ep129 Monthly Platform 202308
- published_at
- 2023-09-03
- guest
- @myakura
- toc
-
headings
Theme
第 129 回のテーマは 2023 年 8 月の Monthly Platform です。
Show Note
Chrome 動向
Stable: 116
Updates
-
New in Chrome 116
- https://developer.chrome.com/en/blog/new-in-chrome-116/
- Document Picture-in-Picture API.
- DevTools missing stylesheets debugging improvements.
- Motion path allows authors to position any graphical object and animate it along a path specified by the developer.
- The display and content-visibility properties are now supported in keyframe animations, which allows exit animations to be added purely in CSS.
- The fetch API can now be used with Bring Your Own Buffer readers, reducing garbage collection overhead and copies, and improving responsiveness for users.
-
Chrome 117 beta
- https://developer.chrome.com/en/blog/chrome-117-beta/
-
CSS
- The @starting-style rule
- The overlay property
- CSS transition-behavior property
- The CSS grid subgrid value
- CSS text-wrap: pretty
- contain-intrinsic-size: auto none support
-
Web APIs
- Array grouping
- Clear Client Hints via Clear-Site-Data header
- Clear-Site-Data header wildcard syntax
- customElements.getName
- Iterator helpers
- Make CaptureController derive from the EventTarget interface
- PerformanceResourceTiming deliveryType
- Port overflow check in URL setters
- Private State Token API
- URL Standard-compatible IPv4 embedded IPv6 host parser
- URL: Allow "%00" as a valid URL path
- WebRTC RTP header extension control
- Per frame quantizer in VideoEncoder
- WebUSB exclusionFilters option in requestDevice()
-
Origin trials in progress
- Compression dictionary transport with Shared Brotli
- WebSQL deprecation trial
- Tabbed web apps
-
Deprecations and removals
- Deprecate the unload event
- Deprecate TLS SHA-1 server signatures
- [WebRTC] Unship callback-based legacy getStats()
- Removal of the -1 value for WebRTC getStats datachannelIdentifier
- Removal of WebRTC getStats encoderImplementation and decoderImplementation "unknown"
- CSS property -webkit-highlight
- What's New in DevTools (Chrome 117)
-
Network panel improvements
- Override web content locally even faster
- Override the content of XHR and fetch requests
- Hide Chrome extension requests
- Human-readable HTTP status codes
- Pretty-print responses for JSON subtypes
- Performance: See the changes in fetch priority for network events
- Sources settings enabled by default: Code folding and automatic file reveal
- Improved debugging of third-party cookie issues
- Debug preloading in the Application panel
- New colors
- Lighthouse 10.4.0
- The C/C++ WebAssembly debugging extension for DevTools is now open source
- Miscellaneous highlights
-
New experimental features
- New rendering emulation: prefers-reduced-transparency
- Enhanced Protocol monitor
Intents
- Ship: Attribution Reporting features (lookback windows, flex-lite)
- Ship: CSS cap and rcap font units
- Ship: CSS logical flow relative values
- Ship: Clear BFCache during browsing data removal
- Ship: Consistent minimum font size across languages
- Ship: Form Controls Support Vertical Writing Mode
- Ship: Storage Access API with Prompts
- Ship: Detect UA Transitions on same-document Navigations
- Ship: HTML search element
- Ship: Baselines in New TextMetrics API in Canvas
- Ship: Bounce Tracking Mitigations
- Ship: :user-valid and :user-invalid CSS pseudo-classes
- Ship: CSS Relative Color Syntax (RCS)
- Ship: Enrollment for Privacy Sandbox
- Ship: Fenced Frames - Functionality Updates
-
Ship: Japanese Phrase Line Breaking
- https://groups.google.com/a/chromium.org/g/blink-dev/c/96q7WtXtWXc
word-break: auto-phraseで日本語の文節区切りを実現- BudouX を用いている
-
Ship: Media Queries: scripting feature
- https://groups.google.com/a/chromium.org/g/blink-dev/c/jiCB_twBqnk
- JS が有効かどうか取得する query
- Ship: Sec-CH-Prefers-Reduced-Transparency User Preference Media Features Client Hints Header
- Ship: view-timeline shorthand sets view-timeline-inset
- Implement and Ship: Make URL parser to not decode percent-encoded ASCII character in URL's path
- Implement and Ship: DisplayMediaStreamOptions monitorTypeSurfaces
-
Prototype and Ship: Cookie Expires/Max-Age attribute upper limit for prior storage
- https://groups.google.com/a/chromium.org/g/blink-dev/c/blQFS8L3Drw
- すでに保存されている Cookie にも 400 日制限を適用
- M118 以降を起動した初回のマイグレーション時に設定
- Prototype and Ship: Clip-path geometry-box values
- Prototype and Ship: Allow transferring ArrayBuffer into VideoFrame, AudioData, EncodedVideoChunk, EncodedAudioChunk, ImageDecoder constructors
- Prototype and Ship: Generic Sensor WebDriver endpoints
- Implement and Ship: User-Agent Client Hints on Android WebView
- Implement and Ship: AudioEncoderConfig.bitrateMode
- Implement and Ship: SVGImageElement.crossOrigin attribute.
