ep79 Monthly Web 202101
- published_at
- 2021-01-31
- guest
- @myakura
- toc
-
headdings
Theme
第 79 回のテーマは 2020 年 12 月と 2021 年 1 月の Monthly Web です。
Show Note
Chrome 動向
Stable: 88
Updates
- Chromium Blog: Chrome Dev Summit 2020: Building an open web for our users and developers
-
Chromium Blog: Manifest V3 now available on M88 Beta
- https://blog.chromium.org/2020/12/manifest-v3-now-available-on-m88-beta.html
- 拡張の V3 が Beta に
- リモートコードホストの禁止
- Background Page から Service Worker へ
- API が宣言的に
- 権限が詳細に
- Chromium Blog: Better content sharing with Custom Tabs
- Chromium Blog: Privacy Sandbox in 2021: Testing a more private web
-
New in Chrome 88 - Chrome Developers
- https://developer.chrome.com/blog/new-in-chrome-88/
- maifest v3
- aspect-ratio for any element
- throttle chained JavaScript timers for hidden pages
- Play Billing in Trusted Web Activity.
- Chrome Dev Summit video are up
-
Chromium Blog: Chrome 89 Beta: Advanced Hardware Interactions, Web Sharing on Desktop, and More
- https://blog.chromium.org/2021/01/chrome-89-beta-advanced-hardware.html
- WebHID API
- Web NFC
- Web Serial API
- Web Sharing on Desktop
- Origin Trials
-
Other features in this release
- AVIF Image Decode
- Cross-origin opener policy reporting API
- Display override in web app manifests
- Expose ReadableStreamDefaultController interface
- performance.measureUserAgentSpecificMemory()
- Potentially trustworthy data: urls
- Streams API: Byte Streams
- Support for full 'filter' property syntax on SVG elements
- WebAuthentication API: ResidentKeyRequirement and credProps extension
-
CSS
- ::target-text pseudo-element
- flow-relative Corner Rounding properties
- Forced colors property
- Forced colors adjust property
-
JavaScript
- Top-level await
-
Developer Notes
- Image Orientation with EXIF
-
Deprecations and Removals
- Remove prefixed events for
<link rel=prerender> - Stop cloning sessionStorage for windows opened with noopener
- Labels
- Archive
- Feed
- Remove prefixed events for
-
What's New In DevTools (Chrome 89)
- https://developers.google.com/web/updates/2021/01/devtools
- What's New In DevTools (Chrome 89)
-
Debugging support for Trusted Types violations
- Breakpoint on Trusted Type violations
- Link issue in the Sources panel to the Issues tab
- Capture node screenshot beyond viewport
- New Trust Tokens tab for network requests
- Lighthouse 7 in the Lighthouse panel
-
Elements panel updates
- Support forcing the CSS :target state
- New shortcut to duplicate element
- Color pickers for custom CSS properties
- New shortcuts to copy CSS properties
-
Cookies updates
- New option to show URL-decoded cookies
- Clear only visible cookies
- New option to clear third-party cookies in the Storage pane
- Edit User-Agent Client Hints for custom devices
-
Network panel updates
- Persist "record network log" setting
- View WebTransport connections in the Network panel
- "Online" renamed to "No throttling"
-
New copy options in the Console, Sources panel, and Styles pane
- New shortcuts to copy object in the Console and Sources panel
- New shortcuts to copy file name in the Sources panel and Styles pane
-
Frame details view updates
- New Service Workers information in the Frame details view
- Measure Memory information in the Frame details view
- Provide feedback from the Issues tab
- Dropped frames in the Performance panel
- Emulate foldable and dual-screen in Device Mode
-
Experimental features
- Automate browser testing with Puppeteer Recorder
- Font editor in the Styles pane
- CSS flexbox debugging tools
- New CSP Violations tab
- New color contrast calculation - Advanced Perceptual Contrast Algorithm (APCA)
- Chromium Blog: Easy to build, monetize, and discover: List your web app on Google Play
- Chromium Blog: Seamless payments and password management in Chrome
-
Chromium Blog: Continuing our journey to bring instant experiences to the whole web
