ep60 Monthly Web 201911
- published_at
- 2019-12-08
- guest
- @araya
- toc
-
headings
Theme
第 60 回のテーマは 2019 年 11 月の Monthly Web です。
Show Note
Chrome 動向
- Stable: 78
-
Chrome Dev Summit 2019
- https://developer.chrome.com/devsummit/
- Chromium Blog: Chrome Dev Summit 2019: Elevating the Web Together
- Highlights from Chrome Dev Summit 2019
-
Keynote
- https://www.youtube.com/watch?v=F1UP7wRCPH8
-
LayoutNG
- 約 10 %のレイアウトバグの修正
- 最大 5 %の描画パフォーマンスの向上
- 複雑な言語におけるパフォーマンスの改善(RTL など)
- emoji の描画が速くなった
- http archive に記録されている z-index の最大値: 780 桁の 99999... !important
- ブラウザ上でコードを変更しながら Lighthouse のスコアを改善するデモ
-
3 つの重要なゴール
- Better performance
- More accessible
- More safe and trustworthy
- 各種 API の紹介
-
WebP in its 10th year
- https://www.youtube.com/watch?v=-wrXKvnPfZg
- PhotoShop, AndroidStudio, Squoosh, Gimp, ImageMagick などで WebP を出力できる
- Chrome's ecosystem collaboration
- User-first interactive sites with AMP
- Speed highlights
- Trust & safety highlights
- Web as a building block for user experience
-
HTML isn't done!
- https://www.youtube.com/watch?v=ZFvPLrKZywA
-
Edge & Chrome form control collaboration
- chrome://flags/#form-controls-refresh
-
High contrast mode
@media(forced-colors: active)forced-color-adjust: auto | none
-
Stylability
- 多くの開発者が form elements をスクラッチで書き直している
- まずは select, checkbox, radio の stylability にフォーカスしていく
-
Extensibility
- select, option を拡張が拡張できるように今後していく
-
New components
- Display Locking is available in Origin Trial
-
Intent to explain: Demystifying the Blink shipping process
- https://www.youtube.com/watch?v=y3EZx_b-7tk
-
Intent to Implement と読んでいたものを Intent to Prototype に変更
- フラグ付きで試験的に提供するだけで、強いコミットメントではないことを明確にしたかった
- Bridging the native app gap
-
PWA and the installable web
- https://www.youtube.com/watch?v=Hp_dQvQyYEI
-
OYO の事例 by Mukund, Product Manager for OYO Consumer Experience
- もとのサイトに比べて、 Chrome の PWA では 4.4 倍、 Trusted Web Activity では 6.6 倍の conversion があった。
- TWA のアプリは 900KB 未満の app size
- Next-generation web styling
- Adaptive Loading - improving web performance on slow devices
- The main thread is overworked & underpaid
- Speed tooling evolutions: 2019 and beyond
-
What's new in sign-up and sign-in
- https://www.youtube.com/watch?v=WxXF17k1dko
- SMS Receiver API
- Web Authentication API
-
Protecting users on a thriving web
- https://www.youtube.com/watch?v=WnCKlNE52tc
- ユーザーがどこにいるか、ウェブサイトがユーザーから何を得ているかを明確にすることがゴール
-
IDN spoofing の対策
- spoofy IDN を検知したら警告を出す
- https://h2o.examp1e.net/
-
URL はセキュリティの文脈では有用な指標ではない
- scheme や www はユーザーにとって必要性の低い情報の為非表示にする
-
Suspicious Site Reporter extension
- https://chrome.google.com/webstore/detail/suspicious-site-reporter/jknemblkbdhdcpllfgbfekkdciegfboi
- scheme や www が表示されるようになり、なりすましやフィッシングなどの悪意のあるサイトを報告することができる
- Advancing the web framework ecosystem
- Oh the things you'll compile - modern WebAssembly
- In which we make loading disappear with 'portal' and friends
- Chrome extensions and the world of tomorrow
- What's new in Canvas - Offscreen Canvas and Text Metric use cases
- How to make your content shine on Google Search
- Designing for speed and hacking user perception
- PWAs and capability highlights
- 3D, VR and AR on the web
- Ready player web: Building modern web games
- You should focus - supporting different devices on the web
- Getting permission: Patterns for making fluent permission requests
-
BlinkOn11
- Video
-
Keynote
-
日本でのモバイルデータ通信の紹介
- 月末になるにつれ、 4G 対応デバイスでの Web ページのロード数が減少する
- 1 ページあたりのロード時間は増加する
- Chromium: The past 6 months
-
日本でのモバイルデータ通信の紹介
-
Updates
-
Chromium Blog: Chrome 79 Beta: Virtual Reality Comes to the Web
- https://blog.chromium.org/2019/10/chrome-79-beta-virtual-reality-comes-to.html
- Virtual Reality Comes to the Web