-
Prototype: Document Render-Blocking
- https://groups.google.com/a/chromium.org/g/blink-dev/c/YG70jRdekNs
- レンダリングをブロックし、最初のペイントを一貫させる
- ViewTransition でアニメーションする DOM の追加をまたないと UX が一貫しないため
- Prototype: Media Queries: scripting feature
- Prototype: Snapchanged Events
-
Prototype: CJK punctuation kerning: the CSS
text-spacing-trimproperty- https://groups.google.com/a/chromium.org/g/blink-dev/c/NCUfiS4K32E
- 日本語フォントの括弧など約物の空きを削る
-
Prototype: CSS Sticky State Container Queries
- https://groups.google.com/a/chromium.org/g/blink-dev/c/C1D321h3OnA
- sticky になったことを取得できる
- state query で取得
- Prototype: FedCM Improvements: Error API, Account Auto Selected Flag, Hosted Domain and Revocation
-
Prototype: Page-Embedded Permission Control
- https://groups.google.com/a/chromium.org/g/blink-dev/c/TGsrhP4ref0
- in-content element に権限取得の UI を出したい
- Prototype: Private Network Access restrictions for automotive
- Prototype: WebDriver commands for triggering Bounce Tracking Mitigations
-
Prototype: form-sizing CSS property
- https://groups.google.com/a/chromium.org/g/blink-dev/c/cA-cmgrA_QE
<textarea>を入力した行の高さに自動的に広げる
- Experiment: WebRTC encoded transform - Modify Metadata functions
- Experiment: X25519Kyber768 key encapsulation for TLS
-
Deprecate: Remove "Sanitizer API MVP"
- https://groups.google.com/a/chromium.org/g/blink-dev/c/PNTt4oFXt8c
- Sanitizer API のデザインが変わったので、古いものを unship する
- Removing FocuslessSpatialNavigation runtime-enabled-feature
- PSA: Browser text zoom on Android will now work like it does on desktop
- PSA: WebSocketStream API change
-
PSA: change in default behavior of
content_shell --run-web-tests - PSA: Ads Relevance and Measurement APIs ramping up
- PSA: Adjacent CDATA sections in XML documents will now be merged
- PSA: Disallowing unknown import attributes keys
- PSA: Improved covering and nested scroll snap handling
- PSA: Opener Storage Partitioning Explainer
- Save the date for BlinkOn 18!
- Action required: You're invited to BlinkOn 18 on Oct 17-19th!
- FYI that new Topics Taxonomy (v2) is starting to roll out to Stable soon
Other
-
web.dev
- New to the web platform in July
- Defining test cases and priorities
- To test or not to test, a technical perspective
- How prefetching helped Terra increase ads click-through rate by 30% and speed up Largest Contentful Paint.
