ep67 Monthly Web 202004
- published_at
- 2020-05-07
- guest
- @myakura
- toc
-
headings
Theme
第 67 回のテーマは 2020 年 4 月の Monthly Web です。
Show Note
Chrome 動向
- Stable: 81
-
Updates
-
New in Chrome 81
- https://developers.google.com/web/updates/2020/04/nic81
-
Updated Chrome release schedule
- 81: released
- 82: skip
- 83: 5/19
- WebXR hit testing
- App icon badging
- Web NFC
- A personal note from Pete
-
Deprecations and removals in Chrome 83 | Web | Google Developers
- https://developers.google.com/web/updates/2020/04/chrome-83-deps-rems
- Disallow downloads in Sandboxed iframes
-
Chromium Blog: Chrome 83 Beta: Cross-site Scripting Protection, Improved Form Controls, and Safe Cross-origin Resource Sharing
- https://blog.chromium.org/2020/04/chrome-83-beta-cross-site-scripting.html
- Trusted Types for DOM Manipulation
- Improved Form Controls
- New Cross-Origin Policies
- Origin Trials
- Native File System
- Performance.measureMemory()
- Prioritized Scheduler.postTask()
- WebRTC Insertable Streams
- Other features in this release
- ARIA Annotations
- 'auto' keyword for '-webkit-appearance' CSS property
- Barcode Detection API
- CSS contain-intrinsic-size
- CSS Color Adjust: color-scheme meta tag
- display:inline-grid/grid/inline-flex/flex for
- ES Modules for shared workers ('module' type option)
- Improvements to font-display: optional
- IndexedDB relaxed durability transactions
- Out-Of-Renderer Cross-Origin Resource Sharing
- Reversed range for
- Support "JIS-B5" and "JIS-B4" @page
- @supports selector() feature query function
-
WebRTC
- RTCPeerConnection.canTrickleIceCandidates
- RTCRtpEncodingParameters.maxFramerate
- RTCRtpSendParameters.degradationPreference
- WebXR DOM Overlay
- JavaScript
- fractionalSecondDigits option for Intl.DateTimeFormat
- Deprecations, and Removals
- Disallow Downloads in Sandboxed iframes
- Chromium Blog: Temporarily rolling back SameSite Cookie Changes
-
New in Chrome 81
-
Intents
- Ship: getInstalledRelatedApps API for Windows
- Ship: Content Index API
- Ship: Contacts API Address/Icon support
-
Ship: @property
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/3ygpsew53a0/T7acB6sRBQAJ
- CSS.registerProperty() を JS 無しで CSS で行う記法
- Ship: Support for web-animations-1 JavaScript API.
-
Prototype and Ship: Add schemes for decentralized web protocols to the safelist of registerProtocolHandler
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/7nHTRUP1EGY/LYCOtg3IAwAJ
- Web サイトに HTML 仕様でセーフリストされた schema を紐づける
- Prototype and Ship: ReportingObserver on workers
- Implement and Ship: Unprefixed ruby-position CSS property
-
Prototype: AVIF Decode
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/gPse70Ax-iE/J7Ofg4V9AQAJ
- AV1 Image Format のデコード
- 既存の AV1 実装を利用
- Prototype: Window Controls Overlay for Installed Desktop Web Apps
- Prototype: text-decoration-thickness, text-underline-offset and from-font keyword for text-underline-position
-
Prototype: ImageDecoder API extension for WebCodecs
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/w1F8UGwTjZo/rrwylKubAwAJ
- Audio/Video と同様 Image もデコードできるように
- ImageBitmap を取得して Canvas に書いたり
- DOM 非依存なので Worker からも使える
-
Prototype: Third-party origin trials
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/78i3GDWsPr0/KNFQYEYTAQAJ
- 3rd Party から Origin Trials で機能を有効にできるように
-
Prototype: VirtualKeyboard API
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/q80uCrMgiTM/nF3mo-7zBAAJ
- MS からの draft
- 元々 2 つあったものをまとめた仕様
-
Prototype: Window Segments Enumeration API
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/_1_ljYsaqrU/qOoHJ7MhAgAJ
