ep87 Monthly Web 202108
- published_at
- 2021-08-23
- guest
- @myakura
- toc
-
headings
Theme
第 87 回のテーマは 2021 年 8 月の Monthly Web です。
Show Note
Chrome 動向
Stable: 92
Updates
-
Deprecations and removals in Chrome 91 - Chrome Developers
- https://developer.chrome.com/blog/deps-rems-91/
- Remove
alert(),confirm(), andprompt()for cross origin iframes
- Deprecations and removals in Chrome 92 - Chrome Developers
-
Deprecations and removals in Chrome 93 - Chrome Developers
- https://developer.chrome.com/en/blog/deps-rems-93/
- Block ports 989 and 990
- Remove 3DES in TLS
-
WebAssembly cross-origin module sharing
- same-site も cross-origin として扱うように
Intents
- Ship: Extend Intl.DateTimeFormat timeZoneName Option
- Ship: Intl.DisplayNames v2
- Ship: Clipboard: Preserve PNG metadata
- Ship: JS Self-Profiling API
- Ship: Media Queries: prefers-contrast feature
- Ship: WebCodecs
-
Ship: Remove clamping of
setTimeout(..., 0)- https://groups.google.com/a/chromium.org/g/blink-dev/c/HKPTp7C1LwY
setTimeout(..., 0)が 1ms に固定されていた歴史的理由の実装を削除
-
Ship: EyeDropper API
- https://groups.google.com/a/chromium.org/g/blink-dev/c/rdniQ0D5UfY
- スポイトツールを表示できる API
- 結果を sRGBHex で取得し
input[type=color].valueに入れられる
-
Ship: Custom Highlight API
- https://groups.google.com/a/chromium.org/g/blink-dev/c/Q21BQb-zV0w
- JS で text の range を作り、そこをハイライトさせる API
- Ship: PermissionStatus.prototype.name
- Ship: Back-forward cache for desktop
-
Ship: Remove font-family
-webkit-<generic-name> - Implement and Ship: :autofill pseudo-class
- Implement and Ship: Logical properties for contain-intrinsic-size
- Prototype: Intl Enumeration API
- Prototype: Gamepad Button and Axis Events
-
Prototype: Standardize existing client hint naming
- https://groups.google.com/a/chromium.org/g/blink-dev/c/wTGpTPtAJGM
- 既に実装されている client hints に全部
sec-ch-をつける - https://wicg.github.io/client-hints-infrastructure/
- https://wicg.github.io/responsive-image-client-hints/
- https://wicg.github.io/savedata/#save-data-request-header-field
- https://wicg.github.io/netinfo/#networkinformation-interface
- Prototype: Web app launch handler
- Prototype: Origin Private File System extension: AccessHandle
-
Prototype: Deprecate support for URLs with non-IPv4 hostnames ending in numbers
- https://groups.google.com/a/chromium.org/g/blink-dev/c/7QN5nxjwIfM
http://foo.127.1/は PSL 的には127.1が Host となるhttp://127.1は URL の仕様的にhttp://127.0.0.1となる- これが問題になり得るので、数字で終わるホスト名を落としたいという話
- https://github.com/whatwg/url/pull/619
- mozilla も supportive っぽい
- Prototype: The "math" generic font family
-
Prototype: Deprecated and remove font-family:
-webkit-pictograph -
Prototype: CSS cascade layers
- https://groups.google.com/a/chromium.org/g/blink-dev/c/chiJ2GIECPc
- CSS の優先順位を制御する Layer の実装
- Specificity よりも優先される Layer 同士の優先度も制御しやすい
- 他ブラウザの反応はなし
- Experiment: Same-origin prerendering triggered by the speculation rules API
- Experiment: Capability Delegation with Payment Request
- Extend Experiment: Capture Handle
- Ready for Trial: Origin Private File System extension: AccessHandle
- Ready for Trial: Intl Enumeration API
- Extend Origin Trial: Subresource loading with Web Bundles
- Change:
- Unship:
- Deprecate and Remove: RTCConfiguration.offerExtmapAllowMixed
- Deprecate: Human-readable names for Bluetooth assigned numbers
-
Remove:
-internal-autofill-previewedand-internal-autofill-selected
V8
-
V8 release v9.3 · V8
- https://v8.dev/blog/v8-release-93
- Sparkplug batch compilation
- Object.hasOwn
- Error cause
- Untrusted code mitigations disabled on Android
- V8 API
Other
-
web.dev
-
2021 Scroll Survey Report
- https://web.dev/2021-scroll-survey-report/
- 45% が scroll の開発に不満をもっている
- 43% は scroll の開発が難しいと思っている
- それらをうけて compatibility の向上を進めていく
-
User preference media features client hints headers