- https://blog.chromium.org/2020/12/continuing-our-journey-to-bring-instant.html
- Prefetch を頑張ってきたが、 NoState にしても IP がリークする
- Private prefetch proxy を導入し Google の IP に置き換える
- という実験をやっている話
- Chromium Blog: Limiting Private API availability in Chromium
-
Deprecations and removals in Chrome 88
- https://developers.google.com/web/updates/2020/12/chrome-88-deps-rems
- Don't allow popups during page unload (enterprises)
- Web Components v0 removed
- FTP support removed
- Progress update on the Privacy Sandbox initiative - Chrome Developers
- How to participate in the Privacy Sandbox initiative - Chrome Developers
-
Welcome to the new developer.chrome.com! - Chrome Developers
- https://developer.chrome.com/blog/welcome/
- developer.chrome.com がリニューアル
- Chrome 関連の情報はこちらで更新していく
- What's new in Chrome など、 Google Developers にあったコンテンツも移動中
- SharedArrayBuffer updates in Android Chrome 88 and Desktop Chrome 91 - Chrome Developers
- Heavy throttling of chained JS timers beginning in Chrome 88 - Chrome Developers
-
web.dev
- Cross-browser paint worklets and Houdini.how
- Publish, ship, and install modern JavaScript for faster applications
- Sign-up form best practices
- Payment and address form best practices
- Announcing Squoosh v2
-
Automating audits with AutoWebPerf
- https://web.dev/autowebperf/
- Page Speed Insight, CrUX, WebPageTest からデータを取得するツール
- SpreadSheet に落としたり Data Studio で可視化できる
- Extending Workbox
- Centering in CSS
- Building a sidenav component
- WebRTC is now a W3C and IETF standard
- Best practices for carousels
- When to use HTTPS for local development
- How to use HTTPS for local development
- Feedback wanted: The road to a better layout shift metric for long-lived pages
- Use AMP Components everywhere
Intents
- Ship: Web Share Target Level 2 for Chrome OS
- Ship: Expose ReadableStreamDefaultController interface
- Ship: Web Serial API
- Ship: Streams API: Byte Streams
- Ship: import maps (inline only)
- Ship: Web NFC
- Ship: Support for full 'filter' property syntax on SVG elements
- Ship: Percent based scrolling
- Ship: performance.measureMemory()
- Ship: Return empty for navigator.plugins and navigator.mimeTypes
- Ship: RegExp match indices
-
Ship: Remove clamping of
setTimeout(..., 0) - Ship: AbortSignal in addEventListener
-
Ship: Rename Sec-CH-UA-Platform value from "Mac OS X" to "macOS"
- https://groups.google.com/a/chromium.org/g/blink-dev/c/D1fW7PiPJTM
- Apple からの feedback で 100% ship の前に変更
- legacy "Max OS X" を「セメントで固める」
- Ship: WebAssembly Worker Based Threads on Android (too)
-
Prototype and Ship: CSS flow-relative Corner Rounding properties
- https://groups.google.com/a/chromium.org/g/blink-dev/c/YmWSODSTPS4/m/qx1uXvYxAgAJ
border-top-left-radiusなど四隅ひとつの radius を指定するborder-radiusサブプロパティの論理プロパティ版
- Prototype and Ship: ::file-selector-button pseudo-element
- Implement and Ship: Fire capture event listeners before bubble event listeners at event target
- Implement and Ship: Link element pseudo selectors
- Spec, Implement & Ship: CSS Variables: Persistent guaranteed-invalid values
- Implement and Ship: CSS aspect-ratio interpolation
-
Implement and Ship: Remove
FileSystemWritableFileStream::close()implementation - Implement and Ship: StaticRange constructor
- Prototype: Canvas Formatted Text
- Prototype: Reporting API: Isolate reports per-document and support the Reporting-Endpoints header
- Prototype: Declarative Link Capturing for PWAs
- Prototype: Allow infinity, -infinity and NaN in CSS calc()
-
Prototype: Prerendering
- https://groups.google.com/a/chromium.org/g/blink-dev/c/4oKgdB26p6g/m/4M2fIR_aAwAJ
- 既に Resource Hints の文脈で取り込まれていた機能だが問題があり No State Prefetch に置き換えられていた
- これをもう一度 Prototype して Prerender2 としてやりなおしたい
- Prototype: EyeDropper API
- Implement: Web Share API (macOS)
-
Prototype: HTMLPopupElement -
<popup>- https://groups.google.com/a/chromium.org/g/blink-dev/c/9y-Thg9UCxY
- MS が提案する新要素
<dialog>とは light-dismiss の点で違う(バックグラウンドを block しない?)