- 複数 window に分割したレイアウトを提供する API
- foldable/dual screen などの登場を受けて
- Prototype: Altitude/Azimuth for PointerEvents v3
- Prototype: App Icon Shortcuts Menu
- Prototype: Web Bluetooth BluetoothDevice.watchAdvertisements()
-
Extend Origin Trial: Serial API
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/P5uKC_HTStw/VjYdUfg-BQAJ
- シリアル通信を行う API
- USB API よりもハイレベルで USB ではないシリアルデバイスも対象
- ハードウェアコミュニティから教育ツールを作るユースケースがあるらしい
- Extend Origin Trial: Screen Wake Lock API
-
Extend Origin Trial: RenderSubtree attribute
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/sBGPdqQRQfo/cam3wY2jAwAJ
- display-locking の文脈
- search には hit するがレンダリングされてない要素を作れる CSS
-
Experiment: Force Load At Top
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/ONn6qsdwHUo/zHqyNL46BQAJ
- scroll-to-text-fragment からの opt-out
-
Experiment: AppCache
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/ezHywZ-Xs20/T4o3-fXTBAAJ
- M83 から Reverse Origin Trial 開始
- Experiment: Portals (Same-Origin, Android Only)
- Experiment: Idle Detection API
- Remove: Title argument of registerProtocolHandler()
- web-platform-tests quarterly update - Q1 2020
- Introduced --disable-system-font-check to content_shell
- PSA: Making WTF::String and WTF::AtomicString thread-safe
-
PSA: Reducing web compatibility risk.
- https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/kMhb8lIYAVE/p-w5_kBOAQAJ
- deprecation/removal などの互換性リスクのある intents には慎重になる
- すでに approve された intent も、それぞれ機能ごとに改めて判断する
-
Deprecate and Freeze: The User-Agent string
- https://groups.google.com/a/chromium.org/d/msg/blink-dev/-2JIRNMWJ7s/u-YzXjZ8BAAJ
- UA 文字列のエントロピー減らす試みのうち、 UA 文字列の半固定化を少なくとも 2021 年まで
- CH-UA ヘッダは Chrome 84 で ship 予定
-
v8
- Understanding the ECMAScript spec, part 3 · V8
- What's in that .wasm? Introducing: wasm-decompile · V8
-
Other
- Making your website "cross-origin isolated" using COOP and COEP
- Understanding "same-site" and "same-origin"
- Monitor your web page's total memory usage with performance.measureMemory()
- Improved dark mode default styling with the color-scheme CSS property and the corresponding meta tag
- WebSocketStream: integrating streams with the WebSocket API
- web.dev engineering blog #1: How we build the site and use Web Components
- Ensure your website is available and usable for everyone during COVID-19
- Storage for the web
- Cumulative Layout Shift (CLS) in AMP - The AMP Blog
- Adobe Experience Cloud Extends AMP Support - The AMP Blog
-
Introducing the fastest and most user-friendly content encryption - The AMP Blog
- https://blog.amp.dev/2020/04/27/introducing-the-fastest-and-most-user-friendly-content-encryption/
- 暗号化した結果をクライアントに送り、ログインしている場合だけ復号して表示する
- Paywall をなくすための仕組み
- Project Zero: You Won't Believe what this One Line Change Did to the Chrome Sandbox
- https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html
Firefox 動向
- Stable: 75.0
-
Updates
- Firefox 75.0, See All New Features, Updates and Fixes
- Firefox 75 for developers - Mozilla | MDN
-
Firefox 75: Ambitions for April - Mozilla Hacks - the Web developer blog
- https://hacks.mozilla.org/2020/04/firefox-75-ambitions-for-april/
- img 要素の loading 属性
- CSS の min() / max() / clamp()
-
Intents
- Ship: inputmode attribute on Android (GeckoView)
- Ship: Logical Assignment for JavaScript
-
Ship: AudioWorklet
- https://groups.google.com/forum/#!msg/mozilla.dev.platform/_i1mSzhaDkQ/HCQ8CZwsAQAJ
- あるサービスプロバイダから WFH な環境で有益という声がでたので、 76 にアップリフトした
- Ship: "Multi-value" WebAssembly proposal
- Ship: RegExp dotAll flag (/s), unicode escape sequences, lookbehind assertions
- Prototype and Ship: CSS :is() and :where() pseudo-classes.