- Support for rendersubtree Attribute
- Wake Lock API based on Promises
- Adaptive Icon Display for Installed PWAs on Android
- Autofocus Support for any Focusable HTML/SVG Element
- Compute img/video Aspect Ratio from Width Or Height HTML Attributes
- font-optical-sizing
- list-style-type:
<string> - Reject
Worklet.addModule()with a More Specific Error - Retrieve a Service Worker Object Corresponding to a Worker Itself
- Stop Evaluating Script Elements Moved Between Documents During Fetching
- Remove: -webkit-appearance Keywords for Arbitrary Elements
-
Deprecations and removals in Chrome 78
- https://developers.google.com/web/updates/2019/10/chrome-79-deps-rems
-webkit-appearance
-
Chromium Blog: Chrome 79 Beta: Virtual Reality Comes to the Web
-
Intents
- Ship: getTransfrom() for OffscreenCanvasRenderingContext2D
- Ship: ARIA Attribute Reflection for Elements (without relationship properties)
-
Ship: Default Accessibility Semantics for Custom Elements (without relationship properties)
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/BcWAX13du9w/wlp9E1YGEAAJ
- custom element に ElementInternals I/F を経由して role や prop などを追加できる
-
Ship: CSS intrinsic-size
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/CQVTVOYx1XI/zSEBfVhKBQAJ
- 仕様上 Not Ready for Implementation になってるのに出ている
- コメントで指摘されており、この intents は 撤回された
- Ship: MediaCapabilities: encrypted (EME) decodingInfo()
- Ship: DOMMatrix setTransform/getTransform on OffscreenCanvas
- Ship: :focus-visible pseudo-class
- Ship: getInstalledRelatedApps
- Ship: Contacts API
- Ship: [Payments] shipping address and contact info delegation
- Ship: ActiveText, Field, and FieldText system colors
- Ship: JS String.prototype.replaceAll
- Ship: HTMLVideoElement.getVideoPlaybackQuality()
- Ship: HrefTranslate HTMLAnchor attribute
- Implement and Ship: Promise.any
- Implement and Ship: Support for CSS image-orientation property
- Prototype and ship: Improved compositing operations for root element
- Prototype and Ship: Protect Resource Timing's workerStart behind a Timing-Allow-Origin check
- Prototype and Ship: ResizeObserver updates
-
Implement and Ship: SubmitEvent interface
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/AZO9T-eHy4E/nv4aQN9oAwAJ
- submit event に submitter (submit した button etc) が入る
- Implement and Ship: buffered flag for longtasks
- Prototype and Ship: Implement ServiceWorkerContainer.onmessageerror and ServiceWorkerGlobalScope.onmessageerror
- Implement: MediaCapabilities: Query Spatial Audio with decodingInfo()
- Implement: fetch() upload streaming
- Implement: Window Placement
- Implement: CSS Spatial Navigation (only spatialNavigationSearch API)
- Experiment: CacheStorage Code Cache Hint
- Experiment: Contacts API Address/Icon support
- Experiment: Content Index API
- Change:
-
Unship:
- Unship: HPKP (dynamic key pinning)
-
Remove:
- Renaming Intent to Implement => Intent to Prototype
- Deprecate/Remove: [un]registerProtocolHandler() APIs in non-secure contexts
- Deprecate and Remove: [un]registerProtocolHandler() APIs in non-secure contexts
- Deprecate and Remove: non-origin-clean ImageBitmap serialization and transferring
- AMP
-
v8
- Outside the web: standalone WebAssembly binaries using Emscripten · V8
- V8 release v7.9 · V8
-
Other
- Virtual reality comes to the web
-
Google Developers Blog: 10 shortcuts made possible by .new
- https://developers.googleblog.com/2019/10/10-shortcuts-made-possible-by-new.html
- Playlist.new: Spotify.
- Story.new: Medium
- Canva.new: Canva.
- Webex.new: Cisco Webex.
- Link.new: Bitly.
- Invoice.new: Stripe.
- Api.new: RunKit.
- Coda.new: Coda.
- Music.new: OVO Sound.
- Cal.new: Google Calendar.
