-origin-isolation.

This way, developers using COEP can now embed third party iframes that do not.

7. Methods that change Array and TypedArray by copy

Provides additional methods on Array.prototype and TypedArray.prototype to enable changes on the array by returning a new copy of it with the change.

8. Prefetching triggered by the speculation rules API

Prefetching fetches the main resource for a future navigation, keeping it in memory so that it can be used to speed up the next navigation. This launch includes both same-site prefetching, and cross-site prefetching in the case where no credentials are present for the destination site.

9. Private network access for workers: warning-only mode

Applies Private Network Access checks to web workers: dedicated workers, shared workers and service workers.

These checks apply to all worker-specific fetches:

• initial worker script fetch
• fetch within workers
• service worker script update fetch

If the fetch is from an insecure context, we'd show a warning in DevTools. If the fetch is from a secure context, we'd send a preflight. If the preflight fails, we'll also show a warning in DevTools.

10. Secure Payment Confirmation - Opt-Out Support

Adds an 'opt-out' flow to Secure Payment Confirmation. When the (optional) input flag is set, the SPC UXes will render an 'opt-out' link of some sort that the user can interact with to indicate to the relying party that they wish to be opted out.

See https://github.com/w3c/secure-payment-confirmation/issues/172

11. Speculation rules: Content Security Policy extension

Speculation rules are inlined in script tags, but their use will be restricted by Content Security Policy as unsafe inline scripts even if the speculation rules are safe.

So, we extend the Content Security Policy to have a new source keyword, 'inline-speculation-rules', for inline uses of speculation rules. With this new keyword, we can permit inline speculation rules without permitting inline scripts.

12. TLS ClientHello extension permutation

Randomize the order of TLS ClientHello extensions, to reduce potential ecosystem brittleness.

This change is only visible to HTTPS server implementers.

13. Use Non-Transitional IDNA Processing in URLs

Enable IDNA 2008 in Non-Transitional Mode for URL processing, aligning Chrome's behavior with Firefox and Safari.

Chrome currently uses IDNA 2008 in Transitional Mode in URL processing. The main difference between Transitional and Non-Transitional Mode is the handling of four characters known as deviation characters: ß (LATIN SMALL LETTER SHARP S), ς (GREEK SMALL LETTER FINAL SIGMA), ZWJ (Zero width joiner) and ZWNJ (Zero width non-joiner).

In Transitional mode, deviation characters are handled the same as IDNA2003: ß is mapped to ss, ς is mapped to σ, and ZWJ and ZWNJ are deleted. In Non-Transitional mode, domains containing these characters are allowed in domain names without mapping, and thus can resolve to different IP addresses. For example, typing "faß.de" in Chrome and Firefox opens different sites today.

Enabling Non-Transitional IDNA in Chrome will allow deviation characters in domain names. Firefox and Safari already made this change in 2016 and continue to use Non-Transitional URL processing.

14. web-share permission policy

Controls access to navigator.share().

By default, third-party iframes do not have permission to use the Web Share API.

15. Deprecate and remove WebSQL in non-secure contexts

We intend to deprecate and remove usage of WebSQL in non-secure contexts.

Deprecation: M105

Removal: M110

16. Features: Remove window.webkitStorageInfo

We propose to remove support for the legacy storage quota API, window.webkitStorageInfo.

Originally introduced in 2011, Chrome implemented the prefixed quota API which was immediately succeeded by the Quota API which as since been deprecated as well. The legacy storage quota API was never implemented by any other browser, and has been marked deprecated since 2013.

17. Web app launch handler

Add a "launch_handler" web app manifest member that enables web apps to customize their launch behavior across all types of app launch triggers.

Example usage:

{

"name": "Example app",

"start_url": "/index.html",

"launch_handler": {

"client_mode": "navigate-existing"

}

}

This will cause all launches of the Example app to focus an existing app window and navigate it (if it exists) instead of always launching a new app window.

chromium111 Features:19

1. Add "window-management" as an alias for permission and permission policy "window-placement"

Adds "window-management" as an alias for "window-placement" permission and permission-policy strings. This is part of a larger effort to rename the strings by eventually deprecating and removing "window-placement". The terminology change improves the longevity of the descriptor as the Window Management API evolves over time.

2. CSS Color Module Level 4 and color-mix()

All features described in CSS Color 4 (https://www.w3.org/TR/css-color-4/) are now enabled! This includes four device-independent color types (lab, Oklab, lch and Oklch), the color() function and user-defined color spaces for gradients and animations. The incredibly useful color-mix() function from CSS Color 5 (https://www.w3.org/TR/css-color-5/#color-mix) has also been included as a bonus!

3. CSS Root Font Units: 'rex', 'rch', 'ric', 'rlh'

Adds root font units.

Previously, only 'rem' has been supported in Chrome. This feature adds root element variants of ex, ch, ic, and lh.

4. CSS Selectors 4 Pseudo-Class :nth-child(an + b of S)

Extend :nth-child(an + b) to take a selector, and the same with :nth-last-child. So e.g. :nth-child(3 of .c) is the third .c under a given parent. (This is not the same as .c:nth-child(3), which is a .c that must also be the third element under a given parent.)

5. CSS Trigonometric functions

Add trigonometric functions sin(), cos(), tan(), asin(), acos(), atan(), atan2() to CSS math expressions.

MDN: https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_Functions#trigonometric_functions

6. Media Session API: Presenting slides actions

Adds "previousslide" and "nextslide" actions to the existing Media Session API.

7. Resizable ArrayBuffer and growable SharedArrayBuffer

Extend the ArrayBuffer constructors to take an additional maximum length that allows in-place growth and shrinking of buffers. Similarly, SharedArrayBuffer is extended to take an additional maximum length that allows in-place growth.

8. Speculation rules: referrer policy key

This extends the speculation rules 1 syntax to allow developers to specify the referrer policy to use with speculative requests triggered by speculation rules.

This also reintroduces the "sufficiently-strict referrer policy" requirement 2.

1 https://chromestatus.com/feature/5740655424831488
2 https://github.com/WICG/nav-speculation/blob/main/fetch.md#stripping-referrer-information

9. Streaming declarative shadow DOM

Chromium has shipped 1 a version of declarative shadow DOM in M90 which currently has 0.014% usage 2. Mostly, that is due to the spec PR being stalled with no input from other implementers. Recently, there has been renewed interest in the feature, and discussions have resumed. As part of those discussions, two changes have been generally agreed upon:

1. Rename the <template> attribute from shadowroot to shadowrootmode.
2. Support streaming, by attaching the shadow root on the opening, rather than the closing, template tag.

While the PR hasn't landed, and there is still an open issue (related to the DOMParser), we would like to ship the agreed upon behavior listed above.

1 https://chromestatus.com/feature/5191745052606464
2 https://chromestatus.com/metrics/feature/timeline/popularity/3196

10. String.prototype.isWellFormed and toWellFormed

Add two String.prototype methods for working with well-formed UTF-16 strings.

A JavaScript string value is well-formed UTF-16 if it has no unpaired surrogate code points. By default, JavaScript strings may be ill-formed.

• String.prototype.isWellFormed returns whether the receiver string is well-formed UTF-16.

• String.prototype.toWellFormed returns a string that is identical to the receiver string, except all unpaired surrogate code points are replaced with U+FFFD (REPLACEMENT CHARACTER).

11. Style Container Queries for CSS Custom Properties

Adds a style() function to @container rules to make it possible to apply styles based on the computed values of custom properties of an ancestor element.

style() queries can be combined with size container queries which shipped in M105.

12. View Transitions API

View Transitions is an API that enables the creation of polished transitions. Web developers only need minimal effort to make transitions look nice. They can choose to use some default animation properties, or they can customize their own transition effects to achieve a desired transition experience.

This is accomplished by leveraging user-agents' ability to persist visual representations of rendered output (i.e. snapshots) and blend them with the live DOM state's rendered output. The API also allows these animations to be customized via standard CSS animation properties.

13. WebRTC Scalable Video Coding extensions

This extension defines a standard method for picking between possible Scalable Video Coding (SVC) configurations on an outgoing WebRTC video track.