- https://web.dev/user-preference-media-features-headers/
- みんな Prefer Color Scheme の話しかしてないけど他にもあるよ
Sec-CH-Prefers-Reduced-MotionSec-CH-Prefers-Reduced-TransparencySec-CH-Prefers-ContrastSec-CH-Forced-ColorsSec-CH-Prefers-Color-SchemeSec-CH-Prefers-Reduced-Data
- A performance-focused workflow based on Google tools
-
Building a switch component
- https://web.dev/building-a-switch-component/
- スイッチコントロールを時前実装する話
- https://github.com/whatwg/html/issues/4180
- Google はこれを標準化しようとしてたがあきらめている
- 理由は書かれてない
-
CSS accent-color
- https://web.dev/accent-color/
- form controller のスタイルのためにスタイルリセットがよくされる
- 逆に a11y 的に悪い場合が多い
- アクセントカラーを別途定義して UA がコントローラに反映させる
- Why lab and field data can be different (and what to do about it)
-
Using CSS Module Scripts to import stylesheets
- https://web.dev/css-module-scripts/
- Import Assertion で使える話
@importとのインテグレーションはまだな話
-
2021 Scroll Survey Report
- google developer blog
-
google developer japan blog
- Google Developers Japan: Chrome 92 でのフィッシング検知の高速化と効率化
-
chrome developer blog
-
Automatically start PWAs on OS Login - Chrome Developers
- https://developer.chrome.com/en/blog/run-on-login/
- 右クリックから設定できるように
- Smooth and simple page transitions with the shared element transition API - Chrome Developers
- CSS Grid tooling in DevTools - Chrome Developers
- Troubleshooting Chrome's origin trials - Chrome Developers
-
Automatically start PWAs on OS Login - Chrome Developers
- An update on how AMP is served at the OpenJS Foundation - The AMP Blog
-
ss2021 - 日本ソフトウェア科学会 プログラミング論研究会 (JSSST-SIGPPL)
- http://ppl.jssst.or.jp/index.php?ss2021
- PPL サマースクール 2021 「JavaScript 処理系と Chrome ブラウザの実装技術」
Firefox 動向
Stable: 91.0.1
Updates
-
Hopping on Firefox 91 - Mozilla Hacks - the Web developer blog
- https://hacks.mozilla.org/2021/08/hopping-on-firefox-91/
- Visual Viewport API
- New formats for Intl.DateTimeFormat
- Securing the Gamepad API
-
Firefox 91 Introduces Enhanced Cookie Clearing
- https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-enhanced-cookie-clearing/
- 分割した Cookie Jar によってトラッキングを防ぐ仕組みを強化
- 履歴を消す際にファーストパーティの Cookie だけではなく、サードパーティの Cookie も削除する
-
Firefox 91 introduces HTTPS by Default in Private Browsing
- https://blog.mozilla.org/security/2021/08/10/firefox-91-introduces-https-by-default-in-private-browsing/
- 91 からプライベートモードではデフォルトで HTTPS アクセスをする
- These Weeks in Firefox: Issue 97 - Firefox Nightly News
- These Weeks in Firefox: Issue 98 - Firefox Nightly News
-
Security Vulnerabilities fixed in Firefox 91.0.1 and Thunderbird 91.0.1
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-37/
- Firefox 91.0.1 で入ったセキュリティ修正
- HTTP/3 でヘッダ内の改行がヘッダを分割してしまうバグがあった
Intents
- Ship: Custom Elements disabledFeatures
- Ship: break-inside: avoid-{page,column}
- Ship: Class Static Initialization Blocks
- Prototype and ship: font-family: system-ui
-
Prototype and ship:
self.reportError() - Prototype and ship: ElementInternals.shadowRoot
- Prototype: Disallow relaxing referrer policy for cross-site requests
- Prototype: Web Locks
- Experiment:
- Change:
- Unship: KeyboardEvent.initKeyEvent
Other
- An update from Firefox
- Why Facebook's claims about the Ad Observer are wrong
- Privacy analysis of SWAN.community and United ID 2.0
- Firefox Security Newsletter/FSN-2021-Q2 - MozillaWiki
- How MDN's autocomplete search works - Mozilla Hacks - the Web developer blog
- Spring cleaning MDN: Part 2 - Mozilla Hacks - the Web developer blog
Safari 動向
Stable: 14.1.2
Updates
-
Release Notes for Safari Technology Preview 129
- https://webkit.org/blog/11951/release-notes-for-safari-technology-preview-129/
- Note: On macOS Big Sur, this release requires enabling GPU Process: Media option from Experimental Features under the Develop menu to address issues with streaming services.