- Google Developers Blog: New Analytics updates in Actions on Google Console
- Chromium Blog: Intent to Explain: Demystifying the Blink Shipping Process
- Chromium Blog: Moving towards a faster web
-
Chromium Blog: Making new experiences possible on the web
- https://blog.chromium.org/2019/11/making-new-experiences-possible-on-web.html
- WebAssembly
- Advanced Capabilities
- Progressive Web Apps
- の 3 つを軸にアプリとのギャップを埋めていく
- Official Google Webmaster Central Blog [EN]: Get faster with the new Speed report in Search Console
- Getting Started with Web Serial
- Creating Delightful User Experiences Using AMP On Adobe Experience Manager
- Rendering Weekly, November 19, 2019
- The Chromium Chronicle: GWP-ASan: Detect bugs in the wild
Firefox 動向
- Stable: 70
-
Updates
-
Upcoming notification permission changes in Firefox 72
- https://hacks.mozilla.org/2019/11/upcoming-notification-permission-changes-in-firefox-72/
- https://blog.mozilla.org/futurereleases/2019/11/04/restricting-notification-permission-prompts-in-firefox/
-
Permission Prompt は非常に人気がなかった
- ユーザインタラクションからではない Prompt はほぼ無視されてた
- インタラクションからの Prompt は許可されることが多い
-
これを踏まて変更
- 70 で Prompt の Not Now を Never にする
- 72 でインタラクションのない Prompt は出さず URL bar のアイコンにする
- These Weeks in Firefox: Issue 68
- Extensions in Firefox 71
-
Upcoming notification permission changes in Firefox 72
-
Intents
- Ship: Add image/webp to default Accept header
- Ship: Require user interaction for notification permission prompts
- Ship: CSS Shadow Parts.
- Ship: [css-transforms-2] Individual Transform Properties (i.e. translate, rotate, scale)
- Ship: motion path module level 1
- Ship: String.prototype.replaceAll()
- Unship: HTTP Refresh header support when the content is handled as a download
- Unship: DTLS 1.0 for WebRTC
- Prototype: Delegate and restrict permission in third party context
-
Site Compat
- Requesting notification permission will soon require user interaction
- Requesting notification permission and screen capture now requires user interaction (Affecting)
-
Vibration API can no longer be used from cross-origin
<iframe> - DH algorithm support has been removed from Web Crypto API
- HTTP Public Key Pinning is no longer supported
- image/webp has been added to default HTTP Accept header
-
Other
- Validating Delegated Credentials for TLS in Firefox
-
Announcing the Bytecode Alliance: Building a secure by default, composable future for WebAssembly - Mozilla Hacks - the Web developer blog
- https://hacks.mozilla.org/2019/11/announcing-the-bytecode-alliance/
- https://blog.mozilla.org/blog/2019/11/12/new-bytecode-alliance-brings-the-security-ubiquity-and-interoperability-of-the-web-to-the-world-of-pervasive-computing/
- https://www.fastly.com/blog/fastly-partners-form-open-source-bytecode-alliance
- WASM/WASI ベースのソフトウェア基盤開発をすすめるアライアンス
-
Member
- Mozilla
- Fastly
- Intel
- Red Hat
-
Project
- Wasmtime
- Lucet
- WebAssembly Micro Runtime
- Cranelift
- Updates to the Mozilla Web Security Bounty Program
- NodeJS vendoring policies; feedback requested
- Soft code freeze for Firefox 72 starts November 25
- How I made the Firefox Protection report screen reader accessible
Safari 動向
- Stable:13.0.3
-
Updates
-
Release Notes for Safari Technology Preview 96
- https://webkit.org/blog/9658/release-notes-for-safari-technology-preview-96/
- Enabled the Web Animations JavaScript API by default (r251237)
- Implemented AuthenticatorCancel (r251295)
- Added strictness to request's Content-Type (r251490)
- Fixed setting border-radius on
<video>element clipping the top and left sections of the video (r251385) - Ignored document.open or document.write after the active parser has been aborted (r251506)
- Made requestIdleCallback suspendable (r251258)
- Added content-box and stroke-box to the transform-box property (r251252)
- Added support for gradients using stops with multiple positions (r251474)