14. WebXR enabledFeatures attribute

Returns the set of features that were enabled for this XRSession as specified by XRSessionInit and the Implied Features required by the spec for the given mode/features. For a granted Session, this will contain all "requiredFeatures", but may be a subset of optionalFeatures.

Most features have alternate ways to detect if they were granted; however, for some features the signal of whether or not a feature was enabled may tie closely with data for a feature just not being available "right now", rather than data not being available "ever". By querying enabledFeatures, you can determine if any helpful hints (e.g. to improve/start tracking) should be shown, or if a feature will never be supported in the current session. Future WebXR features may not have other signals to detect whether or not they were enabled, and would require querying this attribute.

15. baseline-source

The "baseline-source" properties allows web developers to specify if an inline-level box should use the "first" or "last" baseline for alignment within an linebox.

Today the default behaviour is confusing for web developers. Consider:

test <div style="display: inline-block;">line1<br>line2</div>

test <div style="display: inline-flex;">line1<br>line2</div>

The "inline-block" will align to the last baseline, and the "inline-flex" will align to the first baseline.

"baseline-source: auto" is the existing (confusing) behaviour.

Web developers can specify "baseline-source: first" or "baseline-source: last" to directly determine how they want these boxes to align within a line-box.

16. font-variant-alternates and the @font-feature-values at-rule

font-variant-alternates enables simpler access to glyph alternates in fonts such as as a swashes, character-variants, ornaments and more. It provides an easier method over having to use 4-letter-codes as arguments to font-feature-settings. font-variant-alternates refers to the @font-feature-values at-rule to map speaking feature names to OpenType feature numbers. In the font-variant-style rule, the requested feature activation becomes easy to use and to read and allows flexible combination of font features.

17. Deprecate and remove PaymentInstruments

PaymentInstruments is the Web API that backs non-JIT install of payment apps (see https://w3c.github.io/payment-handler/).

It was designed with the assumption that the browser would store the actual payment instrument details, which has not turned out to be true, and has some privacy leaks. It also has not shipped on any other browser, not have we seen any interest from other browser vendors.

As such, this API has been deprecated and removed.

18. Deprecate and remove: connect-src CSP bypass in Web Payment API

Deprecate the ability for Web Payment API to bypass the connect-src CSP policy when fetching the manifest.

After this deprecation, a site's connect-src CSP policy will need to allow for the payment method URL specified in a PaymentRequest call, as well as any other URLs that the method chains to fetch its manifest.

19. Merchant identity in "canmakepayment" event

The "canmakepayment" service worker event lets the merchant know whether the user has a card on file in an installed payment app. It used to silently pass the merchant's origin and arbitrary data to a service worker from payment app origin. This cross-origin communication happened on PaymentRequest construction in JavaScript, did not require a user gesture, and did not show any user interface. This silent data passage has been removed from the "canmakepayment" event (and the Android IS_READY_TO_PAY Intent).

chromium112 Features:10

1. CSS :has() : Non-forgiving parsing

Make :has() unforgiving - ':has()' will be invalid if there is an invalid selector in its argument.

CSSWG issue resolution: https://github.com/w3c/csswg-drafts/issues/7676#issuecomment-1341347244

2. CSS @supports : Always non-forgiving parsing

Some functional selectors are parsed forgivingly. (e.g. :is(), :where())

If an argument of the functional selectors is unknown or invalid, the argument is dropped but the selector itself is not invalidated.

To provide a way of detecting the unknown or invalid arguments in those functional selectors, this feature applies the CSS Working Group issue resolution:

• @supports uses non-forgiving parsing for all selectors
  (https://github.com/w3c/csswg-drafts/issues/7280#issuecomment-1143852187)

3. "Reload this page" infobar no longer shown if top-level frame is observing permission changes

Suppresses the "Reload this page" infobar if the top-level frame is subscribed to the PermissionStatus.onchange event, which is taken as an indication that the application wishes to dynamically react to camera/microphone permission changes initiated through the page info dialog. Regardless of the presence of the event listener, the pre-existing behavior remains unchanged that media streams are terminated immediately once the permission is revoked.

4. Add optional submitter parameter to FormData constructor

Allow passing a submit button to the FormData constructor.

If the button has a name or is an image button, it will contribute to the form data set. This makes it possible to create a FormData object with the same data set as a vanilla form submission triggered by the button.

5. CSS Nesting

Add the ability to nest CSS style rules inside other style rules, combining selectors from the outer with the inner rule for increasing modularity and maintainability of style sheets.

6. CSS animation-composition property

Implement animation-composition property.

Allows to specify the composite operation to use when multiple animations affect the same property simultaneously.

7. RegExp v flag with set notation + properties of strings

Add set operations, string literals, nested classes and unicode properties of strings to regular expression character classes.

Set operations and unicode properties of strings allow developers to create regular expressions matching strings with certain unicode characters with ease. E.g. /[\p{Script_Extensions=Greek}&&\p{Letter}]/v matches all greek letters.

8. WebAssembly Tail Call

Add an explicit tail call and indirect tail call opcodes to WebAssembly.

9. WebGLContextEvent on Web Workers

The WebGLContextEvent type has been defined in Khronos' WebGL specification for a number of years, but it was not noticed until recently that in Blink, this type is not exposed on web workers. (Most applications simply add an event listener for the type, and do not look for its prototype in the global scope.)

This is a simple fix to Blink's Web IDL for WebGLContextEvent, but is a web exposed change.

10. Removal of X-Requested-With in WebView

Removes the default X-Requested-With header from HTTP requests made by WebView.

The X-Requested-With header is set by WebView, with the package name of the embedding apk as the value. This use of the header will be discontinued.

Developers who rely on this header can sign up for a deprecation origin trial 1 to continue to receive the header during the deprecation period.

The deprecation origin trial will be extended until replacement APIs are available to address use cases of the header, as explained in this Android Developer Blog Post 2

chromium113 Features:9

1. Remove support for Web Push Notifications using FCM Sender IDs

• Chrome shipped support for Web Push Notifications using FCM Sender IDs M42 (March 2015), after which we added support for a standardized authentication path in M52 (July 2016).

• We have been deprecating support for FCM Sender IDs since, adding console warnings and blocking the list of senders in 2019, and blocking all new subscription requests using sender IDs in 2020. Today we see <1000 unique senders still relying on Chrome to receive such messages in a 7-day window -- this is a tiny portion of full Web Push usage.

• Following this prolonged deprecation path, we're now proceeding to remove support for Chrome to receive messages for subscriptions that were once created using FCM Sender IDs. Users who receive such messages will stop receiving them until they re-visit the sender's website, at which time it has the chance to renew the subscription. We unfortunately cannot automatically update such subscriptions. The roll-out will be done server-side.

2. CSS "overflow" media features

Implements "overflow-inline" and "overflow-block" media features.

Allows to distinguish styles for displays with different overflow characteristics.

3. CSS "update" media feature

Implements "update" media feature.

Allows to distinguish styles for print, slow and fast output displays:

print - for documents on the paper;

slow - for e-ink and underpowered displays;

fast - regular computer displays.

4. Fetch: Headers.getSetCookie()

Adds a way to get the values of multiple Set-Cookie headers without combining them.

In HTTP, Set-Cookie is a special header for historical reasons because it can appear multiple times in a response but cannot be combined, unlike other headers. Headers objects don't currently support having multiple values of the Set-Cookie header, and this feature adds that capability.

5. Linear easing function

Introduces linear() easing function that allows linear interpolation between a number of points. It makes it possible to approximate complex functions by linear interpolation.

6. WebAuthn: Large blob storage extension (largeBlob)

Adds support for the WebAuthn largeBlob 1 client authenticator extension. This extension allows relying parties to store opaque data associated to a credential.

1 https://w3c.github.io/webauthn/#sctn-large-blob-extension

7. WebGPU

WebGPU is the successor to the WebGL and WebGL 2 graphics APIs for the Web. It provides modern features such as "GPU compute" as well as lower overhead access to GPU hardware and better, more predictable performance. WebGPU is developed by the "GPU for the Web" W3C community group.