- New to the web platform in August
-
google developer blog
- Announcing Federated Credential Management (FedCM) Beta for Google Identity Services
-
google developer japan blog
- Google Developers Japan: Google Ads API v14 のお知らせ
-
chrome developer blog
- One-time permissions in Chrome
- What's New in WebGPU (Chrome 116)
-
Secure popup interactions with
restrict-properties - Deprecating the unload event
- Four new CSS features for smooth entry and exit animations
- Bringing Safety check to the chrome://extensions page
- Debugging speculation rules
- Introducing the scheduler.yield origin trial
- What's new in Lighthouse 11
- Craft your Chrome Devtools Protocol (CDP) commands efficiently with the new command editor
- Astro View Transitions
- Faster Chrome releases (round two!)
- Related Website Sets - the new name for First-Party Sets in Chrome 117
- DevTools Tips: Snippets and live expressions
-
chromium blog
- Chromium Blog: Redesigning Chrome downloads, to keep you productive and safe online
- Chromium Blog: Smoothing out the scrolling experience in Chrome on Android
- Chromium Blog: Protecting Chrome Traffic with Hybrid Kyber KEM
- Chromium Blog: Towards HTTPS by default
-
google security blog
-
Google Online Security Blog: An update on Chrome Security updates - shipping security fixes to you faster
- https://security.googleblog.com/2023/08/an-update-on-chrome-security-updates.html
- これまで隔週で行っていたセキュリティ修正の更新を Chrome 116 から毎週に変更
- Android 14 introduces first-of-its-kind cellular connectivity security features
- Downfall and Zenbleed: Googlers helping secure the ecosystem
- Making Chrome more secure by bringing Key Pinning to Android
- Toward Quantum Resilient Security Keys
- AI-Powered Fuzzing: Breaking the Bug Hunting Barrier
-
Google Online Security Blog: An update on Chrome Security updates - shipping security fixes to you faster
- v8
-
Save the date for BlinkOn 18!
- https://groups.google.com/a/chromium.org/g/blink-dev/c/19KSuM7ywhs
- 10/17 - 10/19
- Bay Area + virtual
- Q2 2023 Summary from Chrome Security
Firefox 動向
Stable: 117
Updates
- Firefox 116.0, See All New Features, Updates and Fixes
-
Firefox 116 for developers - Mozilla | MDN
- https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/116
- CSP3 external hashes
- Firefox 117.0, See All New Features, Updates and Fixes
-
Firefox 117 for developers - Mozilla | MDN
- https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/117
- CSS Nesting
ReadableStream.from()- Insertable Streams
- A View to a Better, Faster Web - These Weeks in Firefox: Issue 143
- Unboxing More DevTools Powers, and Reusable Delights - These Weeks in Firefox: Issue 144
Intents
- Ship: Font Visibility Restrictions in private browsing windows
- Ship: Blob URL Partitioning (Total Cookie Protection)
-
Ship: privacy improvements in
enumerateDevices() - Ship: Font Visibility Restrictions in private browsing windows
- Ship: OpaqueResponseBlocking (ORB)
-
Implement and Ship: CSS
font-synthesis-positionproperty -
Prototype and Ship: CSS
:first(first-page pseudo-class) -
Prototype and Ship:
<search>element -
Prototype:
:hasselector - Prototype: Global Privacy Control
- Experiment and Ship: Encrypted Client Hello
-
Unship:
:-moz-loading/:-moz-brokenpseudo-classes -
Unship:
mozactionhintattribute - Soft code freeze for Firefox 118 starts on August 24