- Prototype: CSS spelling and grammar features
-
Prototype: SameParty cookie attribute
- https://groups.google.com/a/chromium.org/g/blink-dev/c/-unZxHbw8Pc
- First Party Set で作った Party にのみ Cookie を送る
- Prototype: Multi Apps API
-
Prototype: ARIA virtual content
- https://groups.google.com/a/chromium.org/g/blink-dev/c/etQ-LVhY6S4
- Twitter のような Infinite Scroll な UI を Assistive Technology に認識させる
<main id="main" aria-virtualcontent="block-end">
- Prototype: Multi-Screen Window Placement
-
Prototype: ModalCloseWatcher
- https://groups.google.com/a/chromium.org/g/blink-dev/c/NA5NC16OmsU
- ESC や Back Button など Modal を閉じるような操作をすべてフックする Listener
- このイベントで Modal を閉じる用途に利用する
<popup>の提案と被る部分があるが、並行して行う。
- Prototype: Suggested file name and location for the File System Access API
- Prototype: GravitySensor API
- Prototype: COLRv1 Color Gradient Vector Fonts
- Experiment: fetch() upload streaming
- Extend Origin Trial: scheduler.postTask
- Extend Origin Trial: Declarative Shadow DOM
- Extend Origin Trial: Conversion Measurement API
-
Extend Origin Trial: AppCache
- https://groups.google.com/a/chromium.org/g/blink-dev/c/hQ1zGoPthBU
- Reverse Origin Trials を M94 まで延期
- Experiment: MediaStreamTrack Insertable Streams (a.k.a. Breakout Box)
- Change:
- Unship:
- Remove:
-
Deprecate and Remove: Special handling of localhost6 and localhost6.localdomain6 hosts
- https://groups.google.com/a/chromium.org/g/blink-dev/c/bmdcI_q2yWQ/m/HtdNtLTSAQAJ
- localhost6 を IPv6 のループバック (
::1) として扱うという非標準の機能を消す
- Deprecate and Remove: Special handling of localhost.localdomain host
- Deprecate and Remove: Payment handlers for standardized payment method identifiers.
-
Remove: Rename User-Agent Client Hint ACCEPT-CH tokens
- https://groups.google.com/a/chromium.org/g/blink-dev/c/t-S9nnos9qU/m/pUFJb00jBAAJ
ua-*をsec-ch-ua-*にする
- Deprecate: WebRTC's Plan B SDP semantics
- Request for Deprecation Trial: Remove Content Security Policy directive 'plugin-types'
- Remove: SpeechRecognitionEvent's interpretation and emma attributes
- PSA: private prefetch proxy proposal
- web-platform-tests quarterly update - Q4 2020
- Request for feedback: required developer signals during an intent-to-ship
- Unifying the notions of "secure context" (trustworthy url/origin)
V8
- An additional non-backtracking RegExp engine · V8
Other
- Debugging WebAssembly with modern tools
- Updates to Search Console's API | Google Search Central Blog
- Introducing Google News performance report
- Index Coverage Data Improvements
- Google Developers Blog: 21 websites and apps to make your 2021 better
- Migrating Puppeteer to TypeScript
- AMP implementation best practices and common pitfalls – The AMP Blog
- Correlation between Core Web Vitals and AMP – The AMP Blog
-
Form Submit 時に Security Alert が出てしまうようになった件の報告が殺到
- HTTP -> HTTPS redirect で HTTPS 対応しているが、 Form Submit 後の Redirect (PRG Pattern) のリダイレクト先(Location)が HTTP になってる場合、
not secureなエラー画面が出てしまい、 Submit できない。 - https://groups.google.com/a/chromium.org/g/security-dev/c/_yE-XITw5nc/m/3cJyqhdBBAAJ
- https://groups.google.com/a/chromium.org/g/security-dev/c/PXuy9aKftG0/m/Nz06ohVBBAAJ
- https://groups.google.com/a/chromium.org/g/security-dev/c/HH_FO5FbiwM/m/t3s_7RRBBAAJ
- https://groups.google.com/a/chromium.org/g/security-dev/c/pBZHburF0C8/m/lnlgoApBBAAJ
- https://groups.google.com/a/chromium.org/g/security-dev/c/5jvJEvL2Wqs/m/l48yvgBBBAAJ
- https://groups.google.com/a/chromium.org/g/security-dev/c/merbn6Oo50g/m/JYERYv1ABAAJ
- https://groups.google.com/a/chromium.org/g/security-dev/c/I67LV39EgEw/m/Ju0khPNABAAJ
- Disabling the new HTTP form security check for headless
- HTTP -> HTTPS redirect で HTTPS 対応しているが、 Form Submit 後の Redirect (PRG Pattern) のリダイレクト先(Location)が HTTP になってる場合、
-
1168528 - [User Feedback - Stable] Users report Chrome's clock time measurement doesn't match local time (RU, JA) - chromium
- https://bugs.chromium.org/p/chromium/issues/detail?id=1168528&q=chrome88&can=2#c49
- Chrome アップデート後に時刻/タイムゾーンがおかしい、 18 時間ずれる等の不具合発生中(2021 年 1 月 29 日更新)
- https://did2memo.net/2021/01/20/chrome-timezone-issue/#2021128
- Chromium University 2020: Videos Published
- Building a privacy-first future for web advertising
Firefox 動向
Stable: 85.0
Updates
- 2020 MDN Web Developer Needs Assessment now available
-
And now for ... Firefox 84
- https://hacks.mozilla.org/2020/12/and-now-for-firefox-84/
- DevTools gets tab order inspection
-
Web platform additions
- Complex selector support in :not()
- PerformancePaintTiming
- AppCache removal
- WebExtensions
- WebRender comes to Linux and Android
- Localhost improvements
- Firefox 84 for developers
-
January brings us Firefox 85
- https://hacks.mozilla.org/2021/01/january-brings-us-firefox-85/
- :focus-visible
- Preload
- The Flash is dead, long live the Flash
-
Nightly previews
- Top-level await
- What're you pointing
at()?