8. image-set

image-set() is a CSS type for specifying a range of image options, such as different images for different screen densities, and letting the browser select the best one. It can be used with CSS properties such as background-image.

This feature adds the unprefixed "image-set" type so authors no longer need to use "-webkit-image-set". The implementation has also been brought up to the current spec with new resolution units (dppx, dpi, dpcm), image type support (e.g., type("image/avif")), raw urls without "url()", and gradient image options.

9. Secure Payment Confirmation: Rename rp --> rpId in CollectedClientAdditionalPaymentData

Secure Payment Confirmation (SPC) is a Web API to support streamlined authentication during a payment transaction. It builds on top of WebAuthn to bring strong authentication to payment flows.

In the initial spec and implementation of SPC, the output CollectedClientAdditionalPaymentData dictionary0 of the cryptogram contained a parameter named 'rp'. This was renamed in the specification1 to 'rpId' to align with WebAuthn, and Chrome is changing its implementation to match (that is, adding 'rpId' and removing 'rp').

chromium114 Features:10

1. JSON.parse source text access

This proposal adds an object with a "source" property that is passed as the 3rd argument to the reviver function in JSON.parse. This property contains the raw source text for the value being parsed.

It is designed to address the issue that JSON parsing is lossy, e.g. around BigInt values. For example, JSON.parse(" 9999999999999999", (key, val, {source}) => BigInt(source)).

2. ArrayBuffer.prototype.transfer

Adds the ArrayBuffer.prototype.transfer method, which copies the receiver buffer, detaches the receiver, then returns the copy. This adds a JS API for what is possible via structured cloning.

Also adds ArrayBuffer.prototype.transferToFixedLength and the ArrayBuffer.prototype.detached getter.

This is a TC39 proposal.

3. CSS headline balancing

Adjusts the lengths of lines in a paragraph balanced, for better readability and to minimize typographic orphans.

This is often useful for headlines. For example:

h1, h2, h3, h4, h5, h6, blockquote { text-wrap: balance; }

More examplles can be found in a Chrome Developers blog <https://developer.chrome.com/blog/css-text-wrap-balance/>.

In addition to the "text-wrap" property, the "white-space-collapse" property is also supported, and the "white-space" property becomes a shorthand of these two properties.

4. Cookies Having Independent Partitioned State (CHIPS)

Chrome plans to obsolete third-party cookies, therefore developers need the ability to use cookies in third-party contexts that are partitioned by top-level site. This is necessary for use cases that are not cross-site tracking related. For example, SaaS embeds, headless CMS, and sandbox domains). The CHIPS cookie attribute of Partitioned enables developers to opt into having their third-party cookies partitioned by top-level site.

5. Scrollend Event

Helps developers reliably tell when a scroll has completed (including both the scroll itself and any updates to offsets from the scroll) through event listeners.

Knowing when a scroll has completed is useful for various reasons, e.g. synchronizing some logic on the snapped section, fetching stuff in a list, triggering new animations, etc.

This feature greatly simplifies the logic for handling end-of-scroll effects, ensuring that they are consistent across many different input modalities. Currently, developers address this need by observing scroll events and building ad-hoc timeout algorithms.

6. The Popover API

An API that can be used to build transient user interface (UI) elements that are displayed on top of all other web app UI. These include user-interactive elements like action menus, form element suggestions, content pickers, and teaching UI. This API uses a new popover content attribute to enable any element to be displayed in the top layer. This is similar to the <dialog> element, but has several important differences, including light-dismiss behavior, popover interaction management, animation and event support, and the lack of a "modal" mode.

7. Use RegExp v flag instead of u for HTML pattern attribute

The <input pattern> attribute allows developers to specify a regular expression pattern against which the input's values are checked for validity.

<label>
  Part number:
  <input pattern="[0-9][A-Z]{3}" name="part"
         title="A part number is a digit followed by three uppercase letters.">
</label>

When the pattern attribute was first implemented, these regular expressions were compiled without any RegExp flags. In 2014, the HTML Standard changed this by implicitly enabling the u flag for the pattern attribute, enabling better Unicode support (including support for Unicode character properties like \p{Letter}). This change shipped in Chrome 53 (https://chromestatus.com/feature/4753420745441280).

Now, we're taking this to the next level by enabling the new RegExp v flag instead of u, enabling the use of set notation, string literal syntax, and Unicode properties of strings.

(Context: The RegExp v flag is a JavaScript language feature which previously went through the Blink Intents process, and is now shipping in Chrome 112: https://chromestatus.com/feature/5144156542861312 This new ChromeStatus entry is specifically about integrating it with the HTML pattern attribute.)

8. Web Bluetooth exclusionFilters option in requestDevice()

The "exclusionFilters" option in navigator.bluetooth.requestDevice() allows web developers to exclude some devices from the browser picker. It can be used to exclude devices that match a broader filter but are unsupported.

9. WebAssembly extended-const Proposal

We implement the WebAssembly extended-const proposal according to https://github.com/WebAssembly/extended-const.

Specifically, we add i32.add, i32.sub, i32.mul, i64.add, i64.sub and i64.mul to the list of constant instructions.

10. overflow:overlay aliases overflow:auto

Removes the overflow:overlay scrolling mode, and makes overlay a legacy alias of auto.

overflow:overlay is the same as overflow:auto, except that it does not prevent content from extending into the scrollbar gutter, in cases where

non-overlay OS scrollbars are present. (If overlay scrollbars are present, there is no effect.) Example:

With overflow:overlay: https://output.jsbin.com/yujenuq/quiet

With overflow:auto: https://output.jsbin.com/ruzogaf/quiet

chromium115 Features:26

1. Deprecate the document.domain setter.

The document.domain setter allows developers to relax the same-origin policy, complicating the fundamental security boundary we aim to maintain, and putting roadblocks in the way of post-Spectre changes to Chromium's process model. We should deprecate it, by making it opt-in via Origin-keyed agent clusters (https://chromestatus.com/features/5683766104162304)

The setter will remain, but the origin remains unchanged. In that case the compatibility risk is low.

2. HTTPS Upgrades

Automatically and optimistically upgrade all main-frame navigations to HTTPS, with fast fallback to HTTP.

3. Partitioning Storage, Service Workers, and Communication APIs

Note: this has launched in Chrome 115

We intend to partition a number of APIs in 3rd party contexts. This effort is focused on partitioning APIs above the network stack. This includes quota-managed storage, service workers, and communication APIs (like BroadcastChannel). See the explainer for more details:

https://github.com/wanderview/quota-storage-partitioning/blob/main/explainer.md

There is also a deprecation trial available as well as an enterprise policy:

https://developer.chrome.com/blog/storage-partitioning-deprecation-trial/

https://chromeenterprise.google/policies/#DefaultThirdPartyStoragePartitioningSetting

4. Scroll-driven animations

ScrollTimeline and ViewTimeline are an extension to the Web Animations spec which allow developers to use the position of a scroller or the position of an element within a scroller as an input 'time' rather than the default monotonic clock time. This enables fast scroll-based animations, such as a shrinking navigation bar, without requiring user script execution.

They can be declared and instantiated both via CSS and Javascript used in CSS animations and Web Animations.

5. Skip service worker no-op fetch handler

The feature makes the navigation of pages with no-op service worker fetch handlers fast by skipping them.

Some sites have a no-op (no operation) fetch listener (e.g. onfetch = () => {}). Since having the fetch listener was one of the requirements to be a progressive web app (PWA), we assume they did that to make their site recognized as PWA. However, it only brings overheads to start a service worker and execute a no-op listener without bringing any feature benefits like caching or offline capabilities because the code does nothing. To make the navigation to such pages faster, we would like to omit the service worker start and the listener dispatch from the navigation critical path if a user agent identifies that all the service worker's fetch listeners are no-ops.

From version 112, Chromium starts to show console warnings if all the service worker's fetch listeners are no-ops, and encourages developers to remove the useless fetch listeners. Hopefully sites stop using the useless fetch listeners and we can deprecate the feature in the future.

6. 'display' property with multiple values

CSS 'display' property supports two or three keywords.