- Implemented ClipboardItem.getType() (r251377)
- Implemented navigator.clipboard.read() (r251279)
- Changed :part rules to be able to override the style attribute (r251285)
- Removed wasmAwareLexicalGlobalObject (r251529)
- Implemented EnterPictureInPictureEvent support (r251530)
- Added runtime logging for the Picture-in-Picture API (r251458)
- Added support for callbacks for manifest events (r251626)
- Fixed MP4 video element broken with Service Worker (r251594)
- update BF Cache
- WebGPU and WSL in Web Inspector
-
Release Notes for Safari Technology Preview 96
- Other
Edge 動向
- Stable:
-
Status Updates
- Getting your sites ready for the new Microsoft Edge - Microsoft Edge Blog
- Introducing the new Microsoft Edge and Bing | Windows Experience Blog
- EdgeHTML
-
Build Changelog
- https://developer.microsoft.com/en-us/microsoft-edge/platform/changelog/
- windows experience blog の feed に build update が乗る
- もしくは、このページの build を選ぶと、右に learn more on the windows blog から飛べる
- Chakra
- Other
WHATWG/W3C 動向
-
Recommendation
- Accessibility Conformance Testing (ACT) Rules Format 1.0 is a W3C Recommendation
- High Resolution Time Level 2 is a W3C Recommendation
- CSS Containment Module Level 1 is a W3C Recommendation
- Verifiable Credentials Data Model 1.0 is a W3C Recommendation
-
Proposed Recommendation
- Call for Review: Trace Context is a W3C Proposed Recommendation
- Call for Review: Data Catalog Vocabulary (DCAT) - Version 2 is a W3C Proposed Recommendation
-
Candidate Recommendation
- W3C Invites Implementations of Service Workers 1
- Working Draft
-
First Public Working Draft
- First Public Working Draft: Decentralized Identifiers (DIDs) v1.0
-
Chartering
- Proposed W3C Charter: Web Payments Working Group
- Proposed W3C Charter: Service Workers Working Group
- Proposed W3C Charter: Web of Things Working Group
-
Other
- Contract for the Web
- W3C Website redesign, phase 1 RFP
-
PSA: "same site" definition has changed and moved
- http://lists.w3.org/Archives/Public/public-webappsec/2019Nov/0004.html
- Mike West の提案で Same Site の定義を変えることに
- "Same site" が scheme を考慮するようになる。考慮しない場合 "schemelessly same site"
- "Same site" と "schemelessly same site" が host ではなく origin で考えるように
- "Same site" と "schemelessly same site" が URL ではなく HTML の仕様に
-
新しい定義
- https://html.spec.whatwg.org/multipage/origin.html#schemelessly-same-site
- Origin の domain/port を無視した比較
- 同じドメインかそのサブドメインなら Schemelessly Same Site
- 加えて Scheme が同じなら Same Site
- New version of the Roadmap of Web Applications on Mobile
TC39 動向
-
Meeting
- https://github.com/tc39/agendas
- rwaldron/tc39-notes が tc39/notes に移行した
- Proposals Diff
- New Proposals
- Other
IETF 動向
-
IETF 106 Singapore
- materials
-
httpwg
- minutes
- Digest Headers
- Transport Information Header
- HTTP Priority Design Team
- RateLimit Headers
- Client Hints
-
quicwg
- minutes
- QUIC, HTTP/3, and ALPN
- An Unreliable Datagram Extension to QUIC
- QUIC-LB
- QUIC Discard Handshake Keys
- QUIC Version Negotiation
- QUIC Interop Runnner
- Quick QUIC Update
-
wpack
- minutes
- Web Packaging (WPACK) Bof @ IETF106
- slides-106-wpack-proposed-charter-00-01
- WebPack: A Path to Caching in Remote Edge Networks?
- IETF Embedded Web Package use Case
- AMP SXG
-
Unsigned Bundles Sharing
- https://datatracker.ietf.org/meeting/106/materials/slides-106-wpack-bundle-sharing-00
- Sign しない bundle の有用性の話
- Origin にアクセスしないと完全性はわからない
- それでもネットワークが悪い場所では有用
- ブラウザの UI で wbn 作り、隣の人と共有
-
Web Packaging Design
- https://datatracker.ietf.org/meeting/106/materials/slides-106-wpack-wpack-proposed-solution-01
- 特に Origin Trust (署名や検証、証明書の期限)をどうするかの話
- 証明書を 7 日で切る、 DNS AAC を送る、 Credential は載せないなど
-
webtrans
-
minutes
- https://github.com/DavidSchinazi/webtrans-wg-materials/blob/master/ietf106/minutes.md
- https://datatracker.ietf.org/meeting/106/materials/minutes-106-webtrans-02