- WebExtensions
- Firefox 85 for developers
-
Firefox 85 Cracks Down on Supercookies - Mozilla Security Blog
- https://blog.mozilla.org/security/2021/01/26/supercookie-protections/
- ネットワークのパーティショニングで supercookie 対策をした
- Welcome Yari: MDN Web Docs has a new platform
-
An update on MDN Web Docs' localization strategy
- https://hacks.mozilla.org/2020/12/an-update-on-mdn-web-docs-localization-strategy/
- CJF は機械翻訳ではなくレビュープロセスで行うことに
- Improving Cross-Browser Testing, Part 1: Web Application Testing Today
- Improving Cross-Browser Testing, Part 2: New Automation Features in Firefox Nightly - Mozilla Hacks - the Web developer blog
- Porting Firefox to Apple Silicon - Mozilla Hacks - the Web developer blog
- Analyzing Bugzilla Testcases with Bugmon - Mozilla Hacks - the Web developer blog
-
Our Year in Review: How we've kept Firefox working for you in 2020
- https://blog.mozilla.org/blog/2020/12/15/our-year-in-review-how-weve-kept-firefox-working-for-you-in-2020/
- 2020 年に Firefox に追加された機能のまとめ
-
Our Year in Review: How we've made Firefox Faster in 2020
- https://blog.mozilla.org/performance/2020/12/15/2020-year-in-review/
- 2020 年 Firefox に加えられたパフォーマンス改善の詳細
-
Encrypted Client Hello: the future of ESNI in Firefox - Mozilla Security Blog
- https://blog.mozilla.org/security/2021/01/07/encrypted-client-hello-the-future-of-esni-in-firefox/
- ESNI だけではプロトコル上問題があるため、 ClientHello 全体を暗号化する ECH が提案された
- Firefox は ESNI を早くから実装していたが、 85 から ECH に移行するという話
- These Weeks in Firefox: Issue 84
- These Weeks in Firefox: Issue 85
- These Weeks in Firefox: Issue 86
-
Guest Blog Post: Leaking silhouettes of cross-origin images – Attack & Defense
- https://blog.mozilla.org/attack-and-defense/2021/01/11/leaking-silhouettes-of-cross-origin-images/
- Canvas の
drawImage()でピクセルの不透明度によって処理速度が変わるのを利用し、 cross origin info leaks が起きる脆弱性があった - 利用している Skia で透明度によって処理を分けており、ソフトウェアデコーダの場合に処理速度が特に変わっていた
- Skia が修正され、 Chromium 、 Firefox ともに対応
Intents
- Ship: Network Partitioning
- Ship: Setting the default referrer policy to 'strict-origin-when-cross-origin'
- Ship: remote-protocol (CDP)
- Ship: Unprefixed :autofill pseudo-class, :-webkit-autofill alias.
- Ship: beforeinput event and InputEvent.getTargetRanges()
- Ship: Block HTTP ports 69, 137, 161, 1719, 1720, 1723, 6566, 10080
- Prototype: Standard :autofill pseudo-class, :-webkit-autofill alias.
- Prototype: CanvasRenderingContext2D.createConicGradient.
