ep117 Monthly Platform 202303
- published_at
- 2023-03-30
- guest
- @myakura
- toc
-
headings
Theme
第 117 回のテーマは 2023 年 3 月の Monthly Platform です。
Show Note
Chrome 動向
Stable:111
Updates
-
New in Chrome 111
- https://developer.chrome.com/en/blog/new-in-chrome-111/
- View Transitions API.
- CSS Color Level 4.
- New color devtools.
-
Chrome 112 beta
- https://developer.chrome.com/en/blog/chrome-112-beta/
-
CSS
- CSS Nesting
- CSS animation-composition property
-
Web APIs
- "Reload this page" infobar no longer shown if top-level frame is observing permission changes
- Add optional submitter parameter to the FormData constructor
- RegExp
vflag with set notation and properties of strings - Updated
<dialog>initial focus algorithm - WebAssembly tail call
- WebGLContextEvent on Web Workers
- Skip service worker no-op fetch handler
- Accept-encoding: br (Brotli) on HTTPS connection in WebView
-
Origin trials in progress
- FedCM: Auto re-authentication API
-
Deprecation trial
- X-Requested-With in WebView Deprecation
-
Deprecations and removals
- Deprecate the document.domain setter
- Remove stats objects track and stream from the getStats() method of RTCPeerConnection
-
What's New in DevTools (Chrome 112)
- https://developer.chrome.com/en/blog/new-in-devtools-112/
-
Recorder updates
- Replay extensions support
- Record with pierce selectors
- Export as a Puppeteer script with Lighthouse analysis
- Get extensions
-
Elements > Styles updates
- CSS documentation
- CSS nesting support
- Marking logpoints and conditional breakpoints in the Console
- Ignore irrelevant scripts during debugging
- JavaScript Profiler deprecation started
- Emulate reduced contrast
- Lighthouse 10
- A Console warning to remove your no-op service worker fetch handler
- Miscellaneous highlights
Intents
- Ship: CSS :lang pseudo class level 4
- Ship: Display and content-visibility animations
-
Ship: First-party sets
- https://groups.google.com/a/chromium.org/g/blink-dev/c/7_6JDIfE1as
- 異なるサイトを同一 Party として宣言する API
- 最初の提案からはだいぶ変わっている
- Storage Access API と requestStorageAccessFor API で利用
- Ship: Storage Access API (within First-Party Sets)
- Ship: requestStorageAccessFor (for First-Party Sets)
-
Ship: Forbidden and escaped host characters compliant with the URL standard
- https://groups.google.com/a/chromium.org/g/blink-dev/c/ZkeDSeuBx0Q
- URL の仕様に合わせるため、 Host で利用できる文字の制限が修正
- % エンコードされる文字も修正
-
Ship: Private State Tokens API
- https://groups.google.com/a/chromium.org/g/blink-dev/c/vKCYxKqw8k0
- 旧 Trust Token だったもの
- Privacy Pass の Web 実装として、適切な名前に変わった
- Ship: Removal of X-Requested-With in WebView
-
Ship: Skip service worker no-op fetch handler
- https://groups.google.com/a/chromium.org/g/blink-dev/c/tEFS0BH8UmE
- PWA にするために SW を提供するがハンドラは何もしない実装がある
- onfetch に登録された
() => {}のようなハンドラを no-op handler と呼ぶ - その場合は SW の起動をスキップして起動を高速化する
- Ship: Speculation rules: Content Security Policy extension
- Ship: The Popover API
- Ship: Transitions on specified discrete properties
- Ship: WebAssembly Relaxed SIMD
- Ship: WebAssembly extended-const Proposal
- Prototype and Ship: Expanded Wildcards in Permissions Policy Origins
- Implement and Ship: WebAssembly Relaxed SIMD
- Prototype: CSS font-palette property animation
- Prototype: CSS inline leading-trim
- Prototype: CapturedMouseEvent
-
Prototype: Compression dictionary transport with Shared Brotli
- https://groups.google.com/a/chromium.org/g/blink-dev/c/-qYpLo9DTjw
- brotli の辞書をコンテンツに基づいて生成し、圧縮率をあげる
- レスポンスを元に br の辞書を作り次の圧縮に使う delta compression
- あらかじめ生成した辞書を link で伝える shared dictionary
- Prototype: Delayed clipboard rendering
- Prototype: Navigation API: NavigateEvent delayed commit capability
- Prototype: XRPose Motion APIs
-
Prototype: popover=hint
- https://groups.google.com/a/chromium.org/g/blink-dev/c/n_FPQNFt_9k
- auto/manual に加えた三つ目の popover タイプ
- 一度に開ける hint は一つなどの制約がある
- tooltip などに使う
- Extend Deprecation Trial: Restrict "private network requests" for subresources from public websites to secure contexts.