Newsletter
- SpiderMonkey Newsletter (Firefox 116-117)
- Firefox DevTools Newsletter
- Firefox WebDriver Newsletter
MDN / Open Web Docs
-
Creating custom easing effects in CSS animations using the
linear()function | MDN Blog - Announcing the MDN front-end developer curriculum | MDN Blog
- Micro benevolences
Standard Position
- 今月 Close されたものをみる
- X25519Kyber768 key encapsulation for TLS · Issue #874 · mozilla/standards-positions
Other
- Prepare your Firefox desktop extension for the upcoming Android release | Mozilla Add-ons Community Blog
- Autogenerating Rust-JS bindings with UniFFI - Mozilla Hacks - the Web developer blog
- Mozilla Seeks New Leader for Its Movement-Building Arm
- Welcome Suba Vasudevan, Mozilla's new Senior Vice President of Strategy and Operations
- Protect your information with email masks now available in Firefox
- The endpoint of Web Environment Integrity is a closed Web
- Private Access Tokens, also not great
Safari 動向
Stable: 16.6
Updates
- Safari 16.6 Release Notes
-
Safari Technology Preview 176
- https://webkit.org/blog/14401/release-notes-for-safari-technology-preview-176/
-
CSS
- Added support for contain-intrinsic-size: inherit (266100@main)
- Implemented
linear(...)timing function for CSS animations & transitions (266195@main)
-
Rendering
- Fixed out-of-flow boxes not showing (266366@main)
- Fixed canvas not showing the results of CanvasRenderingContext2D.putImageData until a forced re-render (266397@main)
- Fixed scrollbar not updating on CSS color-scheme change (266176@main)
- Prevented invalidating columns when the entire table is being destroyed (266344@main)
- Accessibility
-
Media
- Implemented automatic text track selection for 'metadata' tracks (266380@main)
-
Web API
- Added support for the title attribute for pattern validation errors (266311@main)
- Aligned naturalWidth and naturalHeight with spec, changing from int to unsigned (266302@main)
- Changed to return opaque origin for blob: URL containing inner non-http(s): URL (266247@main)
- Converted embed hidden into a proper boolean attribute (266399@main)
- Throttled mousemove events to one per rendering update (266341@main)
-
Updates to Storage Policy
- https://webkit.org/blog/14403/updates-to-storage-policy/
- localStorage, Cache API, IndexedDB, Service Worker, and File System が対象
- Origin 単位の Quota と Overall の Quota の二軸で管理
-
Origin Quota
- 制限超えると例外
- ブラウザ/ Web アプリはディスク空き容量の 60%
- 他のアプリはディスク空き容量の 20%
- クロスオリジンはメインフレームの 1/10
-
Overall Quota
- 制限超えると削除による解放
- ブラウザ/Web アプリはディスク空き容量 80%
- 他のアプリはディスク空き容量 15%
-
基本全てはベストエフォート、永続したい場合はリクエストする
navigator.storage.persist()
-
Release Notes for Safari Technology Preview 177
- https://webkit.org/blog/14412/release-notes-for-safari-technology-preview-177/
- ほぼ Fix
-
JavaScript
- Optimized Array#splice to skip result array creation if it is not used at all (266591@main)
-
Building Profiles with new WebKit API
- https://webkit.org/blog/14423/building-profiles-with-new-webkit-api/
- Webkit ではあるがブラウザの話ではない
Standard Positions
- 今月 Close されたものをみる
-
content-visibility: autoforcescontain-intrinsic-size: auto· Issue #228 - Zstandard compression format for Content-Encoding · Issue #168
- Update and overflow media features · Issue #146
- scrollbar-width CSS Property · Issue #133