- Experiment:
- Change:
-
Unship: HTML
<menuitem>element and the context menu feature
Other
-
EKR 先生による「投票システム」の難しさの話
- Why getting voting right is hard, Part I: Introduction and Requirements
- Why getting voting right is hard, Part II: Hand-Counted Paper Ballots
- Why getting voting right is hard, Part III: Optical Scan
- Why getting voting right is hard, Part IV: Absentee Voting and Vote By Mail
- Why getting voting right is hard, Part V: DREs (spoiler: they're bad)
- Reimagine Open: Building a Healthier Internet
- SpiderMonkey Newsletter #8
Safari 動向
Stable: 14.0.2
Updates
- CSS Individual Transform Properties
-
Release Notes for Safari Technology Preview 117
- https://webkit.org/blog/11364/release-notes-for-safari-technology-preview-117/
- Added parse support for aspect-ratio CSS property (r269641)
- Enabled static public class fields (r269922, r269939)
- Enabled static and instance private class fields (r270066)
- Added WebRTC SFrame transform (r269830)
- Added infrastructure for WebRTC transforms (r269764)
- Added support for RTCPeerConnection.onicecandidateerror event (r270101)
- Added support for RTCRtpScriptTransform (r270107)
- Added skeleton implementation of Media Session API (r268735)
-
Release Notes for Safari Technology Preview 118
- https://webkit.org/blog/11439/release-notes-for-safari-technology-preview-118/
- Added an experimental Font details sidebar panel for showing information about the currently used font of the selected node (r270637)
- Added support for intercepting and overriding network requests (r270604)
- Implemented Definite and Indefinite Sizes in flexbox (r270578)
- Added support for aspect-ratio on replaced and non-replaced elements (r270551, r270618)
- Made only the first wheel event in a gesture to be cancelable (r270425)
- Enabled "at" methods (r270550)
- Implemented WebVTT VTTCue region attribute (r270738)
- Exposed an API for enabling or disabling Private Click Measurement (r270710)
- Added support for RTCRtpSender::setStreams (r270486)
- Changed to allow blob URLs with fragments (r270269)
- Fixed lazy loaded iframe to not lazy load when scripting is disabled (r270300)
- Fixed VoiceOver not announcing the aria-checked state for ARIA treeitem (r270333)
-
Release Notes for Safari Technology Preview 119
- https://webkit.org/blog/11525/release-notes-for-safari-technology-preview-119/
-
Speech Recognition
- Enabled SpeechRecognition by default (r270854)
- Added webkit- prefix to SpeechRecognition (r270868)
- Added availability check of speech recognition service before requesting permissions (r271031)
- Changed to fail speech recognition when the page is muted for audio capture (r271154)
- Implemented recognizer for SpeechRecognition (r270772)
- Stopped speech recognition if page becomes invisible (r271169, r271205)
-
CSS
- Added support for aspect-ratio on positioned elements (r271061)
- Changed to take aspect-ratio into account for percentage resolution (r271293)
- Implemented ::file-selector-button pseudo-element (r270784)
-
Scrolling
- Fixed scrolling issues when scrolling on only one axis is enabled (r271090)
- Sibling element wheel event regions can be wrong (r271054)
-
JavaScript
- Fixed non-enumerable property to shadow inherited enumerable property from for-in (r270874)
- Fixed Intl.DateTimeFormat#formatRange to generate the same output to Intl.DateTimeFormat#format if startDate and endDate are "practically-equal" (r271224)
- Implemented arbitrary-module-namespace-identifier-names (r270923)
- Improved performance of Object rest and spread (r271343)
-
Media
- Used low-power audio buffer sizes for more output devices (r270943)
- Updated the video element to ignore requests to enter or exit fullscreen before the current fullscreen mode change is completed (r271341)
-
WebAssembly
- Added support for memory.copy, memory.init, and data.drop behind flag (r270948)
- Added support for memory.fill behind flag (r270855)
- Added support for type-annotated select behind flag (r270827)
-
Accessibility
- Fixed aria-orientation getting ignored on input[type="range"] (r271166)
- Implemented prefers-contrast: more (r270823)
-
Web API
- Adjusted date input placeholder color based on specified text color (r270875)
- Corrected the intrinsic size stored for SVG images (r271129)
Position
- [webkit-dev] Request for position: overflow: clip and overflip-clip-margin
- [webkit-dev] Request for position: Forced Colors Mode
- [webkit-dev] Request for position on the Origin-Isolation header
- [webkit-dev] Request for position on Web Share Target
- [webkit-dev] Request for position on Reporting API (now with structured headers!)
- [webkit-dev] Request for position: Support full 'filter' syntax (i.e filter functions/shorthands) on SVG elements
- [webkit-dev] Request for position: CSS spelling and grammar features
- [webkit-dev] Request for position on Cascade Layers
- [webkit-dev] Request for position on import maps
- [webkit-dev] Request for position: Critical-CH response header, part of Client Hints Reliability proposal
Other
Edge 動向
Stable:88
Updates
-
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel
- ここでも見れる
-
https://twitter.com/MSEdgeDev
- これを見るしか無い
- Microsoft Edge 88 Privacy and Security Updates - Microsoft Edge Blog
- How to investigate Microsoft Edge's memory usage on Windows - Microsoft Edge Blog
- Sleeping Tabs in Microsoft Edge: Delivering better browser performance - Microsoft Edge Blog
Chakra
- Release ChakraCore v1.11.24 · microsoft/ChakraCore
Other
- Recent and upcoming changes to the Microsoft Edge Add-Ons store
- Now, autofill your saved passwords from Microsoft Edge on your phone!
