ep64 Monthly Web 202002
- published_at
- 2020-03-02
- guest
- @myakura
- toc
-
headings
Theme
第 64 回のテーマは 2020 年 2 月の Monthly Web です。
Show Note
Chrome 動向
- Stable: 80
-
Updates
-
New in Chrome 80
- https://developers.google.com/web/updates/2020/02/nic80
- Modules in workers
- Optional chaining in JavaScript
-
New Origin Trials
- Content indexing API
- Notification triggers
- Web Serial
- The ability for PWAs to register as file handlers
- New properties for the contact picker
-
Graduated from origin trial
- scroll to text fragment
- display: minimal-ui
- SVG favicon
- The Chromium Chronicle: Catching UI Regressions with Pixel Tests
- Adding notification permission data to the Chrome User Experience Report
- Trusted Web Activities, the Lay of the Land
-
Chromium Blog: Protecting users from insecure downloads in Google Chrome
- https://blog.chromium.org/2020/02/protecting-users-from-insecure.html
- 平文通信のダウンロードを段階的にできないように
- Chromium Blog: Videos with fewer intrusive ads
- Chromium Blog: SameSite Cookie Changes in February 2020: What You Need to Know
-
Chromium Blog: Chrome 81: Near Field Communications, Augmented Reality, and More
- https://blog.chromium.org/2020/02/chrome-81-near-field-communications.html
- Web NFC for mobile
- Augmented Reality and Hit Testing
- PointerLock unadjustedMovement Origin Trials
- Buffered Flag for Long Tasks
- CSS image-orientation property
- CSS Color Adjust: color-scheme
- Exclude Implicit Tracks from grid-template-rows and grid-template-columns Resolved Values
- hrefTranslate attribute on HTMLAnchorElement
- IntersectionObserver Document Root
- Modernized Form Controls
- Move onwebkit{animation,transition}XX handlers to GlobalEventHandlers
- Position State for Media Session
- SubmitEvent
- WebAudio: ConvolverNode.channelCount and channelCountMode
- RTCPeerConnection.onicecandidateerror event changes
- onclosing Event for RTCDataChannel
- WorkerOptions for shared workers constructor
- WritableStream.close()
- Intl.DisplayNames()
- Deprecation and Remove "basic-card" support Payment Handler
- Remove supportedType field from BasicCardRequest
- Remove the
<discard>element - Remove TLS 1.0 and TLS 1.1
- TLS 1.3 downgrade hardening bypass
- Interact with NFC devices on Chrome for Android
- Augmented reality: You may already know it
- Virtual reality comes to the web, part II
- Positioning virtual objects in real-world views
-
New in Chrome 80
-
Intents
- Ship: Insecure Download Blocking in Secure Contexts
- Ship: Simplified auto-disabling of -webkit-appearance
- Ship: IndexedDB relaxed durability transactions
- Ship: Support ARIA Annotations from ARIA 1.3 draft
- Ship: disallowdocument access iframe attribute
- Ship: CSS contain-intrinsic-size
-
Ship: Custom state pseudo class
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/dJibhmzE73o/jzB1zkJeCQAJ
- Custom Component などで独自の疑似クラスを定義できる
- Implement and Ship: 'font-display: optional' without relayout
- Prototype and Ship: support "JIS-B5" and "JIS-B4" @page sizes
- Prototype: input.rawValue
- Prototype: MediaCapabilities: Query HDR with decodingInfo()
-
Prototype: prefers-reduced-data
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/oNJTem41LBs/CA4Nx05aAwAJ
- Save-Data の CSS 版
- Data Saver などが有効な場合に、 background-image を無くすとか
- Prototype: CanMakePaymentEvent.respondWithMinimalUI
- Prototype: CSS primitives for foldable devices
- Prototype: Delegated Ink Trail
- Prototype: WebRTC RTP header extension control
-
Prototype: Declarative Shadow DOM
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/nJDc-1s3R9U/uCJKsEqpAwAJ
- 宣言的な Shadow DOM の定義
<template shadowroot="open">にするとその下が Shadow DOM として扱われる- Shadow DOM が SSR できる
-
Prototype: Media Feeds
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/D1sGl6UkCzs/bSiEw3rlCAAJ
- Web App Manifest に "dataFeedElement" を追加
- RSS などがあることを UA に伝える
-
Prototype: Imperative Shadow DOM Distribution API
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/TNYIAu5E_M4/1i7LME9WCwAJ
- Shadow DOM への slot の割当を命令的に行う?