- Prototype and Ship: Tab modal system prompts
-
Prototype: Dynamic FPI
- https://groups.google.com/forum/#!msg/mozilla.dev.platform/f2_hLdfsbq4/ZhuWE4ZAAgAJ
- First Party Isolation
- Prototype ARIA reflection (non-IDREF)
- Prototype: ETP Cookie Purging
- Prototype: cookie behavior "reject foreign" with storageAccess API and heuristic exceptions
- Unship: window.external.AddSearchProvider
- Unship: title argument of Navigator.registerProtocolHandler
-
Other
-
Twitter の Cache 問題
- Twitter Data Cache on Mozilla Firefox
- https://privacy.twitter.com/en/blog/2020/data-cache-firefox.html
- Shared PC で、別アカウントの Cache が Firefox では残っていたと Twitter 発表。(Firefox の問題のような書かれ方)
- https://blog.mozilla.org/blog/2020/04/03/what-you-need-to-know-about-twitter-on-firefox
- 実際は Content-Disposition が指定されて Cache-Control が指定されてないレスポンスが、 Huristic Cache に載っていた問題。 Huristic Cache は仕様にもあり実装にゆだねられているので、本来は明示的に Cache-Control: no-store を指定すべきだが、 Twitter は Chrome/Safari の実装でしかテストしてなかった模様。
- Mozilla は仕様はこうした問題を解決するためにあるのに、正しく使われていないことによる問題を Firefox の問題のようにすり替えていることに遺憾。
- Twitter Direct Message Caching and Firefox - Mozilla Hacks - the Web developer blog
-
https://hacks.mozilla.org/2020/04/twitter-direct-message-caching-and-firefox/
- 追記として response に pragma: no-cache が入っていたことが原因でもあったらしい
- pragma: no-cache は cache-control: no-cache と透過で request で使うべきもの
-
Firefox 76 Beta and Developer Edition are out, some changes postponed due to COVID-19 outbreak
- https://www.fxsitecompat.dev/en-CA/blog/2020/firefox-76-beta-and-developer-edition-are-out-some-changes-postponed-due-to-covid-19-outbreak/
- Covid-19 で先送りになった機能一覧
- Removing TLS 1.0/1.1 support
- Removing DTLS 1.0 support from WebRTC
- Removing FTP support
- Enforcing MIME check for worker scripts
- Rotating JPEG images
- These Weeks in Firefox: Issue 72 - Firefox Nightly News
- These Weeks in Firefox: Issue 73 - Firefox Nightly News
- Firefox's Bug Bounty in 2019 and into the Future | Mozilla Security Blog
- Expanding Client Certificates in Firefox 75 | Mozilla Security Blog
-
Firefox 75 will respect
nosnifffor Page Loads | Mozilla Security Blog - Engineering code quality in the Firefox browser: A look at our tools and challenges - Mozilla Hacks - the Web developer blog
- A Taste of WebGPU in Firefox - Mozilla Hacks - the Web developer blog
- Keeping Firefox working for you during challenging times | The Firefox Frontier
-
Twitter の Cache 問題
Safari 動向
- Stable: 13.1
-
Updates
-
New WebKit Features in Safari 13.1
- https://webkit.org/blog/10247/new-webkit-features-in-safari-13-1/
- Pointer and Mouse Events on iPadOS
- Web Animations API
- Async Clipboard API
- JavaScript Improvements
- ResizeObserver
- HTML enterkeyhint Attribute
- CSS Shadow Parts
- More CSS Additions
- Media APIs
- Subtitles and Captions
- WebRTC Legacy Audio and Proxy Support
- Performance Improvements
- Security Improvements
- Intelligent Tracking Prevention Updates
- Web Platform Quality Improvements
- Web Inspector Updates
- Redesigned Color Picker