- Sandboxing vs. Elevated Browsing (As Administrator) – text/plain
WHATWG/W3C 動向
Draft
-
Recommendation
- WebRTC 1.0 is a W3C Recommendation
- HTML Review Draft
- Proposed Recommendation
-
Candidate Recommendation
- Updated Candidate Recommendation: Web Audio API
- Working Draft
-
First Public Working Draft
- First Public Working Draft: The Screen Fold API
- First Public Working Draft: W3C Accessibility Guidelines (WCAG) 3.0
- First Public Working Draft: CSS Cascading and Inheritance Level 5
- First Public Working Drafts: EPUB 3.3
-
Chartering
-
Call for participation: 12 Working Groups switching to Patent Policy 2020
- https://lists.w3.org/Archives/Public/public-new-work/2020Dec/0009.html
- 12 の WG (CSS, HTML, WebApps, WebTransport etc) が Patent Policy v15 (2020/9) で Recharter した
- WG に継続して参加したい場合は rejoin する必要がある
- Proposed W3C Charter: Web Performance Working Group
- Service Workers Working Group Charter Extended
- W3C launches MiniApps Working Group
-
Call for participation: 12 Working Groups switching to Patent Policy 2020
Other
- W3C opens Technical Architecture Group (TAG) election
- Election Season 2020, W3C TAG Edition - Infrequently Noted
- W3C Advisory Committee Elects Technical Architecture Group
- littledan/resource-bundles: Bundles of multiple resources, to improve loading JS and the Web. Eventual hoped-for destination: WICG
-
Happy 2021! New role moving forward. from Ilya Grigorik
- https://lists.w3.org/Archives/Public/public-web-perf/2021Jan/0000.html
- WebPerf WG の co-chair だった Ilya Grigorik が charter 更新後に勇退
- Upcoming: W3C Workshop on Wide Color Gamut and High Dynamic Range for the Web
TC39 動向
Meeting
Proposals Diff
- https://github.com/tc39/proposals/compare/master@{2021-01-01}...master@{2021-02-01}
- https://tc39.github.io/beta/
-
0->1
- async do expressions
- Class Brand Checks
- Extend TimeZoneName Option
- eraDisplay option for
Intl.DateTimeFormat - Regex Set Notation
- Escaping Strings for RegExps
- Array Find From Last
- defer module import eval
- Intl.LocaleMatcher
-
1->2
- Module Blocks
- Intl Locale Info
- Intl.DisplayNames
-
2->3
- JSON Modules
- Ergonomic Brand Checks for Private Fields
-
3->4
- Intl.DateFormat.prototype.formatRange
New Proposals
-
bakkot/proposal-async-do-expressions
- https://github.com/bakkot/proposal-async-do-expressions
- do expression の async 対応
async do {}
-
tc39/proposal-regexp-set-notation
- https://github.com/tc39/proposal-regexp-set-notation
- 正規表現の中で集合演算(和/積集合 etc)
-
tc39-transfer/proposal-regex-escaping
- https://github.com/tc39-transfer/proposal-regex-escaping
- 正規表現で使える文字列としてエスケープする関数
-
tc39-transfer/proposal-array-find-from-last
- https://github.com/tc39-transfer/proposal-array-find-from-last
.findLast(),.findLastIndex()
-
tc39-transfer/proposal-defer-import-eval
- https://github.com/tc39-transfer/proposal-defer-import-eval
- import したモジュールの評価を遅延する?
- dynamic import だとコードが非同期になるが、これならならない
Other
- JSCIG/dataset: TC39 Proposal Dataset
- ECMAScript proposal: Import assertions
-
tc39/js-outreach-groups
- https://github.com/tc39/js-outreach-groups
- Educators, Frameworks, Tools and transpilers などから feedback をもらうためのミーティング
-
Press Release - NETSCAPE AND SUN ANNOUNCE JAVASCRIPT, THE OPEN, CROSS-PLATFORM OBJECT SCRIPTING LANGUAGE FOR ENTERPRISE NETWORKS AND THE INTERNET (web archive)
- https://web.archive.org/web/20060111090514/http://wp.netscape.com/newsref/pr/newsrelease67.html
- Mathias Bynens on Twitter: "JavaScript was first announced on December 4th, 1995 - exactly 25 years ago today 🤯
- https://web.archive.org/web/20060111090514/http://wp.netscape.com/newsref/pr/newsrelease67.html
- "The open, cross-platform object scripting language for enterprise networks and the Internet"" / Twitter
- 2020 年 12 月 4 日で JavaScript の発表から 25 年
IETF 動向
IETF
- materials
- httpwg
- quicwg
- webtrans
- tlswg
- wpack
- privacypass
- dispatch
- secdispatch
Spec
- RFC
- IETF Last Call
-
WG Last Call
-
HTTP Core Documents
- https://lists.w3.org/Archives/Public/ietf-http-wg/2021JanMar/0015.html
- 以下の 3 つが WGLC に
- draft-ietf-httpbis-semantics
- draft-ietf-httpbis-messaging
- draft-ietf-httpbis-cache
- 2/8 に Last Call ending
- 2/9, 11 に interim meeting
-
HTTP Core Documents
- Call for Adoption
- I-D Action
-
Draft
- https://tools.ietf.org/html/recent-drafts?days=61
-
draft-thomson-http-oblivious-00 - Oblivious HTTP
- https://tools.ietf.org/html/draft-thomson-http-oblivious-00
- HTTP を暗号化を解かずに転送する?