- Fwd: Intent to Prototype: XRSession frame rate APIs
- Experiment: Keep strong references to resources in Blink memory cache
- Change:
- Unship:
- BlinkOn 18 timing & location
- [Call for feedback] Proposal to gradually skip unload events: already unreliable, top back/forward cache blocker, better alternatives available!
- deprecate forwarding of mdoc-scheme URLs as Android Intents
V8
Other
-
web.dev
- 6 CSS snippets every front-end developer should know in 2023
- Trigonometric functions in CSS
-
google developer blog
- Let's go. It's Google I/O 2023
-
google developer japan blog
- Google Developers Japan: Google Ads API v11 の提供終了に関するお知らせ
- Google Developers Japan: Google Ads API の画像と住所の自動移行について
- Google Developers Japan: Google Ads API v13 のお知らせ
- Google Developers Japan: Google 広告の検索、ショッピング、ディスプレイ、 P-MAX キャンペーンの地域ターゲティングの変更について
-
chrome developer blog
- SPA view transitions land in Chrome 111 - Chrome Developers
- A new home for the Project Fugu API Showcase - Chrome Developers
- Participate in deprecation trial for unpartitioned third-party storage, Service Workers, and Communication APIs - Chrome Developers
- FedCM updates: Origin trial for auto-reauthentication - Chrome Developers
- Improving user privacy by requiring opt-in to send X-Requested-With header from WebView - Chrome Developers
- Partnering with Fastly-Oblivious HTTP relay for FLEDGE's 𝑘-anonymity server - Chrome Developers
- From Web SQL to SQLite Wasm: the database migration guide - Chrome Developers
- chromium blog
- canary
-
search central
- 2022 年の検索セントラル コミュニティ
- Blending Search Console and internal data inside Looker Studio
- v8
Firefox 動向
Stable: 111.0
Updates
-
Firefox 111 for developers - Mozilla | MDN
-
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/111
autocapitalizeattributetranslateattribute- Origin Private File System
- FormData
submitter
-
https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/111
- Firefox 111.0, See All New Features, Updates and Fixes
Intents
- Ship: Compatible join and split node direction in HTML editor
- Ship: change-array-by-copy
- Ship: inert attribute
- Prototype and ship: :nth-child(An+B of <selector list>)
- Prototype and ship: Additional CSS Color (level 4) functions
- Prototype: Async clipboard API improvement for read()/readText() and write()
- Prototype: prefers-reduced-transparency media query
- Prototype: CSS Custom Highlight API
- Change:
- Remove:
Other
- Firefox Android's new privacy feature, Total Cookie Protection, stops companies from keeping tabs on your moves
- Expanding Mozilla's boards in 2023
- Ad blocker roundup: 6 ad blockers to improve your internet experience
- Email protection just got easier in Firefox
- Mozilla Launches Responsible AI Challenge
- Introducing Mozilla.ai: Investing in trustworthy AI
- Mozilla Launches Responsible AI Challenge - Mozilla Hacks - the Web developer blog
- Surf with more Perf(ormance) - These Weeks in Firefox: Issue 133 - Firefox Nightly News
Safari 動向
Stable: 16.3
Updates
-
Release Notes for Safari Technology Preview 165
- https://webkit.org/blog/13932/release-notes-for-safari-technology-preview-165/
- Added support for
text-transform: full-size-kana(260307@main) - Added support for
xunits incalc()function (260678@main) - Added support to
image-set()for resolution and type as optional arguments (260796@main) - Added support for RegExp Duplicate Named Capture Groups (260692@main)
- Added
Headers.prototype.getSetCookie. (260533@main) - Added support for
link rel=modulepreload(260761@main, 260709@main, 260659@main)
-
Release Notes for Safari Technology Preview 166