Web authors can specify

• How the box and its neighbor boxes are located; inline or block
• How children of the box are laid out; flow, flex, grid, etc.
  separately.

For example,
display: inline flow instead of display: inline-block
display: block flex instead of display: flex

7. 8MB Limit for WebAssembly.Module() on the Main Thread

Chrome has extended the size limit on synchronous WebAssembly compilation on the main thread from 4KB to 8MB. This extension is possible thanks to improvements in the WebAssembly runtime V8. The 8MB limit has been determined through performance measurements on a Google Pixel 1 phone, which is currently considered a representative low-end phone. Future developments in V8 or in hardware may allow to extend the limit further. WebAssembly modules that are bigger than 8MB can be compiled asynchronously with WebAssembly.compile(), or sychronously on a Worker.

8. Attribution Reporting API

This API measures ad conversions (e.g. purchases) and attributes them to ad interactions without using cross-site persistent identifiers like third-party cookies.

The API allows measurement through both event-level reports sent directly from the browser, and aggregatable reports which can be processed through a trusted service to create summary reports of attribution data.

An earlier version of this API was in Origin Trial from Chrome 86 through Chrome 97 which only supported click-through

9. Boolean Context Style Container Queries

Support style() container queries without a declaration value, only a property name, as a way of matching non-initial values.

Previously you would have to do:

not style(--my-property: initial)

Now you can do:

style(--my-property)

to match any non-initial value.

10. Clear BFCache during browsing data removal

When performing browsing data removal (e.g. via chrome://settings/clearBrowserData, hard reload, or the Clear-Site-Data header), the disk and in-memory cache for the HTTP response will be cleared. In addition to this, if the browsing data removal's data type is "cache", then all the BFCache entries matching the origin will be cleared as well.

11. FedCM: Support Credential Management Mediation Requirements for Auto Re-authentication

Supports "mediation requirements" to provide streamlined re-authentication UX for users who have created federated accounts on websites with FedCM API.

12. Fenced frames

Fenced frames are frames isolated from their embedding page. More details in the explainer here: https://github.com/WICG/fenced-frame/tree/master/explainer

The OT for fenced frames is part of the joint Privacy Sandbox OT, which follows the timeline here: https://privacysandbox.com/intl/en_us/open-web/

13. Permissions-Policy: unload

This feature allows pages to disable the running of unload event handlers. The goals are:

• allow sites that have removed all unload handlers to not regress (i.e. accidentally adding new ones)
• allow sites to "remove" (skip) unload handlers (e.g. if updating the code is infeasible, or if they have nondeterministic chains of third parties and would rather not risk the BFCache benefits over unload handlers in third party code).

Unload event handlers are problematic for various reasons and prevent use of BFCache on Desktop (see https://web.dev/bfcache/#never-use-the-unload-event). This is the first step to deprecating and removing unload handlers.

14. Privacy Sandbox Ads APIs

A collection of APIs to facilitate advertising: FLEDGE, Topics, Fenced Frames and Attribution Reporting.

15. Private State Token API

This is a new API for propagating user signals across sites, without using cross-site persistent identifiers like third party cookies for anti-fraud purposes. Anti-fraud methods that rely on third party cookies will not work once third party cookies are depreciated. The motivation of this API is to provide means to fight fraud in a world with no third party cookies.

Private State Token API does not generate or define anti-fraud signals. This is up to the corresponding first party and the token issuers. The API enforces limits on the information transferred in these signals for privacy concerns. Private State Token API is based on the Privacy Pass protocol from the IETF working group. It can be considered as a web-exposed form of the Privacy Pass protocols.

Private State Token API spec is to be updated for new versions and types of tokens. The API will be kept up to date with the Privacy Pass working group specs. Expected changes would be in the underlying cryptographic protocols and token issuance code. We do not expect changes in the developer facing fetch API.

The Private State Token API was formerly known as the Trust Token API. It is renamed to more accurately capture the underlying semantics and to highlight the privacy benefits to users.

16. Protected audience API (formerly FLEDGE)

Provides a privacy advancing API to facilitate interest group based advertising. The Protected Audience API shifts the interest data and the final ad decision browser-side instead of server-side, offering many advantages: strong privacy guarantees, as well as time limits on group membership, transparency into how the advertiser interest groups are built and used, and granular or global controls over this type of ad targeting.

17. Related Website Sets

Related Website Sets ("RWS") provides a framework for developers to declare relationships among sites, to enable limited cross-site cookie access for specific, user-facing purposes. This is facilitated through the use of the Storage Access API.

18. Resource Timing: Expose interim response times

Expose PerformanceResourceTiming.firstInterimResponseStart

In cases where a navigation or subresource fetch encounters an interim 1xx response, e.g. 100 continue or 103 early hints, firstInterimResponseStart would now correspond to the time of that first interim response, while responseStart would correspond to the final response, e.g. with 200 status.

19. Topics API

The intent of the Topics API is to provide callers (including third-party ad-tech or advertising providers on the page that run script) with coarse-grained advertising topics that the page visitor might currently be interested in. These topics will supplement the contextual signals from the current page and can be combined to help find an appropriate advertisement for the visitor.

Explainer: https://github.com/jkarlin/topics

20. Update of "xml" prefix handling in lookupNamespaceURI() and createNSResolver()

Node.lookupNamespceURI() supports "xml" and "xmlns" prefixes by default. The function returns fixed namespace strings for them.

Document.createNSResolver() and XPathEvaluator.createNSResolver() stops to wrap the specified node to add "xml" prefix handling. They return the specified node as is.

Web developers can use an element as an XPathNSResolver without wrapping it with createNSResolver().

21. VisibilityStateEntry

Exposes visibility state (visible/hidden) in the performance timeline.

The timeline would always have an entry with a startTime of 0 and the initial visibility state, plus entries corresponding to any visibility state change.

22. WGSLLanguageFeatures for WebGPU

Adds the wgslLanguageFeatures getter on the GPU object for WebGPU, and its corresponding WGSLLanguageFeatures type.

23. WebDriver commands for interacting with FedCM dialogs

This exposes several WebDriver commands to allow browser automation, such as automated testing, to interact with FedCM dialogs.

24. Deprecate Mutation Events

Mutation Events, including DOMSubtreeModified, DOMNodeInserted, DOMNodeRemoved, DOMNodeRemovedFromDocument, DOMNodeInsertedIntoDocument, and DOMCharacterDataModified, are quite bad for page performance, and also significantly increase the complexity of adding new features to the Web. These APIs were deprecated from the spec (https://w3c.github.io/uievents/#legacy-event-types) in 2011, and were replaced (in 2012) by the much better-behaved Mutation Observer API. Usage of the obsolete Mutation Events must be migrated to Mutation Observer.

Mutation events are deprecated starting in Chrome 115, and support will be disabled by default starting in Chrome 127, around July 30, 2024.

25. Private Aggregation API

A generic mechanism for measuring aggregate, cross-site data in a privacy preserving manner. The potentially identifying cross-site data is encapsulated into "aggregatable reports". To prevent leakage, this data is encrypted, ensuring it can only be processed by the aggregation service. During processing, this service will add noise and impose limits on how many queries can be performed.

26. Shared Storage API

Allows for unpartitioned storage that may only be read in a secure environment with carefully constructed output gates. This API is intended to support many of the use cases of third-party cookies without permitting cross-site user tracking.

chromium116 Features:11

1. Display and content-visibility animations

Support specifying display and content-visibility in animations. This support allows for developers to create exit animations after which the element automatically becomes display: none or content-visibility: hidden without needing to write any javascript to handle that switch after the animation is finished. This allows exit animations for elements to be added purely in CSS.

2. AbortSignal.any()

AbortSignal.any(signals) returns a signal that is aborted when any of the source signals are aborted. Developers can use this to combine independent abort sources, e.g. timeouts specified with AbortSignal.timeout() and signals associated with user input, and pass them to async APIs like fetch().

3. BYOB support for Fetch

Makes Response.body be a readable byte stream instead of a "default" readable stream. This enables it to be used with bring-your-own-buffer (BYOB) readers, reducing garbage collection overhead and copies.