-
draft-thomson-http-binary-message-00 - Binary Representation of HTTP Messages
- https://tools.ietf.org/html/draft-thomson-http-binary-message-00
- H2, 3 に習って H1 をバイナリで転送する
-
draft-ietf-httpbis-http2bis-00 - Hypertext Transfer Protocol Version 2 (HTTP/2)
- https://tools.ietf.org/html/draft-ietf-httpbis-http2bis-00
- まずは Editorial から
- Push の削除などもここで入る予定
-
draft-duke-masque-other-transport-00 - The Other-Transport Extension: Arbitrary Transports over CONNECT-UDP
- https://tools.ietf.org/html/draft-duke-masque-other-transport-00
- CONNECT が TCP の Proxy を行うのに対し UDP で行う拡張
- draft-ietf-httpapi-linkset-00 - Linkset: Media Types and a Link Relation Type for Link Sets
- draft-ietf-privacypass-architecture-00 - Privacy Pass Architectural Framework
- draft-ietf-privacypass-protocol-00 - Privacy Pass Protocol Specification
- draft-ietf-privacypass-http-api-00 - Privacy Pass HTTP API
- draft-thomson-httpbis-h2-0rtt-00 - Optimizations for Using TLS Early Data in HTTP/2
- draft-schinazi-masque-h3-datagram-00 - Using QUIC Datagrams with HTTP/3
- draft-schinazi-masque-connect-udp-ecn-00 - An ECN Extension to CONNECT-UDP
- draft-liu-multipath-quic-00 - Multipath Extension for QUIC
Other
CDN 動向
Cloudflare
-
Welcome to Privacy & Compliance Week: Reflecting Values at Cloudflare's Core
- https://blog.cloudflare.com/welcome-to-privacy-and-compliance-week/
- 12/6 ~ の 1 週間は Cloudflare の Privacy & Compliance Week だった
- プライバシー関連の技術紹介や、法律順守の話が色々出ている
- Privacy needs to be built into the Internet
- Helping build the next generation of privacy-preserving protocols
-
Good-bye ESNI, hello ECH!
- https://blog.cloudflare.com/encrypted-client-hello/
- TLS ハンドシェイクの暗号化と ESNI の課題、 ECH にいたるまでの経緯
-
Improving DNS Privacy with Oblivious DoH in 1.1.1.1
- https://blog.cloudflare.com/oblivious-dns/
- Apple, Fastly と共同で Oblivious DoH (ODoH) を進めていることの紹介
- ODoH はクライアントとターゲットの間のプロキシとして動作する
- 1.1.1.1 が対応したほか、いくつかのプロキシベンダーとも提携
-
Deprecating the
__cfduidcookie- https://blog.cloudflare.com/deprecating-cfduid-cookie/
- ボット検出のために使っていた
__cfduidという Cookie をやめるというアナウンス - 機械学習のモデルを調整し、使わなくても検出できるという目処が立ったため
- Cloudflare Certifications
- Securing the post-quantum world
- Privacy and Compliance Reading List
- Network-layer DDoS attack trends for Q4 2020
-
Uganda's January 13, 2021 Internet Shut Down
- https://blog.cloudflare.com/uganda-january-13-2021-internet-shut-down/
- https://www.publickey1.jp/blog/21/post_280.html
- ウガンダで、総選挙の直前に「インターネットゲートウェイ運用停止命令」が出た
- 1/13~18 の 5 日にわたり国民がネットから切り離された
- KEMTLS: Post-quantum TLS without signatures
- Holistic web protection: industry recognition for a prolific 2020
Fastly
- DDoS attacks grow bigger, but so do responses
- When do you need low-latency HTTP live streaming?
