HTTP Content-Security-Policy, the @viewport rule and Improved Performance
Published on in Google Chrome, Last Week, tech, WebKit. Version: Chrome 25
Today’s update talks about the 925 Chromium changes and 677 WebKit changes made during the past week.
The version number Google Chrome will be using is now equal to the value of a British Pony, as carefully described by Anthony. As usual, there’s a label for a rough overview of the changes that went in to Chrome 24.
The version of CodeMirror Web Inspector uses, which is available as an experimental editor, has been updated to version 3. Redoing an action can now be done by typing Ctrl+Y on non-Mac platforms. Furthermore, the CPU Activity feature of the Timeline panel has been promoted out of being experimental. A native memory usage overview has been implemented as well.
Quite a few performance improvements went in last week. Elliott improved performance of getElementsByTagName, among various other tests, by several percentages. Eric has been working on addressing RoboHornet(Pro) issues: rendering tables with column groups now is twice as fast, devirtualizing first- and lastChild() yielded another 30% speedup, and another 35% improvement which lowers the total test run-time from 8.2 seconds to just 5.3!
As there is no way to set them through CSS, vertex shaders with custom attributes used by CSS Shaders are now considered invalid. The -webkit-user-select property now accepts the “all” value, and -webkit-line-break has been updated to also understand “auto”, “strict” and “loose”. Thiago landed parsing for the @-webkit-viewport rule, together with the max-zoom, min-zoom, orientation and user-zoom CSS properties and their validation.
WebKit’s Content Security Policy implementation will now listen to unprefixed Content-Security-Policy headers included in the HTTP response. This header will be preferred to X-WebKit-CSP, which still must be used in case you’re supplying CSP 1.1 features to the browser. Development of the cross-site scripting protection has been picked up again. Malformed headers will now be reported, and report URLs can now be defined in the X-XSS-Protection header.
Other changes which occurred last week:
- All code related to the experimental Undo Manager API has been removed, as it went unmaintained.
- Touch adjustment scoring now normalizes with respect to the maximum possible overlap area.
- Apple enabled support for sub-pixel layout positioning on the Mac port.
- WebKit is now being built as C++11 code on Mac platforms.
- Support for “user-select: all” has been enabled for all WebKit2 users.
- An iOS builder has been added to Chromium’s commit queue, and can now close the tree on failures!
- The Tab Capture Extension API may now also be enabled on Chrome OS and Windows.
- The <webview> element and permissions are now available for platform apps on the dev channel.
- Only the first Strict-Transport-Security header will be processed, as defined in its specification.
- Support for Shadow DOM unfortunately has been delayed until Google Chrome 25..!
Published on a Monday, that’s been a while :--)