4. Bounce Tracking Mitigations

This feature mitigates bounce tracking on the web. It works by deleting state from sites that access storage during a redirect that the user has never directly interacted with. See the specification for more details.

5. CSS Motion Path

Motion path allows authors to position any graphical object and animate it along an author specified path.

This allows a number of powerful new transform possibilities, such as positioning using polar coordinates (with the ray() function) rather than the standard rectangular coordinates used by the translate() function, or animating an element along a defined path, making it easy to define complex and beautiful 2d spatial transitions.

Path can be specified as circle(), ellipse(), rect(), inset(), xywh(), polygon(), ray() and url(). With path() being already implemented before.

6. Document picture-in-picture

Document Picture-in-Picture adds a new API to open an always-on-top window that can be populated with arbitrary HTMLElements.

This is an expansion upon the existing HTMLVideoElement API that only allows for an HTMLVideoElement to be put into a PiP window. This allows web developers to provide a better PiP experience to users.

7. Expanded Wildcards in Permissions Policy Origins

Subdomain wildcards in allowlists provided some valuable flexibility, but differed from existing wildcard parsers and required novel code and spec work. This intent will reduce that overhead by reusing parts of the existing Content Security Policy spec and permitting 'scheme + wildcard domain' and 'wildcard port' in the allowlist.

Specifically, this intent would adopt the definition of host-source and scheme-source instead of origin in the Allowlist definition while requiring that the path-part is empty (as Permissions Policies apply to matching origins).

8. FedCM bundle: LoginHint, UserInfo, and Context

Allows customizations to federated login flows that use FedCM.

With LoginHint, the RP can specify a hint about the user account they want displayed in the FedCM UI. Accounts which do not match the hint are not displayed. This is mainly used to provide a better UX for returning users.

The UserInfo extension allows the IDP to personalize the login experience for returning users, for instance via personalized buttons. After the user has used FedCM with a given IDP on some RP site, this API provides some information about the user accounts to the IDP on subsequent visits to the RP.

With the context parameter, the IDP can request for the FedCM dialog to show a different title than "Sign in", to improve the message being displayed to the user in the FedCM UI.

9. Non-composed Mouse and Pointer enter/leave events

Make the event.composed property in mouseenter, mouseleave, pointerenter and pointerleave events "false" to be spec compliant and to fix interop gaps.

Both the UI Events spec for Mouse Events and the Pointer Events spec define these events as non-composed. Both specs switched away from their original definitions few years ago:

https://github.com/w3c/uievents/pull/210

https://github.com/w3c/pointerevents/pull/461

In addition to addressing the interop gap, this change also fixes an erroneous double/triple dispatch of these events to a shadow DOM host in Chromium when the shadow DOM also listens to the event (https://crbug.com/1136584).

10. Remove document.open sandbox inheritance

Sandbox flags of the caller are currently applied to the callee when document.open targets a different window. Stop doing it.

11. Report Critical-CH caused restart in NavigationTiming

Websites can indicate that a particular Client Hint is critical to the page by including it in a Critical-CH HTTP response header. Doing so will trigger a connection restart if the hint listed in the Critical-CH HTTP response header could be (but wasn't) included in the HTTP request initially sent. This intent proposes adding readonly attribute DOMHighResTimeStamp criticalCHRestart; to the PerformanceNavigationTiming interface.

chromium117 Features:30

1. CSS overlay property

Introduce an overlay property to allow authors to keep elements in the top layer for an exit transition.

The overlay property is added to indicate if an element is in the top layer or not. It can take two values: 'none', 'auto'. User agent stylesheets add !important rules to control whether elements are rendered in the top layer or not, and not let author styles override. However, authors can add 'overlay' to the list of transition-properties for an element to defer the removal from the top layer for the duration of the transition. That way the author can do exit transitions for elements like dialogs:

transition-property: overlay

transition-duration: 0.4s

2. Storage Access API with Prompts

Provides a means for authenticated cross-site embeds to check their access to (unpartitioned) cookies and request access if they are blocked. Supports user prompts, and additionally includes user-agent-specific behaviors.

3. Warning on insecure downloads

To ensure users are aware of the risks of downloads delivered over an insecure connection, Chrome will display a bypassable warning for some downloads delivered over an insecure connection. Which downloads are warned about will depend on whether the user has enabled HTTPS-First Mode and whether the file type has a substantial risk of parsing vulnerabilities that can lead to code execution.

4. Array grouping

Adds news Object.groupBy(iterable, groupCallback) and Map.groupBy(iterable, groupCallback) to perform a grouping or bucketing operation. The Object method returns a plain object, where the groups are property keys. The Map method returns a Map, where the keys can be arbitrary values.

5. CSS @starting-style Rule

Allow authors to start CSS transitions on first style update

CSS transitions do not trigger transitions from initial styles on the first style update for an element, or when the display type changes from 'none' to some other type. That is done to avoid unexpected transitions from initial styles.

If the author wants to start a transition from the first style update, that can now be done by applying styles from within a @starting-style rule.

If there is no pre-existing style for an element, but there are selectors inside @starting-style rules that match the element, a style is computed with rules inside @starting-style matching, before the actual style is computed without @starting-style rules matching. Any differences in computed style for transitioned properties will trigger transitions between the styles with and without @starting-style rules applied.

Example which starts a background-color transition from green to lime on the first style update for a div:

div {

transition: background-color 0.5s;

background-color: lime;

}

@starting-style

div {

background-color: green;

}

}

6. CSS Subgrid

Implements the CSS Grid Layout Module Level 2 specification, which introduces the concept of a "subgrid" to nested grid containers.

7. CSS cap and rcap font units

'cap' is equal to the used cap-height of the first available font.

'rcap' is equal to the value of the cap unit on the root element.

8. CSS text-wrap: pretty

Adjusts line breaking to avoid a short single word on the last line (also known as typographic orphans.)

When text-wrap: pretty is specified, paragraphs that will end up with a short single word on the last line are adjusted so that the last line has two or more words. It also adjusts hyphenation if consecutive hyphenated lines appear at the end of a paragraph.

The algorithm is based on the Knuth-Plass algorithm, as used by TeX. It computes scores for all candidates, and chooses the best one. To balance between the typographic benefits and the performance impacts, it adjsuts the last 4 lines of paragraphs that meet certain conditions.

9. CSS transition-behavior property

The transition-behavior CSS property is a longhand of the transition property which allows discrete properties to be used in transitions. By specifying the "allow-discrete" value for transition-behavior, discrete properties will now start animations and flip from their initial value to their final value at 50%, except for transitions where display:none and content-visibility:hidden are one of the initial or final values, in which case the visible value will be used for the entire duration of the transition. More details here: https://drafts.csswg.org/css-transitions-2/#transition-behavior-property

10. Change beforeunload handler dialog condition

To comply with HTML standard, there are two new changes on how the cancel dialog gets prompted for beforeunload event.

1. If event.preventDefault() is called, prompt cancel dialog.

2. If event.returnValue is the empty string, do not prompt cancel dialog.

3. Clear Client Hints via Clear-Site-Data header

Websites will now be able to clear the client hints cache using Clear-Site-Data: "clientHints". Client hints will also now be cleared when "cookies", "cache", or "*" are targeted by the same header. This is because if the user clears cookies in the UI client hints are already cleared as well, the client hints cache is a cache, and to be consistent with wildcard targets respectively.

12. Clear-Site-Data header wildcard syntax

Websites will now be able to clear all storage targets ("cookies", "cache", and "storage") by sending Clear-Site-Data: "*". Note that Chrome does not support clearing "executionContexts" at the moment, but if we added it in the future any header targeting "*" would then clear them too.

13. Deprecate TLS SHA-1 server signatures

Chrome is removing support for signature algorithms using SHA-1 for server signatures during the TLS handshake. This does not affect SHA-1 support in server certificates, which was already removed, or in client certificates, which continues to be supported.

SHA-1 can be temporarily re-enabled via the temporary InsecureHashesInTLSHandshakesEnabled enterprise policy. This policy will be removed in Chrome 123.

