Chrome 11, a renewed XSS Filter and vertical text for multiple-column layouts
Published on in Google Chrome, Last Week, tech, WebKit. Version: Chrome 11
A combined total of almost 1300 changes have made it a busy week for the Chromium and WebKit projects, with highlights such as work on two Chromium Extension APIs, a new XSS Filter and lots of work on shadows.
The Chromium team increased Chrome’s major version to 11. Google Chrome 10 will be using branch 648, which represents all WebKit commits up to r76408. Do keep in mind that important fixes will be merged with the branch, so these numbers aren’t entirely accurate.
In terms of security, Adam Barth’s latest project is a new design for WebKit’s XSS filter. Rather than watching scripts as they execute, the tokens emitted by the HTML tokenizer will be analyzed. So far, the filter has been taught about processing the <script>, <object> and <embed>, <applet>, and the <meta> and <base> elements. A message will be added to Web Inspector’s console if anything gets blocked.
There has been lots of specification-related activity as well this week. The perspective property from the CSS 3D Transforms module now accepts lengths rather than a number, range and number inputs will reject event-based changes if they’re declared disabled or readonly and checkValidity will now return the correct result if an invalid event got cancelled.
Dave Hyatt continued his work on supporting vertical text, and landed a change which adds support for vertical text in multiple column layouts. Changing the unicode-bidi property will force a re-layout, as will changing font-sizes when the em-unit is used in a gradient.
Simon Fraser has done quite some work on shadows and introduced the ShadowBlur class, which will be used to unify shadow rendering across platforms. Two follow-up patches added support for inset box shadows, and the -webkit-box-shadow property has switched over to the new system as well, making people happy 🙂
Other changes from last week include:
- The onclick event will be fired again for middle-clicks, due to regressions.
- The Web Audio API’s FFTFrame class has been ported to use the FFTW Library as well.
- A TouchTabStrip class has been added to Chromium, maybe towards supporting this.
- Widths of the text-based <input> types for Windows has been unified.
- Small caps may now be used for complex text in the Linux version of Chromium.
- The new tab page in Chromium will now automatically scroll when dragging Apps.
- An API has landed to start supporting localized numbers in <input type=number> fields.
- The first commit related to the webRequest Extension API in Chromium just landed (thanks, temp01!)
- Lots of convolver changes from the Google TV Project have been integrated in Chromium.
- An issue has been fixed with inset shadows for elements with large border radiuses.
- Jennifer Braithwaite proposed a new Chromium Extension API for static panels.
- Radio input-boxes will now be restored properly after navigating back to the page.
- <progress>’ --webkit-progress-bar-value pseudo-element has been updated to the Shadow DOM.
- Google Health and Google Checkout have been hardcoded to use Strict Transport Security.
- Chromium’s notifications won’t annoy you anymore when watching a full-screen movie.
- Experimental support for HTTP Pipelining in WebKit for Mac OS X Lion has been added.
- Incognito preference settings have been introduced to Chromium.
- WebGL can now properly handle PNG textures which use indexed colors.
- Two patches have landed containing refactoring for the printing workflow on Windows.
- The WebKit2 client is now able to print asynchronously.
And that’d be all again!