Unprefixed support for Content Security Policy
Content Security Policy (CSP) helps you reduce the risk of cross-site scripting and other content injection attacks. Starting in today’s Beta release, you can use the unprefixed Content-Security-Policy HTTP header to define a whitelist of trusted content sources. The browser will only execute or render resources from those sources. For example:
To get started, try the prefixed webkitCreateShadowRoot API available in today’s Beta release. Here’s an example from the HTML5 Rocks Shadow DOM Tutorial:
Other platform features
In addition to the highlights above, today’s Beta release introduces various other web platform features:
- Chromium's IndexedDB implementation now supports concurrent transactions. Some web apps may inadvertently rely on sequential transactions, so be sure to test yours in today’s Beta.
- Various IndexedDB features have been updated to match the spec: setVersion has been replaced with the new upgradeneeded API, and a few old constants have been removed.
- The Web Audio API now exposes an OfflineAudioContext constructor, and a few AudioContext method names have been updated to match the latest spec. Note that Chrome for Android doesn’t support the Web Audio API yet.
- The ::cue pseudo-element lets you style WebVTT cues such as HTML5 video subtitles.
Chrome Developer Tools help you debug the web. We’re rolling out several updates to desktop DevTools in today’s Beta release:
- console.clear() helps keep your console clean.
- The top toolbar is icon-free, though icons can be re-enabled in settings.
- A timeline setting was added: “Show CPU activity on the ruler.” console.log formatting accepts multiple styles. For example: console.log("%cblue! %cgreen!", "color: blue;", "color: green;").
- The docking toggle switches between most recent modes; “Dock to Right” is now the default alternative.
- Emulate the media type to view print stylesheets and @media blocks.
- The CodeMirror editor, replacing the default DevTools editor in Sources Panel, was updated to v3.
Visit chromestatus.com for a complete overview of Chrome’s developer features, and circle +Google Chrome Developers for more frequent updates.
We’ll update this post if things change, but at this point all these features are expected to land in the next Stable release. We’ve got a lot more in store for you this year, so get coding!