14. Make CaptureController derive from the EventTarget interface

The CaptureController interface enables further manipulation of a screen capture session. In the future, it is expected that the events related to a capture session are dispatched on that controller. To be able to manage listeners for such events, the EventTarget methods are made available on CaptureController.

15. Per-frame quantizer in VideoEncoder

Adds "quantizer" VideoEncoderBitrateMode for VideoEncoder.

This allows to specify quantizer parameter for each frame for AV1, VP9, and AVC video codecs.

Explainer: https://gist.github.com/Djuffin/3722232679b977058be787be0dff4254

16. PerformanceResourceTiming deliveryType

Expose information about how a resource was delivered. For example, resources which were delivered from the cache (currently exposed through transferSize) and navigations which were prefetched by the previous page are useful to identify.

17. Port overflow check in URL setters

The port value will be checked when setting url.port.

All the values that overflows the 16-bit numeric limit will be no longer valid.

For instance the following script behave differently after the change:

u = new URL("http://test.com");
u.port = 65536;
console.log(u.port);

Before the change the output is 65536. After the change the output will be 80.

18. RFC 7616 Digest auth: Support SHA-256 and username hashing

This change adds SHA-256 and username hashing support to HTTP Digest authentication.

It brings Chrome to parity with Firefox that already supports SHA-256.

19. Removal of WebRTC getStats datachannelIdentifier -1

The WebRTC getStats API exposes a dataChannelIdentifier property

https://w3c.github.io/webrtc-stats/#dom-rtcdatachannelstats-datachannelidentifier

It will no longer provide the value "-1" in cases where statistics are queried before the datachannel connection is established. Instead, the dictionary member will be omitted. This follows the general pattern not to return meaningless information described in

https://w3c.github.io/webrtc-stats/#guidelines-for-implementing-stats-objects

20. Removal of WebRTC getStats encoderImplementation/decoderImplementation "unknown"

The WebRTC getStats API exposes the encoder and decoder implementation names for outbound and inbound video:

https://w3c.github.io/webrtc-stats/#dom-rtcoutboundrtpstreamstats-encoderimplementation

It will no longer provide the value "unknown" in cases where statistics are queried before a video frame was encoded or decoded. Instead, the dictionary member will be omitted. This follows the general pattern not to return meaningless information described in

https://w3c.github.io/webrtc-stats/#guidelines-for-implementing-stats-objects

21. URL Standard-compatible IPv4 embedded IPv6 host parser

The behavior of parsing IPv4 embedded IPv6 host parser will be updated to strictly follow the web URL standard: https://url.spec.whatwg.org/#concept-ipv6-parser

The introduced restrictions on the IPv6 address are:

• The embedded IPv4 address shall always consist of 4 parts. Addresses with less than 4 parts like http://[::1.2] will be no longer valid.

The feature is a part of the URL interop 2023.

22. URL: Allow "%00" as a valid URL path

Chrome currently considers a URL invalid if the URL's path part

contains "%00" (or null), which is not compliant with the URL Standard
1. For example, the following test fails in Chrome because new

URL(...) throws an Invalid URL exception.

assertEquals(new URL("http://example.com/").pathname, "/%00");

According to the URL Standard, any character or byte sequence in URL

path should not make the URL invalid.

Note: In other parts of URL, "%00" may still be considered invalid. For example,

new URL("http://example%00.com/");

throws an exception because "%00" is not a valid host codepoint.

• 1 https://url.spec.whatwg.org/

23. Web Serial support for Bluetooth RFCOMM services

Support Bluetooth RFCOMM services in the Web Serial API.

The Bluetooth RFCOMM (Radio frequency communication) protocol provides emulated RS-232 serial ports. This feature would enable applications to make connections to RFCOMM services on paired Bluetooth Classic devices using the Web Serial API.

24. WebHID in Extension Service Workers

Allows web developers to use the WebHID API in service worker contexts in extensions by exposing WebHID API to extension service workers.

25. WebRTC RTP header extension control

Extend the WebRTC RTCRtpTransceiver API to offer control over which RTP header extensions are negotiated.

26. WebUSB exclusionFilters option in requestDevice()

The "exclusionFilters" option in navigator.usb.requestDevice() allows web developers to exclude some devices from the browser picker. It can be used to exclude devices that match a broader filter but are unsupported.

27. contain-intrinsic-size: auto none support

This feature extends the existing contain-intrinsic-size syntax:

none | <length> | auto && <length>

to also include auto && none:

none | <length> | auto && <length> | auto && none

The reason for this change is the CSSWG resolution (https://github.com/w3c/csswg-drafts/issues/8407#issuecomment-1440466558) to add an interaction between content-visibility: auto and contain-intrinsic-size. Specifically, that the former adds an "auto" keyword to the latter. For this to work, the resolution includes a note to extend contain-intrinsic-size syntax for "auto" to work with all existing keywords, including "none".

28. CSS property -webkit-highlight

Remove the CSS property -webkit-highlight intended to highlight text, but never standardized. It has no visible effect in chromium (it is parsed but never used in rendering content). The property was removed from WebKit in 2014 (https://bugs.webkit.org/show_bug.cgi?id=128456), has been marked as deprecated on MDN, and has been replaced recently with the CSS Highlight Pseudo spec (https://www.w3.org/TR/css-pseudo-4/#highlight-pseudos).

29. TLS Encrypted Client Hello (ECH)

The TLS Encrypted ClientHello (ECH) extension enables clients to encrypt ClientHello messages, which are normally sent in cleartext, under a server's public key. This allows websites to opt-in to avoid leaking sensitive fields, like the server name, to the network by hosting a special HTTPS RR DNS record. (Earlier iterations of this extension were called Encrypted Server Name Indication, or ESNI.)

If your organization's infrastructure relies on the ability to inspect SNI, for example, filtering, logging, and so on, you should test it. You can enable the new behavior by navigating to chrome://flags and enabling the #encrypted-client-hello flag.

If you notice any incompatibilities, you can use the EncryptedClientHelloEnabled enterprise policy to disable support for ECH.

30. [WebRTC] Unship callback-based legacy getStats()

RTCPeerConnection has two versions of getStats(), one that is spec-compliant returning the report via resolving a promise, and one that is non-standard returning a very different report via a callback as the first argument. The callback-based one will soon be removed. Removal target: M117. A deprecation trial is available M113-M121 for apps that need more time. In the M114+ the method will throw an exception in Canary/Beta unless using the trial.

chromium118 Features:21

1. Scroll-Animations: view-timeline also sets view-timeline-inset

The view-timeline shorthand is now shorthand for view-timeline-name, view-timeline-axis, and view-timeline-inset. Previously, view-timeline-inset was not part of the shorthand.

2. WebUSB in Extension Service Workers

Allows web developers to use WebUSB API when responding to extension events by exposing WebUSB API to Service Workers registered by browser extensions. This API will not yet be exposed to Service Workers registered by sites but the implementation experience gained by supporting the API for extensions will be valuable for such a future project.

3. Zstd Content-Encoding

Zstandard, or "zstd", is a data compression mechanism described in RFC8878. It is a fast lossless compression algorithm, targeting real-time compression scenarios at zlib-level and better compression ratios. The "zstd" token was added as an IANA-registered Content-Encoding token as per https://datatracker.ietf.org/doc/html/rfc8878#name-content-encoding.

Adding support for "zstd" as a Content-Encoding will help load pages faster and use less bandwidth, and spend less time and CPU/power on compression on our servers, resulting in reduced server costs.

4. @scope

Allows authors to scope style rules to a given scoping root, and style elements according to the proximity of that scoping root.

5. Block all cookies set via JavaScript that contain control characters

Updates how control characters in cookies set via JavaScript are handled. Specifically, all control characters cause the entire cookie to be rejected (previously a NULL character, a carriage return character, or a line feed character in a cookie line caused it to be truncated instead of rejected entirely, which could have enabled malicious behavior in certain circumstances). This behavior aligns Chrome with the behavior indicated by the latest drafts of RFC6265bis.

This change can be disabled using the --disable-features=BlockTruncatedCookies or the BlockTruncatedCookies enterprise policy, which will exist for several milestones in case this change causes any breakage.