<summary>/<detail>みたなことが、今の slot の仕組みだとできない
-
Prototype: URL Protocol Handler Registration for PWAs
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/x4Ev_l9Oj2U/6bGPs7MVCwAJ
- Web App Manifest に "protocol_handler" を追加
- 他のアプリや Web アプリを呼べるように
- Prototype: Web Bluetooth getDevices()
- Experiment: scheduler.postTask
-
Experiment: Querying HTTPSSVC
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/brZTXr6-2PU/g0g8wWwCAwAJ
- HTTPS に関わる追加情報を入れた DNS record の HTTPSSVC を取得するように
- ESNI, ALT-SVC, HSTS 情報などを入れる
- Deprecate GetPreferredTryMasters
- Remove: @import rules in CSSStyleSheet.replace()
- [Web-Facing Change PSA] Chrome will block insecure downloads from secure contexts
- PSA: ExecutionContext is moving from Document to LocalDOMWindow
- PSA: Moving SHA-1 and 3DES in TLS to a fallback
- PSA: Periodic prioritization of rendering on the renderer's main thread in M81
- PSA: content-type attached to beacon with ArrayBufferView has changed
- Blink API OWNERS Requirements
- Your flag: unsafely-treat-insecure-origin-as-secure is expiring in M82
- Your flag: allow-insecure-localhost is expiring in M82
- Your flag: enable-layout-ng is expiring in M82
-
v8
-
V8 release v8.1 · V8
- https://v8.dev/blog/v8-release-81
- Intl.DisplayNames
-
Understanding the ECMAScript spec, part 1 · V8
- https://v8.dev/blog/understanding-ecmascript-part-1
- ECMAScript 仕様の読み方の解説
- hasOwnProperty を例に読み進め方が書かれている
-
V8 release v8.1 · V8
-
Other
- Chromium Platform Security Summit!
- Behind the Scenes: Deploying the AMP Runtime – The AMP Blog
- Official Google Webmaster Central Blog [EN]: Google Search News for January 2020
- Project Zero: A day^W^W Several months in the life of Project Zero - Part 1: The Chrome bug of suffering
- Project Zero: A day^W^W Several months in the life of Project Zero - Part 2: The Chrome exploit of suffering
- Project Zero: Escaping the Chrome Sandbox with RIDL
- Project Zero: Mitigations are attack surface, too
- Report on browser privacy
- QuicTransport Custom Certificate API - Invitation to comment
Firefox 動向
- Stable: 73.0.1
-
Updates
-
Securing Firefox with WebAssembly - Mozilla Hacks - the Web developer blog
- https://hacks.mozilla.org/2020/02/securing-firefox-with-webassembly/
- WASM で作ったサンドボックス内でコードを実行しセキュアにしていく話し
- 主に 3rd Party Libs から注力していく
- Firefox 73 is upon us - Mozilla Hacks - the Web developer blog
- Firefox 73 for developers - Mozilla | MDN
- Firefox 73.0, See All New Features, Updates and Fixes
- These Weeks in Firefox: Issue 69 – Firefox Nightly News
- Firefox continues push to bring DNS over HTTPS by default for US users - The Mozilla Blog
- The Facts: Mozilla's DNS over HTTPs (DoH) - Open Policy & Advocacy
-
Securing Firefox with WebAssembly - Mozilla Hacks - the Web developer blog
-
Intents
-
Ship: a change to the initial value of image-orientation
- https://groups.google.com/forum/#!msg/mozilla.dev.platform/PDYzBgRz8gk/6biEHyB_BwAJ
- image-orientation の初期値を none から from-image にする
- EXIF の持つ回転の情報がデフォルトで使われるように
- Ship: Autodiscovery of WebExtension search engines
- Ship: SubmitEvent interface
- Ship: form.requestSubmit()
- Implement and ship: updated values for text-decoration properties
- Prototype and ship: CSS comparison functions: min() / max() / clamp()
- Prototype and ship: lazy load images
- Prototype and ship: ARIA annotations
- Prototype and ship: running background color animations on the compositor thread
- Prototype: :focus-visible pseudo-class.