- Customized built-in elements · Issue #97
- CSS highlight pseudo system · Issue #95
-
CSS
initial-letterproperty · Issue #94 - View Transitions API Level 1 · Issue #48
Other
- Blog - 2024 Apple Security Research Device Program now accepting applications - Apple Security Research
Edge 動向
Stable: 116
Updates
- Collaborating with Open Web Docs for great PWA docs
- Publish your PWA to the Microsoft Store on Windows for free with PWABuilder
- Microsoft Edge for Business is now available, helping organizations maximize productivity and security
- Announcing support for HSTS on Exchange Server 2016 and 2019 - Microsoft Community Hub
Other
- Edge のよくあるご質問 | Japan Developer Support Internet Team Blog
- Enforcing SmartScreen with Policy - text/plain
- Attack Techniques: QR Codes - text/plain
- SmartScreen Application Reputation, In Pictures - text/plain
WHATWG/W3C 動向
Draft
- Recommendation
- Proposed Recommendation
- Candidate Recommendation
- Working Draft
- First Public Working Draft
-
Chartering
- Proposed W3C Charter: Decentralized Identifier (DID) Working Group Extended
- Securing the Internet and WWW Community Group Proposed
- Financial Services Business Group created
- Healthcare Services Business Group Proposed
- Proposed W3C Charter: Web Editing Working Group
- Computational Intelligence Business Group Proposed
- Advance notice: Work in progress on Portable Network Graphics Working Group Charter; PNG WG Extended
- Chinese DID & VC Best Practices Community Group created
- Proposed W3C Charter: Math Working Group Extended
- Service Worker Static Routing API incubation
- Proposed W3C Charter: Pointer Events Working Group Extended
- Advance notice: Work in progress on Web Application Security Working Group Charter; Current Charter Extended
- Web Performance Working Group Charter Extended
Other
-
Web Environment Integrity has no standing at W3C; understanding new W3C work
- https://www.w3.org/blog/2023/web-environment-integrity-has-no-standing-at-w3c/
- WEI はまだ提案に過ぎないよという話と、 W3C で提案はどのように持ち込まれるかという話
- ワーキンググループのチャータリング、 TAG review などのレビューを経た上で、複数の実装があってはじめて標準になる
-
Add switch attribute to the input element to allow for a two-state switch control. by lilyspiniolas · Pull Request #9546 · whatwg/html
-
https://github.com/whatwg/html/pull/9546
- Apple がスイッチコントロールの
<input type="checkbox" switch>を提案
- Apple がスイッチコントロールの
-
https://github.com/whatwg/html/pull/9546
- Draft Note: Guidance on Applying WCAG 2.2 to Non-Web Information and Communications Technologies (WCAG2ICT)
-
Agenda for Aug 31st, 2023 · Issue #400 · web-platform-tests/interop
- https://github.com/web-platform-tests/interop/issues/400
- 2023 年 9 月 14 日からプロポーザルを募集
TC39 動向
Meeting
- Meeting Note が公開された時だけやる、それ以外はやらない。
-
2023-07
- tc39 minutes を読む
-
notes
- https://github.com/acutmore/notes/tree/a6592d28f2effcab79551f0fd7422a1229d82683/meetings/2023-07
- note の PR が閉じられているので、 main ではなくブランチのリンクになっている
- agenda
-
Stage 3 update of Intl Locale Info API
- https://github.com/tc39/proposal-intl-locale-info/pull/70 PR これ?
- Date: Number: 0..6 (1 = Monday, 0 = Sunday)
- Temporal: Number: 1..7 (1= Monday, 7 = Sunday)
- Intl.Locale: String (three letters): ("mon"... "sun")
- 3 つとも曜日を表す方法がバラバラ
- でもコンセンサスできなかった?
-
Base64
- One Shot はいいけど Stream もしたい
- その場合どうやって状態を持つか
- 合意には至らず
-
Source Phase Imports for Stage 3