6. CSS logical flow-relative values

Add these new values to existing CSS properties: 'float: inline-start', 'float: inline-end', 'clear: inline-start', 'clear: inline-end', 'resize: block', 'resize: inline'.

These flow-relative directional keywords resolve to a physical value depending on the writing mode or direction of the element or its containing block.

7. Consistent minimum font size across languages

Changes the default setting for the "Minimum font size" of the 7 languages (Arabic, Farsi, Japanese, Korean, Thai, Simplified and Traditional Chinese) to be off by default to improve the interoperability and the accessibility.

Before this change, this setting is off by default for all languages except the 7 languages. This change makes these languages consistent with other languages.

Note, this is not about changing the "Minimum font size" feature itself. It will be available without any changes for the accessibility and for readability.

8. Detect UA Transitions on same-document Navigations

Smooth visual transitions as users navigate on the web can lower cognitive load by helping users stay in context. However, the user experience is bad if both the site author and the UA add these transitions: the transitions may conflict and cause confusion for the user. This API avoids such cases to ensure only one visual transition is executed at a time.

The API adds a boolean on PopStateEvent and NavigateEvent to indicate whether the UA has executed a visual transition for this navigation. Authors can use this to skip their custom transition.

9. Form Controls Support Vertical Writing Mode

CSS property writing-mode should be enabled for form controls elements as it will allow lines of text to be laid out horizontally or vertically and it sets the direction in which blocks progress.

With this feature, we are allowing the form control elements select, meter, progress, button, textarea and input to have vertical-rl or vertical-lr writing mode. As needed for Web compatibility, we will slowly rollout the change for a number of form controls in 118 and continue in future milestones.

• --enable-features= FormControlsVerticalWritingModeSupport
• --enable-features= FormControlsVerticalWritingModeTextSupport

10. HTML search element

The <search> element applies a "search" role for accessibility. It is basically the same as <div role=search>.

From the HTML spec:

The search element represents a part of a document or application that contains a set of form controls or other content related to performing a search or filtering operation. This could be a search of the web site or application; a way of searching or filtering search results on the current web page; or a global or Internet-wide search function.

11. HTTP/3 protocol upgrade for HTTPS DNS records with h3 alpn parameter

HTTPS DNS resource records can provide information about supported protocols such as HTTP/3 with "alpn" parameter. If Chrome receives a HTTPS DNS record indicating HTTP/3 support, Chrome will connect to the server using the HTTP/3 protocol.

12. Horizontal rules inside select elements

This feature makes the HTML parser allow <hr> tags inside <select> tags. These <hr> elements create horizontal borders in between <option> elements in the listbox popup.

13. Make URL parser to not decode percent-encoded ASCII characters in URL's path

Make URL parser to not decode percent-encoded ASCII characters in URL's path, such as "%41" ('A').

Before this change:

const url = new URL("http://example.com/A");

url.href

"http://example.com/A"

After this change:

const url = new URL("http://example.com/A");

url.href

"http://example.com/A"

14. Media Queries: prefers-reduced-transparency feature

Adds the prefers-reduced-transparency feature, which lets authors adapt web content to user-selected preference for reduced transparency in the OS, such as the 'Reduce transparency' setting on macOS.

Valid options are 'reduce' or 'no-preference'.

15. Remove Payment Request User Activation Requirement

To help developers reduce friction in Payment Request flows, we are removing the user activation requirement. Spam and clickjacking mitigations are put in place to mitigate security and privacy risks with this change.

16. Remove Secure Payment Confirmation user activation requirement

To help developers reduce friction in Secure Payment Confirmation flows, we are removing the user activation requirement. Spam and clickjacking mitigations are put in place to mitigate security and privacy risks with this change.

17. Remove non-standard appearance keywords

Since only standard appearance keywords should be supported, we are removing the appearance (and -webkit-appearance) keywords that shouldn't be supported anymore:

• inner-spin-button
• media-slider
• media-sliderthumb
• media-volume-slider
• media-volume-sliderthumb
• push-button
• searchfield-cancel-button
• slider-horizontal
• sliderthumb-horizontal
• sliderthumb-vertical
• square-button

Note that value "slider-vertical" will not be removed as part of this

patch it is used for allowing <input type=range> vertical. It will be

removed once feature FormControlsVerticalWritingModeSupport is enabled in stable.

With the feature enabled, if using any of the above keywords, a console warning will be shown, but the keyword will be recognized as a valid value.

With the feature disabled, the appearance property will be ignored.

As needed for Web compatibility, we will progressively remove the

appearance keywords based on their usage:

• --disable-features=NonStandardAppearanceValuesLowUsage
• --disable-features=NonStandardAppearanceValuesHighUsage

For release 118, we will disable the low usage values, currently at page load usage below 0.001%.

• media-slider at 0.000361
• media-sliderthumb at 0.000187%
• media-volume-slider at 0.000143%
• media-volume-sliderthumb at 0.000109%
• sliderthumb-horizontal at 0.000182%
• sliderthumb-vertical at 0.000014%

18. Remove quirks mode behavior for option label attribute

Option elements support a "label" attribute which will cause the option to render with the text inside the attribute rather than the child text of the option element itself. This functionality is disabled in quirks mode, where the label attribute is ignored and the child text is always rendered.

This change will always use the label attribute in both standards mode and quirks mode.

19. Support stroke-box, content-box and border-box in the transform-box CSS property

Allows changing how the reference box for the 'transform' property is computed. This adds additional capabilities that will allow creating transforms/graphical effects where - for example - the width of the border of an element does not influence the result (e.g rotation around a point in the content box) or the stroke of an (SVG) element should influence the result (e.g rotating a stroked shape around its center - including the stroke).

20. XML documents merge consecutive CDATA sections into single node

This change causes sibling CDATA section nodes in an XML document to be merged into a single CDATA node.

This is to mitigate a bug in libxml: when a single CDATA section spans multiple input parser chunks, libxml buffers and emits the CDATA input into 300 byte runs. This unexpectedly causes a single CDATA section to be outputted into multiple DOM nodes (if the length of the input chunk is > 300 bytes).

This change updates the parser to always merge adjacent CDATA nodes. This addresses the libxml bug but will also affect explicitly authored CDATA sections in the same way. For example: <![CDATA[foo]]><!CDATA[bar]]> will result in a single CDATA DOM node with content "foobar".

For more details, see https://crrev.com/f848cbce89b422 .

21. Back/forward cache NotRestoredReason API

NotRestoredReason API will report the list of reasons why a page is not served from BFcache in a frame tree structure, via PerformanceNavigationTiming API.

chromium119 Features:20

1. Keyboard-focusable scroll containers

Improves accessibility by making scroll containers focusable using sequential focus navigation. Today, the tab key doesn't focus scrollers unless tabIndex is explicitly set to 0 or more.

By making scrollers focusable by default, users who can't (or don't want to) use a mouse will be able to focus clipped content using a keyboard's tab and arrow keys. This behavior is enabled only if the scroller does not contain any keyboard focusable children. This logic is necessary so we don't cause regressions for existing focusable elements that might exist within a scroller like a <textarea>.

2. Payment handler minimal header UX

This is a refresh of the browser UI associated with the Payment Handler API. Although there are no changes to the API surface with this feature, we'd like to run an origin trial starting in M112 to give payment handler providers a chance to experiment with the new UI ahead of the launch.

3. Promise.withResolvers

Promise.withResolvers is a static method that returns a new Promise along with its resolver functions, i.e. const { promise, resolve, reject } = Promise.withResolvers().

This is a standard version of a common helper function found in many JS libraries. Historically, some may know it as defer or deferred.

4. :user-valid and :user-invalid CSS pseudo-classes

The :user-invalid and the :user-valid pseudo-classes represent an element with incorrect or correct input, respectively, but only after the user has significantly interacted with it. This is similar to :valid and :invalid, but with the added constraint that these pseudo-classes only match after the user has interacted with the element.