- Prototype: Document as explicit root of an intersection observer
- Implement: CSS conic-gradient
- Deploy: ThreadSanitizer
- Unship: Recursive call of Document.execCommand() (Only Nightly and early Beta for now)
- Unship: system SQLite support on Linux (--enable-system-sqlite)
-
Ship: a change to the initial value of image-orientation
-
Other
- It's the Boot for TLS 1.0 and TLS 1.1 - Mozilla Hacks - the Web developer blog
- (とりこぼし) backgroundsync と periodicbacgkroundsync が harmful に
-
Images are now rotated by default according to Exif data | Firefox Site Compatibility
- https://www.fxsitecompat.dev/en-CA/docs/2020/images-are-now-rotated-by-default-according-to-exif-data/
- 画像の表示に Exif の rotate 情報をみるように
- Resolve data breaches with Firefox Monitor | The Firefox Frontier
-
Intent to implement: Cookie SameSite=lax by default and SameSite=none only if secure
- https://groups.google.com/d/msg/mozilla.dev.platform/nx2uP0CzA9k/REUNAW2YGQAJ
- Nightly で SameSite=Lax がデフォルト有効に
Safari 動向
- Stable: 13.0.5
-
Updates
-
Release Notes for Safari Technology Preview 💯
- https://webkit.org/blog/10024/release-notes-for-safari-technology-preview-100/
- Added support for the options parameter to getAnimations() (r255149)
- Fixed User Verification (UV) option present on a CTAP2 authenticatorMakeCredential while the authenticator has not advertised support for it (r254710)
- Added support for allow="fullscreen" feature policy (r255162)
- Added finite timeout when synchronously terminating a service worker (r254706)
- Fixed EXIF orientation ignored for some CSS images (r254841)
- Fixed elements no longer stay fixed with elastic overscroll (r255037)
- Added support for MediaRecorder.requestData (r255085)
- Implemented sub-source texImage2D and texSubImage2D (r255316)
-
Release Notes for Safari Technology Preview 101
- https://webkit.org/blog/10031/release-notes-for-safari-technology-preview-101/
- Corrected TextTrack sorting with invalid BCP47 language (r255997)
- Redacted billing contact during payment method selection (r256071)
- Added support for BigInt literal as PropertyName (r256541)
- Changed authenticatorGetAssertion to be sent without pinAuth if user verification is discouraged (r256001)
- Aligned getDisplayMedia() with standards specifications (r256034)
- Fixed CSS rules with the same selector from several large stylesheets getting applied in the wrong order (r255671)
- Fixed pages that trigger a redirect sometimes getting left blank (r256452)
- Disallowed setting base URL to a data or JavaScript URL (r256191)
- Fixed highlight text decorations to work with all decoration types and colors (r256451)
- Implemented OffscreenCanvas.copiedImage (r256505)
- Updated to remember if legacy TLS was used in the back-forward cache (r256073)
-
Explainer: IsLoggedIn (on GitHub)
- https://lists.w3.org/Archives/Public/public-webappsec/2020Feb/0008.html
- https://github.com/WebKit/explainers/tree/master/IsLoggedIn
- IsLoggedIn の Explainer が更新されたっぽい
-
Changeset 256501 – WebKit
- https://trac.webkit.org/changeset/256501/webkit
- WebKit の Nightly に WebP が実装
-
Release Notes for Safari Technology Preview 💯
- Other
Edge 動向
- Stable: 80
-
Updates
- Announcing Windows 10 Insider Preview Build 19559 | Windows Experience Blog
- Bringing the Microsoft Edge DevTools to more languages
- implifying Microsoft Edge configuration profiles for Jamf Pro
- Protecting users from potentially unwanted applications in Microsoft Edge - Microsoft Edge Blog
-
Chakra
- Release ChakraCore v1.11.16 · microsoft/ChakraCore
-
Other
- Microsoft's Three Browsers | text/plain
- App-to-Web Communication: Launching Web Apps | text/plain
- Demystifying Browsers | text/plain
- Browser Password Managers: Threat Models | text/plain
WHATWG/W3C 動向
-
Recommendation