- "source" という言葉についての bikeshed を解決する、という条件付きの Stage 3
- Dynamic Imports のシンタックスが import.source() に変更された
-
Decimal: Open-ended discussion
- Decimal128 か BigDecimal かで議論
- 他にも色々
- どういう方向かまだ結論は出てない
-
Optional chaining in assignment LHS for stage 1 or 2
- Optional Chaining を代入の左辺に指定したい
- 全部あったら代入する
- Stage1
-
Reducing wasted effort due to proposal churn
- Stage 3 で normative change が発生しまくると、実装者が大変
- 2 と 3 の間に実装はしないが test262 などを整備し始めるフェーズが欲しい
- we can call it Stage 2 ¾ for now
- Stage 3 での実装は推奨しないが、あっても別に良いはず。
- 実装してわかることもあるだろうし
- なので、気持ちはわかるがプロセスとしては変更なし
-
DataView get/set Uint8Clamped methods for stage 1 or 2 or 3
- DataView に Uint8Clamped が欲しい
- Stage1
-
Stop Coercing Things
- at() に文字列を渡すと 0 に丸めてしまう
- こういう暗黙変換をやめないか? という提案
- 新たしい仕様については基本そうしていくという合意
-
Meta-review of Stage 3 proposals
- Stage3 のものを一個一個サマライズして確認する作業が行われた
- 一行まとめが非常にわかりやすい
- JSON Modules: HTML へのインテグレーションを待ってる
- Legacy RegExp Features in JavaScript: 実装者/チャンピオンが興味を失ってる
- RegExp modifiers: 進んでる
- Duplicate Named Capture groups: Safari が Ship 予定、 Mozilla は実装中
- Shadow Realm: HTML のインテグレーションでブロックされてる、要確認。
Proposals Diff
- https://github.com/tc39/proposals/compare/main@{2023-01-01}...main@{2023-02-01}
- https://tc39.github.io/beta/
-
0->1
- Optional chaining in assignment
- DataView get/set Uint8Clamped method
-
1->2
- deferring module evaluation
-
2->3
- import attributes
- Promise.withResolvers
- Array Grouping
- Source phase imports
- 3->4
New Proposals
-
tc39/proposal-optional-chaining-assignment
a?.b = cproposal- https://github.com/tc39/proposal-optional-chaining-assignment
-
tc39/proposal-dataview-get-set-uint8clamped
- TC39 proposal to add DataView.prototype.getUint8Clamped and DataView.prototype.setUint8Clamped
- https://github.com/tc39/proposal-dataview-get-set-uint8clamped
-
tc39/proposal-defer-import-eval
- A proposal for introducing a way to defer evaluate of a module
- https://github.com/tc39/proposal-defer-import-eval
Other
WinterCG 動向
- Meeting や大きな動きがあった月だけやる
Meeting
-
2023-08-03 Meeting
- https://github.com/wintercg/admin/issues/53
import.meta.*をどう標準化するかの議論resolve,url,mainの三つを標準化- 拡張は名前空間を切る
- key には runtime-keys を使う
- という方向で進める
IETF 動向
IETF117
WG
-
IETF
- https://datatracker.ietf.org/meeting/
- RFC 9380 on Hashing to Elliptic Curves
- RFC 9381 on Verifiable Random Functions (VRFs)
- RFC 9439 on Application-Layer Traffic Optimization (ALTO) Performance Cost Metrics
- RFC 9444 on Automated Certificate Management Environment (ACME) for Subdomains
- Protocol Action: 'Certification Authority Authorization (CAA) Processing for Email Addresses' to Proposed Standard (draft-ietf-lamps-caa-issuemail-07.txt)
- Protocol Action: 'Ephemeral Diffie-Hellman Over COSE (EDHOC)' to Proposed Standard (draft-ietf-lake-edhoc-22.txt)
- Protocol Action: 'HTTP Message Signatures' to Proposed Standard (draft-ietf-httpbis-message-signatures-19.txt)
- Protocol Action: 'Oblivious HTTP' to Proposed Standard (draft-ietf-ohai-ohttp-09.txt)
- Protocol Action: 'Service Identity in TLS' to Proposed Standard (draft-ietf-uta-rfc6125bis-15.txt)
-
httpwg
- https://lists.w3.org/Archives/Public/ietf-http-wg/
- https://github.com/httpwg/wg-materials/
-
Structured Field Values Bis - Mark Nottingham
- Authentication に影響??
-
WebSockets Design Team Report - Lucas Pardue
- DNS でいいんじゃないかという提案
- 他のバージョンでもつながるようにデプロイされてないことの問題では?