5. CSS Relative Color Syntax (RCS)

The relative color syntax allows developers to define colors by modifying the parameters of other colors. For example:

oklab(from magenta calc(l * 0.8) a b);

Will result in an oklab magenta that is 80% as light.

https://www.w3.org/TR/css-color-5/#relative-colors

6. CaptureStartFocusBehavior enum value "focus-capturing-application"

The Screen Capture API lets the user select a tab, window, or screen to capture as a media stream. Using the existing CaptureController setFocusBehavior() method, web apps control whether the captured tab or window will be focused when capture starts, or whether the browser will leave focus with whichever surface last had focus.

The new enum value "focus-capturing-application" allows web apps to give a hint to the browser that the capturing page prefers to remain focused. The old value "no-focus-switch" now indicates that the application prefers that the user agent not change focus, leaving focus with whichever surface last had focus following the user's interaction with the user agent and/or operating system. In Chrome's current implementation, this means leaving the capturing application focused. In the future, if Chrome adopts the macOS picker, it could behave differently on Mac. This behavior could prove useful for a11y-conscious applications that prefer to minimize the number of focus-changes a user experiences, as those can be challenging for users with screen-readers.

7. Clip-path geometry-box values

Clip-path supports <geometry-box> values to control the clip's reference box, making clip-path easier to use. These box values can be used alongside basic shapes (for example, clip-path: circle(50%) margin-box), or they can be used alone to clip to the specified box (for example, clip-path: content-box).

8. Clip-path xywh() and rect() values

Support the xywh() and rect() values on clip-path, which make it easier to specify rectangular or rounded-rectangular clips.

9. DisplayMediaStreamOptions monitorTypeSurfaces

When getDisplayMedia() is called, the browser offers the user a choice of display surfaces: tabs, windows, or monitors. Using the monitorTypeSurfaces option, the web application may now hint to the browser if it prefers to include display surfaces whose type is monitor among the choices offered to the user.

10. Fenced Frames M119 functionality updates

1. Additional format option for Protected Audience ad size macros
   In the Protected Audience API within the Privacy Sandbox, there is an opt-in feature that allows you to macro the size of the ad that wins the auction into the ad's url, like:

https://ad.com?width={�_WIDTH%}\&height={�_HEIGHT%}

(See https://github.com/WICG/turtledove/pull/417 for more details.)

To be more consistent with other types of macros in Protected Audience, like those used by deprecatedReplaceInURN and registerAdMacro, in M119 we're adding the ability to use ${AD_WIDTH} and ${AD_HEIGHT} as the format for the macros in addition to the current format.

2. Automatic beacons will now send to all registered URLs.

Previously, only destinations specified when calling setReportEventDataForAutomaticBeacons() receive automatic beacons, even if that destination called registerAdBeacon() for "reserved.top_navigation" in their worklet. Now, any destination that called registerAdBeacon() for "reserved.top_navigation" will get an automatic beacon, but only destinations specified in setReportEventDataForAutomaticBeacons() will get automatic beacon data along with the beacon.

The "once" parameter in setReportEventDataForAutomaticBeacons() will now determine whether the data is sent out once, rather than determine if the entire beacon is sent once.

11. Read Chrome device attributes

Device Attributes Web API is a subset of Managed Device Web API, that provides web applications the capability to query device information (device ID, serial number, location, etc).

12. Remove Authorization header upon cross-origin redirect

The Fetch standard has updated to remove Authorization header on cross origin redirects. Chrome should follow the spec change.

13. Replace dangling markup in target name to _blank

This change replaces the navigable target name (which is usually set by target attribute) to _blank, if it contains a dangling markup (i.e. \n and <).

Which fixes a bypass in the dangling markup injection mitigation.

14. Sec-CH-Prefers-Reduced-Transparency User Preference Media Features Client Hints Header

User Preference Media Features Client Hints Header defines a set of HTTP Client Hints headers around user preference media features as defined by Media Queries Level 5. If used as Critical Client Hints, these headers allow servers to make smart choices regarding, e.g., CSS inlining.

Sec-CH-Prefers-Reduced-Transparency reflects the user's prefers-reduced-transparency preference.

15. Standard compliant URL host punctuation characters

Make Chrome's handling of URL host punctuation characters

standard compliant.

Examples:

Before:

const url = new URL("http://exa(mple.com"😉;

url.href

'http://exa%28mple.com/'

'(' is a forbidden character, however, Chrome permits it wrongly.

After:

const url = new URL("http://exa(mple.com"😉;

=> throws TypeError: Invalid URL.

Before:

const url = new URL("http://exa!mple.com"😉;

url.href

"http://exa%2Ample.com";

'!' is permitted, but escaping punctuation characters is non-compliant.

After:

const url = new URL("http://exa!mple.com"😉;

url.href

"http://exa!mple.com";

Here is a the summary of changes in M119:

Notation:

• 'ESC': Allowed, but Chrome escapes it, which is non-compliant.
• '-': Allowed.
• '0': Forbidden. URL will be invalid if the host contains a forbidden
  character.

Warning: SPACE and ASTERISK is still non-compliant.

| | Before | After | Standard |

|-----±-------±------±---------|

| SPC | ESC | ESC | 0 |

| ! | ESC | - | - |

| " | ESC | - | - |

| # | ESC | 0 | 0 |

| $ | ESC | - | - |

| & | ESC | - | - |

| ' | ESC | - | - |

| ( | ESC | - | - |

| ) | ESC | - | - |

| * | ESC | ESC | - |

| + | - | - | - |

| , | ESC | - | - |

| - | - |

16. User-Agent Client Hints on Android WebView

User-Agent client hints aims to reduce the gaps between Android and Android WebView because Android already supported User-Agent Client hints starting from M89. It also intends to deprecate and replace the User-Agent header in order to reduce the passive fingerprinting surface we expose via HTTP requests. Here we only propagate User-Agent client hints for the major user case, which is that the final custom User-Agent contains WebView default User-Agent.

17. WebCodecs AudioEncoder bitrateMode

Some audio codecs support specifying the audio encoder bitrate modes. This feature adds a "bitrateMode" flag with a default value of "variable" to WebCodec's AudioEncoderConfig, which mirrors the config option and default already present for VideoEncoderConfig.

This flag will allow web authors to choose between encoding audio with a variable bitrate or a constant bitrate. Specific codec encoder implementations might have slightly different terminology (e.g. CBR vs VBR for Opus), but all of them should map to the general concept of "constant" versus "variable" bitrate.

The two options have the following effects:

"variable": allows an audio encoder to increase or lower its bitrate according to the content of the audio it is encoding, in order to preserve bandwidth/binary-size, while still maintaining a target quality. For example, an encoder might lower its bitrate when encoding silence, and revert to a full bitrate when encoding speech.

"constant" : forces an audio encoder to maintain the same bitrate, regardless of the audio content. This can be useful when a predictable bandwidth consumption is preferable.

As of M119, this flag will affect two codecs on Chromium: Opus and AAC.

18. WebRTC Codec Selection API

This new API extends WebRTC encoding parameters to allow developers to choose a specific negotiated codec to be used for encoding an RTP stream.

19. Deprecate non-standard shadowroot attribute for declarative shadow DOM

The standards-track shadowrootmode attribute, which enables declarative Shadow DOM, was shipped in Chrome 111 1. The older, non-standard shadowroot attribute is now deprecated. During the deprecation period, both attributes are functional, however the shadowroot attribute does not enable the new streaming behavior, whereas shadowrootmode allows streaming of content. There is a straightforward migration path: replace shadowroot with shadowrootmode.

The old shadowroot attribute is deprecated as of Chrome M112, and it will be removed (no longer supported) in Chrome M119, which goes to Stable on November 1, 2023.

1 https://chromestatus.com/feature/5161240576393216

20. Deprecate and Remove WebSQL

The Web SQL Database standard was first proposed in April 2009 and abandoned in November 2010. Gecko never implemented this feature and WebKit deprecated this feature in 2019. The W3C encouraged those needing web databases to adopt Web Storage or Indexed Database.

Ever since its release, it has made it incredibly difficult to keep our users secure. SQLite was not initially designed to run malicious SQL statements, and yet with WebsQL we have to do exactly this. Having to react to a flow of stability and security issues is an unpredictable cost to the storage team. With SQLite over WASM as its official replacement, we want to remove WebSQL entirely.