- https://webkit.org/blog/13964/release-notes-for-safari-technology-preview-166/
- Enabled
@counter-styleby default (261182@main, 260912@main, 261135@main) - Enabled CSS
contain-intrinsic-sizeby default (261185@main) - Implemented
text-transform: full-width(261211@main) - Implemented RegExp
vflag with set notation and properties of strings (261188@main) - Enabled the
popoverattribute (261193@main) - Implemented
[popover=auto]and light dismiss behavior (261093@main) - Added support for
preconnectvia HTTP early hints (261079@main) - Added Cancel, Unknown, and Clear keycodes (261008@main)
- Added selection API that works across shadow boundaries (261021@main)
- Added support for
largeBlobextension for the local authenticator (260958@main) - Adjusted text input
scrollWidthandscrollHeightto include padding and any whitespace added by decorations (261121@main)
- Enabling the Inspection of Web Content in Apps
####
Other
- Issues · WebKit/standards-positions
Edge 動向
Stable:
Updates
Chakra
Other
- Attack Techniques: Open Redirectors, CAPTCHAs, Site Proxies, and IPFS, oh my - text/plain
- Improving Native Message Host Reliability on Windows - text/plain
- Going Electric - Solar - text/plain
- Attack Techniques: Spoofing via UserInfo - text/plain
- How Microsoft Edge Updates - text/plain
- Taking control of your application's title bar
- Video super resolution in Microsoft Edge
WHATWG/W3C 動向
Draft
- Recommendation
- Proposed Recommendation
- Candidate Recommendation
- Working Draft
-
First Public Working Draft
- First Public Working Draft: CSS Animations Level 2
- Chartering
- Declarative Dynamic Extensions to HTML Community Group Proposed
- CV 3.0 - Global Resume Community Group created
- Data-Centric Digital Rights (DCDR) Framework Community Group Proposed
- Proposed W3C Charter: Web Machine Learning Working Group
- Data-Centric Digital Rights (DCDR) Framework Community Group created
- Advance notice: Work in progress on Publishing Maintenance Working Group Charter
- Autonomous Agents on the Web Community Group created
- Working Group Note: EPUB Type to ARIA Role Authoring Guide 1.1
Other
-
popover attribute may not be web compatible · Issue #9042 · whatwg/html
-
https://github.com/whatwg/html/issues/9042
- WebKit が Popover API を試験実装したところ、サイトが壊れたと報告があった
popover属性の UA スタイルシートにdisplay: noneが追加されたため
-
https://github.com/whatwg/html/issues/9042
-
Add the
<search>element · whatwg/html@c598ff0-
https://github.com/whatwg/html/commit/c598ff023f081dd3f03b2e43177a632fb7dc92ec
role="search"に対応する新しい HTML 要素が追加された
-
https://github.com/whatwg/html/commit/c598ff023f081dd3f03b2e43177a632fb7dc92ec
-
Workshop overview - W3C Workshop Secure the Web Forward
-
https://www.w3.org/2023/03/secure-the-web-forward/
- 2023 年 6 月 7 日/8 日開催
-
https://www.w3.org/2023/03/secure-the-web-forward/
- Upcoming W3C Workshop: Secure the Web Forward
- W3C welcomes feedback on the beta of its new website
-
Add
URL.canParse()by annevk · Pull Request #763 · whatwg/url
IETF 動向
WG
- IETF
- httpwg
- quicwg
- webtrans
- tlswg
- wpack
- masque
- pearg
- privacypass
- dispatch
- secdispatch
Other
TC39 動向
- Meeting のある月はステージの移動のみ見る
- 翌月に公開された Note だけを見る
Meeting
Proposals Diff
New Proposals
Other
WinterCG 動向
- Meeting や大きな動きがあった月だけやる
Meeting
-
2023-03-09 Meeting
- https://github.com/wintercg/admin/issues/49
-
Discussed: Server Functions Next steps
- No updates
-
Discussed: AsyncContext
- Spec definition is available at https://tc39.es/proposal-async-context/
-
Discussed: GetSetCookie status
- Implemented in WebKit and Intent to ship in Chromium.