- 「WebSocket は、簡単に書ける API だったけど、簡単に運用できるものではなかった、その失敗を繰り返したくないので API 慎重にやろう」
- 全体的にモチベーションが高い印象の議事録
- An Unreliable Datagram Extension to QUIC
- Using HTTP/2 as a Transport for Arbitray Bytestreams
- WEBTRANS BOF IETF 106
-
minutes
-
tlswg
- minutes
- TLS@IETF106
- Importing External PSKs for TLS
- draft-ietf-tls-exported-authenticator-10
- draft-ietf-tls-delegated-credentials
- Compact TLS
- TLS Batch Signing
- TLS 1.3 Extended Key Schedule
- TLS Re-Charter
- A Well-Known URI for publishing ESNIKeys
- Semi-Static Diffie-Hellman Key Establishment for TLS 1.3
- draft-ietf-tls-md5-sha1-deprecate
- Encrypted Client Hello
- RFC
- IETF Last Call
- WG Last Call
- Call for Adoption
- I-D Action
-
Draft
- A privacy analysis on DoH deployment
- Communicating Warning Information in HTTP APIs
- Fast Address Validation
- Binary Structured HTTP Headers
- The OAuth 2.0 Authorization Framework: Claims
- Partial Uploads in HTTP
- Internet X.509 Public Key Infrastructure: Additional Post-Quantum Signature Algorithms and Identifiers
- Signing HTTP Requests via JSON Web Signatures
- Registration Policy for TCP Header Flags
- CBOR Object Signing and Encryption (COSE): Additional Algorithms
- application/importmap+json MIME Type Registration
-
Email Address Length
- https://tools.ietf.org/html/draft-viruthagiri-email-address-length-00
- メールの長さが 64+@+255=320 となっている
- 他の仕様(MAIL/RCPT)では 254 の制限がある
- よって 254 にしようという話
- Network Address Translation Support for QUIC
-
The Base58 Encoding Scheme
- https://tools.ietf.org/html/draft-msporny-base58-01
- by S. Nakamoto (Bitcoin)
-
Other
-
HTTP/2 GREASE, Results, and Implications
- https://lists.w3.org/Archives/Public/ietf-http-wg/2019OctDec/0047.html
- HTTP2 の Frame Type は、知らないものを無視する仕様になっている
- 実際に無視できているか、ランダムな値を送る GREASE を実施
- エラーで落ちるサイトが多数発見された
- https://bugs.chromium.org/p/chromium/issues/detail?id=1019410
- どうするか議論中
-
HTTP/2 GREASE, Results, and Implications
セキュリティ動向
- Delegated Credentials for TLS
- Going Keyless Everywhere
- Thoughts on DNS-over-HTTPS | text/plain
- Deprecated APIs and authentication | GitHub Developer Guide
- JSONBee - A Ready To Use JSONP Endpoints/Payloads To Help Bypass Content Security Policy Of Different Websites
- Assorted Kaspersky vulnerabilities
- Thoughts from IETF 106 | APNIC Blog
周辺動向
- Shadow tree encapsulation theory - Anne's Blog
- bye: FTP Support Is Going Away | text/plain
-
wasi: introduce initial WASI support by cjihrig · Pull Request #30258 · nodejs/node
- https://github.com/nodejs/node/pull/30258
- Node に WASI サポートの PR
-
DNS Wars
- https://pc.nanog.org/static/published/meetings/NANOG77/2033/20191028_Vixie_Keynote_Dns_Wars__v1.pdf
- https://www.potaroo.net/ispcol/2019-11/dnswars.html
- DNS 戦争の歴史
- 10 月にあった NANOG での基調講演と、それにに対するアンサーエントリ
- DoH/DoT の話も
-
Pika Code - a new kind of editor is coming...
- https://www.pika.dev/code
- CDN などをやってる Pika が modern な code editor を作っているらしい
- Early access を募集中
- The Maturing of QUIC
- Visual Studio Online - Web ベースの IDE と共同コード エディター
- Facebook Is Still Failing at Ad Transparency (No Matter What They Claim) - The Mozilla Blog
- Even faster connection establishment with QUIC 0-RTT resumption
- Web-to-WebApp Communication: Custom Scheme Handlers | text/plain
-
Flow - Ekioh が開発している新しい Web ブラウザ
- https://www.ekioh.com/flow-browser/
- マルチスレッド処理と GPU を駆使して他のブラウザの 2 倍以上のフレームレートを実現する
- レンダリングエンジンはフルスクラッチ、 JS エンジンは SpiderMonkey
- Gmail が動くようになった
- Introducing the HTMLRewriter API to Cloudflare Workers
- A History of HTML Parsing at Cloudflare: Part 1
- Low Output Latency (LOL)HTML parser/rewriter
イベント
-
11 月
- 1: WebKit Contributors Meeting
- 4-8: MS Edge at Ignite 2019
- 5-6: W3C Workshop on Inclusive Design for Immersive Web Standard
- 11-12: Chrome Dev Summit 2019
- 14-15: BlinkOn 11
- 16-22: IETF106 Singapore
- 30-1: JSConf JP
-
12 月
- 末: Yearly Web
- 1 月