- Added contextual documentation for CSS properties (r279510)
- Changed the sidebar panel and navigation bar to layout asynchronously during resize (r279790)
- Added support for rendering
<model>resources (r279451) - Added support for (ref null? $t) type constructor (r279265)
- Added support for Elliptic Curve P-521 (r279688)
-
Release Notes for Safari Technology Preview 130
- https://webkit.org/blog/11958/release-notes-for-safari-technology-preview-130/
- Implemented Array.prototype.findLast and Array.prototype.findLastIndex behind a runtime flag (
--useArrayFindLastMethod) (r279937) - Added support for MediaError.message (r279978)
- Added webm/opus container support for Web Audio (r280416)
- Implemented SubmitEvent interface (r279979)
- Implemented IDBTransaction.commit() (r280053)
- Implemented IDBTransaction.durability (r280415)
-
iCloud Private Relay に向けたネットワークの準備 - サポート - Apple Developer
- https://developer.apple.com/jp/support/prepare-your-network-for-icloud-private-relay/
- Egress IP のリストが公開されている
-
iOS & iPadOS 15 Beta 6 Release Notes | Apple Developer Documentation
- https://developer.apple.com/documentation/ios-ipados-release-notes/ios-ipados-15-beta-release-notes
- New Features in iOS & iPadOS 15 beta 6
-
The bottom tab bar has been redesigned to appear below page content. An option to show the address bar at the top is also available. (81118141)
Position
-
Request for position: supports(
<font-technology>) extended syntax for @font-face - Request for position: CSS @font-face descriptor advance-override
Other
- 2021 WebKit Contributors Meeting - Save the Date (9/27, 28)
Edge 動向
Stable: 92
Updates
Chakra
Other
- Super Duper Secure Mode | Microsoft Browser Vulnerability Research
- Compat2021: Improving CSS Grid compatibility with GridNG - Microsoft Edge Blog
- Enhancing Inking on the Web
-
CSS module scripts:
importstylesheets like JavaScript modules
WHATWG/W3C 動向
Draft
- Recommendation
-
Proposed Recommendation
- Call for Review: DOM Review Draft 15 June 2020 is a W3C Proposed Recommendation
- Candidate Recommendation
- Working Draft
-
First Public Working Draft
- First Public Working Draft: MathML Core
-
Chartering
- Call for Participation: Browser Testing and Tools Working Group Charter Approved; Join BTT WG
- Cognitive Accessibility Community Group created
- Proposed W3C Charters: Internationalization Working Group and Interest Group
- Proposed W3C Charter: Web Applications Working Group
- [wbs] response to 'Call for Review: Proposed W3C Process Document'
- Call for Participation: Accessible Platform Architectures Working Group Charter Approved; Join APA WG
Other
TC39 動向
Meeting
Proposals Diff
New Proposals
Other
- JavaScript needs more helper functions for iteration (map, filter, etc.)
IETF 動向
WG
- IETF111 Online
-
httpwg
- IETF でのセッションは無し
- https://lists.w3.org/Archives/Public/ietf-http-wg/
- https://github.com/httpwg/wg-materials/
- Binary Messages
- Roman Danyliw's No Objection on draft-ietf-httpbis-cache-header-09: (with COMMENT)
- Artart telechat review of draft-ietf-httpbis-cache-header-09
- PoW (Re: Attack research on HTTP/2 implementations)