-
Needs Review:
- Common-minimum API subset in the ShadowRealm:
- Explore relationship with ShadowRealms,
[Exposed=*]proposal-common-minimum-api#21 - CM-API should be a superset of the APIs exposed in the ShadowRealm
-
Fetch:
- Relax forbidden header restrictions for non-browser runtimes: Relax forbidden header restrictions for non-browser runtimes fetch#19
- @andreubotella: preview of blog post
CDN 動向
Cloudflare
- 無料であるべきポスト量子暗号を永久に無料で提供します
- Mutual TLS now available for Workers
- The White House's National Cybersecurity Strategy asks the private sector to step up to fight cyber attacks. Cloudflare is ready
- Security Week 2023 へようこそ
- 最もフィッシング攻撃されやすいブランド上位 50 件と、フィッシングから社員を守るために使える新しいツール
- The state of application security in 2023
- Cloudflare Fraud Detection の発表
- Analyze any URL safely using the Cloudflare Radar URL Scanner
- Protect your key server with Keyless SSL and Cloudflare Tunnel integration
- No, AI did not break post-quantum cryptography
- Security Week 2023 で見逃したかもしれない内容のまとめご用意しました
- The quantum state of a TCP port
- Out now! Auto-renew TLS certificates with DCV Delegation
Fastly
- ネット上のプライバシーを強化する Oblivious HTTP | Fastly
Other
- DDoS Attacks in 2022: Targeting Everything Online, All at Once | Akamai
- Akamai Mitigates Record DDoS Attack in Asia-Pacific (900 Gbps) | Akamai
- Attack Superhighway: A Deep Dive on Malicious DNS Traffic | Akamai
- What Proposed New Changes in the OWASP API Security Top 10 Mean for You | Akamai
セキュリティ動向
周辺動向
-
Intent To Ship on Twitter: "The admin of this account has been permanently suspended from Twitter"
- https://twitter.com/intenttoship/status/1636087416959258625
- ブラウザの Intent to Ship をウォッチするボットを作っている人のアカウントがサスペンドされた
- Be a Part of Web Engines HackFest 2023 | Igalia
- The Igalia 2023 Coding Experience Program | Igalia
イベント
-
3 月
- 25-31: IETF116 Yokohama
- 4 月
-
5 月
- 10: Google I/O
- 25: SecWeb
-
6 月
- 7-8: W3C Workshop Secure the Web Forward
Wrap Up
-
Chrome
-
111
- View Transitions API
- CSS Color Level 4
-
112 Beta
- CSS Nesting
- FormData
submitter - RegExp
vflag - Skip SW noop fetch handler
-
Ship
- First-party Sets
- Storage Access API
- requestStorageAccessFor
- Private State Tokens
- Skip service worker no-op fetch handler
- Popover
-
Prototype
- CSS leding-trim
- Compression dictionary transport with Shared Brotli
popover="hint"
-
other intents
- gradually skip unload events
-
Google Developer Blog
- I/O 2023
-
Chrome Developers
- SPA View Transitions
- OHTTP relay for FLEDGE with Fastly
- Web SQL to SQLite Wasm
-
111
-
Firefox
-
111
- OPFS
- FormData
submitter
-
Ship
- Change array by copy
- inert
:nth-child( of S)- CSS Color Level 4
-
Prototype
- Async Clipboard API read/write/readText
- prefers-reduced-transparency
- CSS Custom Highlight API
-
other
- Mozilla.ai
-
111
-
Safari
-
TP 165
text-transform: full-size-kana- CSS
image-set() Headers.getSetCookie()link rel="modulepreload"
-
TP 166
- CSS
@counter-style contain-intrinsic-size- Popover
preconnectvia Early Hints
- CSS
-
TP 165
-
Edge
- How Microsoft Edge Updates - text/plain
- Taking control of your application's title bar
- Video super resolution in Microsoft Edge
-
W3C/WHATWG
- Spec
-
other
- popover 属性で壊れるサイト発覚
<search>element 追加- Secure the Web Forward workshop 開催告知
- URL.canParse()
- IETF
- TC39
-
WinterCG
- AsyncContext の Proposal が tc39 に
- GetSetCookies が Webkit/Chromium に
-
CDN 動向
- Cloudflare: ポスト量子暗号を永久無料提供
- Cloudflare: Security Week 20223
- Cloudflare: TLS の Domain Control Validation を肩代わりする機能
- Fastly: OHTTP と Fledge のブログ
- セキュリティ動向
-
周辺動向
- Intent2Ship bot の中の人が twitter 垢 BAN された