- Customized AR QuickLook
-
Release Notes for Safari Technology Preview 104
- https://webkit.org/blog/10264/release-notes-for-safari-technology-preview-104/
- Added HTTP3 as an experimental feature (r258678)
- Added label text to suggested values for a
<datalist>element (r259330) - Removed synchronous termination of service workers (r259383)
- Added support for :is() (r259261)
- Added initial support for WebRTC HEVC (r259452)
- Supported inserting text or dictation alternative by simulating keyboard input (r258873)
- Supported resolution of IPv6 STUN/TURN addresses (r259338)
- Improved title and text used in prompts (r258961)
-
Release Notes for Safari Technology Preview 105
- https://webkit.org/blog/10428/release-notes-for-safari-technology-preview-105/
- Added Selectors Level 4 specificity calculation for pseudo classes (r260024, r260069)
- Added support for font-relative lh and rlh unit frp, CSS Values Level 4 specification (r259703)
- Implemented
BigInt.prototype.toLocaleString(r259919) - Implemented logical assignment operators (r260119)
- Made a change to update ScreenTime as playback state changes (r260182, r260201)
- Filtered some capture device names (r259477)
- Added support for applying a frameRate limit when the request stream is from Camera (r260245)
- Added support for pseudoElement on KeyframeEffect and KeyframeEffectOptions (r260139)
- Web Animations in Safari 13.1
-
A Tour of Inline Caching with Delete
- https://webkit.org/blog/10298/inline-caching-delete/
- delete が最適化にもたらす影響
-
New WebKit Features in Safari 13.1
- Other
Edge 動向
- Stable: 81
- Updates
-
Chakra
- Release ChakraCore v1.11.18 - microsoft/ChakraCore
-
Other
- Analyzing Network Traffic Logs (NetLog json) | text/plain
WHATWG/W3C 動向
- Recommendation
- Proposed Recommendation
- Candidate Recommendation
- Working Draft
- First Public Working Draft
-
Chartering
- Web fights covid19 Community Group created
-
Other
- W3C Website redesign: User-stories; brand and identity | W3C Blog
- Upcoming Distributed, Online Workshops: W3C/OGC Joint Workshop Series on Maps for the Web
TC39 動向
-
ES2020
-
Release ES2020 Candidate - tc39/ecma262
- https://github.com/tc39/ecma262/releases/tag/es2020
- 4/2 に TC39 が approve した candidate
- 6 月に ECMA GA が approve したら正式になる
-
Release ES2020 Candidate - tc39/ecma262
- Meeting
-
Proposals Diff
- https://github.com/tc39/proposals/compare/master@{2020-04-01}...master@{2020-05-01}
- https://tc39.github.io/beta/
-
0->1
- Number.range / Bigint.range
- brand check for private
- Compartments
- Intl.NumberFormat v3
- 1->2
-
2->3
- logical assignment
-
3->4
- import.meta
-
New Proposals
- Number.range / BigInt.range
- Compartments
-
RefCollection
- https://github.com/rricard/proposal-refcollection/
- reference を symbol でまとめておく仕様
-
Deep Path Properties for Records
- https://github.com/rickbutton/proposal-deep-path-properties-for-record/
- Record Literal の Path 仕様
-
Conflict Comments
- diff 記法みたいな
- ジョークらしい(table から削除されてる)
- Other