- Extended CONNECT, Capsules in DATA, HTTP Upgrade Tokens
- Benjamin Kaduk's No Objection on draft-ietf-httpbis-cache-header-09: (with COMMENT)
- Ddos prevention for ssl
- Signature Negotiation
- Attack research on HTTP/2 implementations
- Negotiating Window Limits for Content Encodings
- Tsvart last call review of draft-ietf-httpbis-proxy-status-05
- I-D Action: draft-ietf-httpbis-bcp56bis-13.txt
-
Revised HTTP core specifications submitted (drafts 18)
- https://lists.w3.org/Archives/Public/ietf-http-wg/2021JulSep/0241.html
- semantics, cache, messaging が 18 になって IESG のレビューをカバーした
-
IETF Last Call for HTTP 'core' documents
- https://lists.w3.org/Archives/Public/ietf-http-wg/2021JulSep/0252.html
- -18 をもって 2 週間後にもう一度 IETF Last Call
- Protocol Action: 'The Cache-Status HTTP Response Header Field' to Proposed Standard
-
Interim meeting -- planning
- https://lists.w3.org/Archives/Public/ietf-http-wg/2021JulSep/0230.html
- 9 月の終わりに interim を実施し IETF 中はやらない
- I-D Action: draft-ietf-httpbis-proxy-status-06.txt
- I-D Action: draft-ietf-httpbis-message-signatures-06.txt
-
quicwg
- https://mailarchive.ietf.org/arch/browse/quic/
- https://github.com/quicwg/wg-materials
- agenda
- minutes
-
slides
-
https://github.com/quicwg/wg-materials/blob/main/ietf111/ops-drafts.pdf
- AMP に使える送信元ポートを使わないように閉じる議論
- 仕様に書くのではなく IANA に登録しよう
-
https://github.com/quicwg/wg-materials/blob/main/ietf111/datagram.pdf
- -03 で実装が多くありデプロイも進んでる
- -04 にして WGLC できそう
- https://github.com/quicwg/wg-materials/blob/main/ietf111/qlog.pdf
- https://github.com/quicwg/wg-materials/blob/main/ietf111/quic-lb.pdf
- https://github.com/quicwg/wg-materials/blob/main/ietf111/version-negotiation.pdf
- https://github.com/quicwg/wg-materials/blob/main/ietf111/0rtt-bdp.pdf
- https://github.com/quicwg/wg-materials/blob/main/ietf111/ack-frequency.pdf
- https://github.com/quicwg/wg-materials/blob/main/ietf111/multipath-experiments.pdf
- https://github.com/quicwg/wg-materials/blob/main/ietf111/quic-version-stuff.pdf
-
https://github.com/quicwg/wg-materials/blob/main/ietf111/ops-drafts.pdf
-
webtrans
- https://mailarchive.ietf.org/arch/browse/webtransport/
- https://github.com/DavidSchinazi/webtrans-wg-materials
- agenda
- minuts
-
slide
- https://datatracker.ietf.org/meeting/111/materials/slides-111-webtrans-ietf-111-webtrans-wg-slides-01
- WebTransport over H2 で H3 がない時のフォールバック
- Datagram の Priority を http の priority とは別にやる
- MASQUE で今後の拡張をするうえでの整理
- Layered するのか Integrated するのか
-
tlswg
- https://mailarchive.ietf.org/arch/browse/tls/
- https://github.com/tlswg/wg-materials
- agenda
- minutes
-
slides
-
https://datatracker.ietf.org/meeting/111/materials/slides-111-tls-ctls-00
- いらないものを削ぎ落とそうとしてる
-
https://datatracker.ietf.org/meeting/111/materials/slides-111-tls-encrypted-client-hello-00
- 仕様はだいたいできて、セキュリティ issue もない
- -12 を出してテストデプロイを始めたい
- IETF112 で再度話そう
- https://datatracker.ietf.org/meeting/111/materials/slides-111-tls-tls-chairs-slides-ietf-111-00
-
https://datatracker.ietf.org/meeting/111/materials/slides-111-tls-deprecating-obsolete-key-exchange-00
- PFS 無いし RSA での鍵交換はもう非推奨
- FFDHE はどうするか、 deprecate すると interop 問題がありそう?