- Debugging QUIC with H2O and QLog
Other
- 日本の CDN シェアについて調査結果@2020 年 10 月 | J-Stream CDN 情報サイト
セキュリティ動向
-
Smooz
- 国産ブラウザアプリ Smooz はあなたの閲覧情報をすべて外部送信している | reliphone (for iPhone)
- 続・国産ブラウザアプリ Smooz はあなたの閲覧情報をすべて外部送信している | reliphone (for iPhone)
- 続・続・国産ブラウザアプリ Smooz はあなたの閲覧情報をすべて外部送信している | reliphone (for iPhone)
- Smooz のサービス終了のお知らせ | Smooz Blog
- Smooz サービス終了に寄せて
- Web Deprecation Metrics
- 様々なサイバー攻撃に繋がる脆弱性 HTTP リクエストスマグリング | yamory Blog
周辺動向
- 2020 Web Almanac
-
No cookie for you - The GitHub Blog
- https://github.blog/2020-12-17-no-cookie-for-you/
- Github から 3rd Party Cookie を全て無くし、 Session Cookie のみにした
- 合意を取る必要がなくなったため、 Cookie Banner が無くなった
-
エンドツーエンド暗号化と法規制 – JPNIC Blog
- https://blog.nic.ad.jp/2020/5545/
- E2E に関する規制への署名の話の詳細
-
声明に署名した 7 ヶ国および EU が言っていることは、バックドアを作るか鍵を預けなさいということだと考えられます。 ISOC が主張するように、 E2EE を破ることは一般の人を脆弱にさらすことになり、声明署名国や EU が主張するような、プライバシーを守りつつ法執行機関が暗号化された通信コンテンツにアクセスできるようにする方法は、両立しないと考えます。とはいえ、犯罪被害者になり、 E2EE のため犯人がつかまらない、となった場合、 E2EE が絶対といえるか、と考えると難しいものがあります。
-
content-visiblityWithout Jittery Scrollbars - Infrequently Noted -
Resize-Resilient
content-visiblityFixes - Infrequently Noted - ソフトバンク・博報堂・トレジャーデータの合弁会社、 3rd パーティクッキー依存しないソリューションを提供開始 | RTB SQUARE
-
South Korea kills ActiveX-based government digital certificate service - The Register
- https://www.theregister.com/2020/12/10/south_korea_activex_certs_dead/
- 韓国政府が ActiveX 依存からの脱却へ
- Vol.49 | Internet Infrastructure Review(IIR) | IIJ の技術 | インターネットイニシアティブ(IIJ)
-
Releasing Joy-Con WebHID
- https://blog.tomayac.com/2020/12/21/releasing-joy-con-webhid/
- Switch の Joy-Con を WebHID で使う
-
Chromium's Reduction of Root DNS Traffic - Verisign Blog
- https://blog.verisign.com/domain-names/chromiums-reduction-of-root-dns-traffic/
- ブラウザが NXDOMAIN なレコードを勝手に返す ISP などの環境にある場合がある
- omni bar に単語を入れるたびにそういうサイトが表示されてしまう場合がある
- これを防ぐためにランダムなドメインの解決を 3 つやって、 IP が同じかどうかを見てた
- このクエリが多すぎて問題になっていたのが解決したという話
- M87 がリリースされて以降 41% のクエリが削減している
-
State of JS 2020
- https://2020.stateofjs.com/
-
23,765 people in 137 countries
- 日本語での回答は 27
-
State of JS 2020: Common Criticisms - DEV Community 👩💻👨💻
- https://dev.to/sachagreif/state-of-js-2020-common-criticisms-23id
- State of JS の回答者の偏り(米国、白人、男性)についてと、選択肢に入れている技術の選定について
-
Open Web Docs
- https://opencollective.com/open-web-docs/updates/introducing-open-web-docs
- https://github.com/openwebdocs/
- Open Collective で立ち上げた、 Web のドキュメンテーションの支援組織
- MDN を移行したり、別で立ち上げるのではなく、暫くは MDN(Yari) の支援が中心
- Igalia, Coil, Google, MS, Mozilla, Samsong, W3C などが参加
- 組織中立なので Mozilla 自身も参加者
- 寄付は以下から
- Microsoft
- Mozilla
- W3C
- Samsung
- Igalia
- Coil
イベント
- 1 月
- 2 月
-
3 月
- 8-12: IETF | IETF 110 Online
- TBD: TC39 Meeting
Wrap Up
-
Survey
- Web Almanac
- State of JS
- Mozilla developer needs assessments
- Open Web Doc
- CDS
- chrome.developers 公開
-
chrome 87/88 release with incident
- mixed contents で form submit 失敗
- タイムゾーンの反映が壊れて時間表示が狂う
- chrome 89 Device 系 API
- privacy sandbox 1 年経過の続報
- privacy preserving preload と prerendering 2
- private prefetch proxy proposal
<popup>と ModalCloseWacher- SameParty Cookie
- Firefox 85 で preload
- ESNI to ECH
- Network Partitioning で Super Cookie 対策
- Safari TP aspect-ratio 周り実装中
- prefers-contrast: more
- private click measurement
- WebRTC 1.0 RC
- HTML Review Draft Recommendation
- WCAG 3 FPWD
- TAG Election
- TC39 async do expression
- TC39 Proposal Dataset
- tc39/js-outreach-groups
- IETF oblivious HTTP
- Tunneling と Proxy 系のドラフトが多い
- Cloudflare Oblivious DoH
- ウガンダ Internet Shutdown
- Smooz
- ESE 暗号化と法規制まとめ