- Trace Context is a W3C Recommendation
- Data Catalog Vocabulary (DCAT) version 2 is a W3C Recommendation
- Proposed Recommendation
- Candidate Recommendation
- Working Draft
-
First Public Working Draft
- First Public Working Draft: Requirements for Personalization Semantics
- First Public Working Drafts: Media Capabilities, Picture-in-Picture, Media Session Standard
- First Public Working Drafts: Resize Observer; CSS Scroll Anchoring Module Level 1
- First Public Working Draft: XR Accessibility User Requirements
- First Public Working Draft: WCAG 2.2
-
Chartering
- CSS Print Community Group created
- CSS4 Community Group created
- XSLT Extensions Community Group Proposed
- Synthetic Media Community Group Proposed
-
Other
- W3C Workshop Report: Inclusive Design for Immersive Web Standards
- For Wide Review: Personalization Semantics Content Module 1.0
TC39 動向
-
Meeting
-
2020-02
- https://github.com/tc39/agendas
- https://github.com/tc39/notes
-
TC39-news/tc39-02-2020.md at master · codehag/TC39-news
- https://github.com/codehag/TC39-news/blob/master/meetings/tc39-02-2020.md
- https://groups.google.com/forum/#!topic/mozilla.dev.platform/I_SBpSIh8CM
- Mozilla の Yulia Startsev による Meeeting のサマリ
-
2020-02
-
Proposals Diff
- https://github.com/tc39/proposals/compare/master@{2020-02-01}...master@{2020-03-01}
- https://tc39.github.io/beta/
-
0->1
- arraybuffer-view-stride
- Cryptographically Secure Random Number Generation
- Async initialization
- Legacy reflection features for functions
- Preserve Host Virtualizability
- Decimal
- Intl.DurationFormat
-
1->2
- logical-assignment
- 2->3
-
3->4
- Intl.locale
- Intl.NumberFormat Unified API
-
New Proposals
- Intl.DurationFormat
- decimal
-
Ergonomic brand checks for Private Fields(private-fields-in-in)
- https://github.com/ljharb/proposal-private-fields-in-in
- private filed に対応しているかどうかを try-catch なしで判別する
- Other
IETF 動向
- IETF
- RFC
- IETF Last Call
- WG Last Call
- Call for Adoption
- I-D Action
-
Draft
- Lightweight Authorization for Authenticated Key Exchange.
- Roughtime
- JSContact: Converting from and to vCard
- JSContact: A JSON representation of contact data
- SDP Mapping into HTTP structured headers
- JSON Responses for the Registration Data Access Protocol (RDAP)
- Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
- Quic Timestamps For Measuring One-Way Delays
- Pairing-Friendly Curves
- Real-time text media handling in multi-party conferences
- rLEDBAT: receiver-driven Low Extra Delay Background Transport for TCP
- An Unreliable Datagram Extension to QUIC
- Network-Based Website Fingerprinting
- Compatible Version Negotiation for QUIC
- Other
セキュリティ動向
- 暗号資産「無断採掘」、二審は有罪 閲覧者 PC 利用-東京高裁:時事ドットコム
- Three ways TLS 1.3 protects origin names
- Bypassing AppProtocol Prompts | text/plain
-
DNS over HTTPS Providers Chromium
- https://groups.google.com/a/chromium.org/forum/#!msg/net-dev/Fz3VfevdFmg/o1GhsWWnAwAJ
- NextDNS が DoH 対応し、 Chrome の対応プロバイダリストへの登録を依頼
- なお、 CNAME Cloaking 回避もできるらしい
- https://nextdns.io
周辺動向
- What do you want from a Web Browser Developer Relations team? - Modern Web Development: Tales of a Developer Advocate by Paul Kinlan
- HTTP/3 for everyone | daniel.haxx.se
-
How 1500 bytes became the MTU of the internet
- https://blog.benjojo.co.uk/post/why-is-ethernet-mtu-1500
- MTU が 1500 になった理由
-
Introducing Acrobat on the Web, Powered by WebAssembly
- https://medium.com/adobetech/acrobat-on-the-web-powered-by-webassembly-782385e4947e
- Adobe が Web 版の Acrobat を発表
- Mobile PDF Library を wasm にコンパイルして利用している
- https://documentcloud.adobe.com/view-sdk-demo/index.html
- WebAssembly Summit 2020 Notes
- WebAssembly Summit まとめ
イベント
-
3 月
- 27: IETF 107 Vancouver
- 4 月
-
5 月
- ??: Chrome Security Summit
- 12-14: Google I/O
-
6 月
- 19: SecWeb