- そういう問題があるので Chrome は DHE を落とした
-
https://datatracker.ietf.org/meeting/111/materials/slides-111-tls-snip-00
- ダウングレードが発生したことがわからない
- 拡張で伝えよう
- https://datatracker.ietf.org/meeting/111/materials/slides-111-tls-hybrid-key-exchange-in-tls-13-00
- https://datatracker.ietf.org/meeting/111/materials/slides-111-tls-tls-pok-00
- https://datatracker.ietf.org/meeting/111/materials/slides-111-tls-authkem-01
-
https://datatracker.ietf.org/meeting/111/materials/slides-111-tls-ctls-00
-
wpack
- https://mailarchive.ietf.org/arch/browse/wpack/
- agenda
-
slide
- https://datatracker.ietf.org/meeting/111/materials/slides-111-wpack-web-bundles-00
- Chrome の WebBundles and Bundle Preloading と Resource Bundles の対比の話
- module fragments (TC39 stage1) との関連の話
- ohttp
-
privacypass
- agenda
-
slide
- https://datatracker.ietf.org/meeting/111/materials/slides-111-privacypass-privacypass-updates-01
- https://datatracker.ietf.org/meeting/111/materials/slides-111-privacypass-summary-from-anonymous-credentials-meeting-00
- https://datatracker.ietf.org/meeting/111/materials/slides-111-privacypass-adding-public-metadata-01
-
pearg
- minutes
-
slide
- https://datatracker.ietf.org/meeting/111/materials/slides-111-pearg-private-relay-00
- https://datatracker.ietf.org/meeting/111/materials/slides-111-pearg-website-fingerprinting-in-the-age-of-quic-00
- https://datatracker.ietf.org/meeting/111/materials/slides-111-pearg-shortor-improving-tor-network-latency-through-multi-hop-overlay-routing-00
- https://datatracker.ietf.org/meeting/111/materials/slides-111-pearg-chair-slides-00
- https://datatracker.ietf.org/meeting/111/materials/slides-111-pearg-safe-internet-measurement-00
- https://datatracker.ietf.org/meeting/111/materials/slides-111-pearg-lets-talk-about-floc-00
- dispatch
-
masque
- minutes
-
slide
- https://datatracker.ietf.org/meeting/111/materials/slides-111-masque-the-connect-ip-http-method-for-proxying-ip-traffic-00
-
https://datatracker.ietf.org/meeting/111/materials/slides-111-masque-http-dgram-priorities-01
- http datagram での priority の話
- https://datatracker.ietf.org/meeting/111/materials/slides-111-masque-chair-slides-00
- https://datatracker.ietf.org/meeting/111/materials/slides-111-masque-http-datagrams-and-connect-udp-01
- https://datatracker.ietf.org/meeting/111/materials/slides-111-masque-connect-ip-proxying-ip-packets-01
- httpapi
- multicast for web sidemeeting
- Media over QUIC sidemeeting
-
追えてない
- WiSH
- Gnap
Other
CDN 動向
Cloudflare
Fastly
Other
セキュリティ動向
- Inspecting Certificates in Edge - text/plain
- Privacy-Enhancing Technologies and Building for the Future | Facebook for Business
- Dutch government to stop issuing TLS certs because of ever-complicated standards - The Record by Recorded Future
周辺動向
-
第 1 回支援技術利用状況調査報告書 | 日本視覚障害者 ICT ネットワーク
- https://jbict.net/survey/at-survey-01
- PC は PC-Talker - Netreader が圧倒的
- Mobile は iOS voice over が圧倒的
-
Modern web apps without JavaScript bundling or transpiling
- https://world.hey.com/dhh/modern-web-apps-without-javascript-bundling-or-transpiling-a20f2755
- 2016 年に WebPacker を開発し 2017 年に Rails 5.2 に入れた
- その後状況が変わり、 ES6 は実装され、 HTTP2 は普及し、 Import Map が生まれた
- Bundling はキャッシュ粒度も低いし、 WebPack は複雑
- もう WebPacker をデフォルトにするのはやめ Import Map とその shim に移行
- JSX, TS などのトランスパイルは別で
-
Is Safari the new IE ?
- Breaking the web forward - QuirksBlog
- HTTP 203: Is Safari the new IE?
- For developers, Apple's Safari is crap and outdated - Perry Sun | Blog
- Safari isn't protecting the web, it's killing it | HTTP Toolkit
イベント
-
9 月
- 31-01: TC39
- 7-11: SecWeb
- 27-28: WebKit Contributors Meeting
-
10 月
-
18-29: TPAC:
- 10/18-22 October: Breakout sessions
- 10/25-29 October: Groups and Joint Meetings
- https://lists.w3.org/Archives/Public/public-webrtc/2021Apr/0027.html
-
18-29: TPAC:
-
11 月
- 6-12: IETF112 Online
Wrap Up
-
Chrome
- deprecation removals 91, 92, 93 の delay
- EyeDropper API
- Client Hints 全部に Sec-Ch つける
- 数字で終わるホストをドロップする話
- Prototype Layers
- accent-color
- switch component
- AMP Cache to Open JS Foundation
-
Firefox
- HTTPS default on Private mode
- H3 header splitting attack
-
Safari
- iOS 15beta で URL バー位置変更
- 新しい楕円曲線追加
-
Edge
- Super Duper Secure mode
- GridNG
-
W3C
- なし
-
TC39
- なし
-
IETF111
- httpwg core draft 18 の IETF LC 間近
- quicwg datagram
- webtrans h2 fallback
- tlswg FFDH 現状と ECH
- wpack Resource Bundling 現状まとめ
- ohttp 初の BoF
- pearg で Private Relay / FLoC 今後の話
- multicast to browser
-
周辺
- 支援技術調査
- DHH の importmap への期待
- Is Safari new IE ?