-
Secondary Cert
- 引き続き要検討
-
Compression Dictionary Transport - Patrick Meenan
- Adoption
-
HTTP Availability Hints - Mark Nottingham
- Cloudflare を始め interest がちらほら
-
HTTP Cache Groups / An HTTP Cache Invalidation API - Mark Nottingham
- やっていきそう
-
Request-OTR Header
- サーバから Private Mode を強制できる
- WebAppSec とか Privacy CG が興味あってやっていく
- quicwg
- webtrans
- tlswg
- wpack
- masque
- pearg
- privacypass
- dispatch
- secdispatch
-
ohai
- Protocol Action: 'Oblivious HTTP' to Proposed Standard (draft-ietf-ohai-ohttp-09.txt)
- I-D Action: draft-ietf-ohai-svcb-config-05.txt
- draft-ohai-chunked-ohttp-00
- I-D Action: draft-ietf-ohai-ohttp-10.txt
Other
- RFC Numbers for Testing and Example Use
CDN 動向
Cloudflare
- 2022 年に最も悪用された脆弱性を明らかに
- Cloudflare の「2023 年フィッシング脅威レポート」のご紹介
- オンラインセキュリティと 2023 年の攻撃情勢に関する 8 月の読み物リスト
- Application Security Report: Q2 2023
- Cloudflare Radar's 2023 overview of new tools and insights
Fastly
- Join Fastly at Black Hat 2023 | Fastly
- 脅威インテリジェンスレポート : 数兆件に及ぶリクエストデータに基づく攻撃トレンド | Fastly
- Back to Basics: Directory Traversal | Fastly
- Fastly Participates in the EU-US Data Privacy Framework | Fastly
Other
- Private Mobile Connectivity: More Visibility, Security, and Control | Akamai
- Akamai Defends Against the OWASP Top 10 API Security Risks | Akamai
- Akamai Develops Real-Time Detections for DNS Exfiltration | Akamai
- 3 Steps to Elevate Your Cybersecurity in a Post-Pandemic World | Akamai
- DDoS Attacks Surge Against Vulnerable Assets: Are You Prepared? | Akamai
セキュリティ動向
- Using short-lived certificates to protect TLS secrets - Engineering at Meta
- How Meta is improving password security and preserving privacy - Engineering at Meta
周辺動向
- Celebrating Ten Years of Encrypting the Web with Let's Encrypt | Electronic Frontier Foundation
イベント
-
7 月
- 11-13: TC39
- 22-28: IETF | IETF 117 San Francisco
- 8 月
-
9 月
- 7: WEB+DB PRESS 創刊 22.9 周年パーティ(副題 うまい肉と IPA) - connpass
- 11-15: TPAC 2023
- 26-28: TC39
- 26-28: W3C Workshop Secure the Web Forward
-
10 月
- 17-19: BlinkOn18
Wrap Up
-
Chrome
-
116
- Document Picture-in-Picture
-
117 Beta
@starting-style,overlay,transition-behavior- Subgrid
text-wrap: pretty- Array grouping
- Iteerator helpers
- deprecate
unload
-
Ship
- vertical form controls
<search>- Bounce Tracking Mitigations
- Japanese phrase line breaking
-
Prototype
- Document Render-Blocking
- CJK punctuation kerning
- Sicky state container queries
- Page-Embedded Permission Control
form-sizing
-
Experiment
- X25519Kyber768 for TLS
-
Deprecate and Remove
- Sanitizer API MVP
-
Chrome Developers
- deprecating
unload scheduler.yieldorigin trial- Astro View Transitions
- Faster Chrome releases round two
- First-Party Sets → Related Website Sets
- deprecating
-
Chromium blog
- redesigning downloads UI
- Hybrid Kyber KEM
- towards HTTPS by default
-
other blogs
- faster security updates
- Key Pinning to Android
-
other
- Chrome Security Q2 summary
-
116
-
Firefox
- 116
-
117
- CSS Nesting
-
Ship
- ORB
<search>
-
Prototype
:has()- Global Privacy Control
-
other intents
- Encrypted Client Hello
-
MDN Blog
- MDN front-end developer curriculum
-
other
- positive on X25519Kyber768
- ekr on WEI and Private Access Tokens
-
Safari
-
TP 176
linear()titlefor form pattern validation errors
- TP 177
-
blog
- updates to Storage Policy
-
other
- negative on Customized built-in elements
- support on View Transitions Level 1
-
TP 176
-
Edge
- Edge のよくあるご質問
-
W3C/WHATWG
-
other
- Service Worker Static Routing incubation
- WEI and W3C Process
<input type="checkbox" switch>proposal from Apple- Interop 2024 timeline
-
other
-
TC39
- Stage 3 updates on Intl Locale Info API
- Stage 2 ¾
- Stage 3 meta-reviews
-
WinterCG
import.meta.*standardization
-
IETF
- OHTTP to Proposed Standard
- Request-OTR
- RFC numbers for testing/example
-
CDN 動向
- Cloudflare 2023 phishing report
-
セキュリティ動向
- Meta on short-lived certificates
-
周辺動向
- 10 years anniv of Let's Encrypt