IETF 動向
- IETF
- RFC
- IETF Last Call
- WG Last Call
- Call for Adoption
- I-D Action
-
Draft
- QUIC Version Aliasing
-
The Vulcain Protocol
- https://tools.ietf.org/html/draft-dunglas-vulcain-00
- Graph QL を REST に載せたような OSS 実装の draft 化
- Preload/Field header を使って関連リソースの Preload をする
- Cache-Digest や Early Hints などが応用されている
- Supporting Redirect Responses in DNS Queries over HTTPS (DoH)
-
Virtual Hum Application: Requirements
- https://tools.ietf.org/html/draft-sheffer-hum-app-req-00
- IETF の文化である hum を Virtual でやる上での要件の整理
- Specification of DNS over Dedicated QUIC Connections
-
Compact TLS 1.3
- https://tools.ietf.org/html/draft-ietf-tls-ctls-00
- 互換性のために入れていた値などを取り除いて小さくした仕様
- Upgrading Communication from Stub Resolvers to DoT or DoH
- Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
- Using Early Data in DNS over TLS
- Optimizing ACK mechanism for QUIC
- The WebTransport Protocol Framework
- Hybrid key exchange in TLS 1.3
-
Signing HTTP Messages
- https://tools.ietf.org/html/draft-ietf-httpbis-message-signatures-00
- その名の通り HTTP に署名する仕様
- Signature ヘッダを追加
- メッセージの正規化方法も定義
- Best practices for password hashing and storage
- Other
セキュリティ動向
-
Zoom Japan FAQ - 2020/04/01 Zoom 利用者へのメッセージ
- https://sites.google.com/zoom.us/zoomjapanfaq/zoomblog/a-message-to-our-users
- 様々な脆弱性や実装上の問題に対応するため、 90 日の集中対策計画を発表
- ミーティング・ウェビナーの暗号化について (翻訳版) - Zoom Blog
-
Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams | CyberArk
- https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/
- グループチャットツールの Microsoft Teams に「GIF 画像を見るだけでアカウントを乗っ取られる脆弱性」が発見される - GIGAZINE
- https://gigazine.net/news/20200428-microsoft-teams-vulnerability-gif-link/
- ただし、事前に subdomain を乗っ取っておく必要がある
- 「ニンテンドーネットワーク ID」に対する不正ログイン発生のご報告と「ニンテンドーアカウント」を安全にご利用いただくためのお願い
周辺動向
- How HTTP/3 and QUIC aim to help the connections that need it most
- How COVID-19 is affecting internet performance
- Internet performance during the COVID-19 emergency
- Comparing HTTP/3 vs. HTTP/2 Performance
-
News: Cliqz closes areas for browser and search technologies
- https://www.burda.com/de/news/cliqz-schliesst-bereiche/
- ep65 (2020-03) で取り上げた Cliqz がブラウザと検索事業を終了
- Google が支配的な現状を崩せないことや、パンデミックの影響に言及
-
MsQuic is Open Source
- https://techcommunity.microsoft.com/t5/networking-blog/msquic-is-open-source/ba-p/1345441
- microsoft/msquic: Cross platform C implementation of the IETF QUIC protocol.
- オランダ当局が Cookie ウォールは GDPR の要件を満たさないと判断 | TechCrunch Japan
イベント
-
5 月
-
??: Chrome Security Summit
-
9/9-10 に延期
- Chromium Platform Security Summit - September 9th and 10th
- https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/k7Lzy8TpR6Y
-
9/9-10 に延期
-
??: Chrome Security Summit
-
6 月
- 19: SecWeb
-
??: WWDC
- virtual
Wrap Up
- ブラウザが Compatibility risk のある変更を延期
- Trusted Types + C-O-* = Securer Context 周りが始まった
- zoom の脆弱性と E2E 暗号化から WebRTC Insertable Stream の話
- es2020 の candidate
- Compact TLS 1.3
- MsQuic 公開
- Covid-19 によるネットワークトラフィック統計 by Fastly/Cloudflare
- Twitter Cache のバグと Firefox 実装の話