Chromium Blog
News and developments from the open source browser project
Chrome 25 Beta: Content Security Policy and Shadow DOM
lunedì 14 gennaio 2013
Earlier today
we released Chrome 25 on the
Beta channel
, and last week we introduced
the Beta channel for Chrome for Android
. To kick off the new year, we’ve packed these releases full of developer features. You’ll find all the updates described here in both the desktop and Android releases unless otherwise noted.
Unprefixed support for Content Security Policy
Content Security Policy
(CSP) helps you reduce the risk of cross-site scripting and other content injection attacks. Starting in today’s Beta release, you can use the
unprefixed
Content-Security-Policy
HTTP header to define a whitelist of trusted content sources. The browser will only execute or render resources from those sources. For example:
Prefixed support for Shadow DOM
Web Components
is a set of cutting edge standards that will make it possible to build reusable widgets for the web. Shadow DOM is a key part of Web Components that enables DOM tree encapsulation. Without it, widgets may inadvertently break pages by using conflicting CSS selectors, class or id names, or JavaScript variables.
To get started, try the prefixed
webkitCreateShadowRoot
API available in today’s Beta release. Here’s an example from the
HTML5 Rocks Shadow DOM Tutorial
:
We think Shadow DOM is an important step forward for the web, so we've submitted a comprehensive
test suite
to the W3C to help ensure compatibility between implementations.
Other platform features
In addition to the highlights above, today’s Beta release introduces various other web platform features:
The
JavaScript Web Speech API
enables speech-to-text on the desktop web. Check out this cool
tutorial and demo
to learn how to add speech to your webpages.
For speed junkies, the
Resource Timing API
exposes detailed timing information to JavaScript about subresources loaded by the page, and the
User Timing API
provides access to high-precision timestamps to help measure web app performance.
Chromium's IndexedDB implementation now supports
concurrent transactions
. Some web apps may
inadvertently rely on sequential transactions
, so be sure to test yours in today’s Beta.
Various IndexedDB features have been updated to match the spec:
setVersion
has been
replaced
with the new
upgradeneeded
API, and a few
old constants
have been removed.
The
Web Audio API
now exposes an
OfflineAudioContext
constructor, and a few
AudioContext method names
have been updated to match the latest spec. Note that Chrome for Android doesn’t support the Web Audio API yet.
The
::cue
pseudo-element
lets you
style WebVTT cues
such as HTML5 video subtitles.
Last week’s Beta
release
of Chrome for Android also brought many features already available on other Chrome versions to Android as well. These features are described in detail in the
announcement
on the Chromium blog.
DevTools
Chrome
Developer Tools
help you debug the web. We’re rolling out several updates to desktop DevTools in today’s Beta release:
console.clear()
helps keep your console clean.
The top toolbar is icon-free, though icons can be re-enabled in settings.
A timeline setting was added: “Show CPU activity on the ruler.” console.log formatting accepts multiple styles. For example:
console.log("%cblue! %cgreen!", "color: blue;", "color: green;")
.
The docking toggle switches between most recent modes; “Dock to Right” is now the default alternative.
Emulate the media type to view print stylesheets and @media blocks.
The CodeMirror editor, replacing the default DevTools editor in Sources Panel, was updated to v3.
Stay in the loop
Visit
chromestatus.com
for a complete overview of Chrome’s developer features, and circle
+Google Chrome Developers
for more frequent updates.
We’ll update this post if things change, but at this point all these features are expected to land in the next
Stable release
. We’ve got a lot more in store for you this year, so get coding!
Posted by Eric Bidelman, Chrome Developer Advocate and Web Platform Enthusiast
Etichette
$200K
1
10th birthday
4
abusive ads
1
abusive notifications
2
accessibility
3
ad blockers
1
ad blocking
2
advanced capabilities
1
android
2
anti abuse
1
anti-deception
1
background periodic sync
1
badging
1
benchmarks
1
beta
83
better ads standards
1
billing
1
birthday
4
blink
2
browser
2
browser interoperability
1
bundles
1
capabilities
6
capable web
1
cds
1
cds18
2
cds2018
1
chrome
35
chrome 81
1
chrome 83
2
chrome 84
2
chrome ads
1
chrome apps
5
Chrome dev
1
chrome dev summit
1
chrome dev summit 2018
1
chrome dev summit 2019
1
chrome developer
1
Chrome Developer Center
1
chrome developer summit
1
chrome devtools
1
Chrome extension
1
chrome extensions
3
Chrome Frame
1
Chrome lite
1
Chrome on Android
2
chrome on ios
1
Chrome on Mac
1
Chrome OS
1
chrome privacy
4
chrome releases
1
chrome security
10
chrome web store
32
chromedevtools
1
chromeframe
3
chromeos
4
chromeos.dev
1
chromium
9
cloud print
1
coalition
1
coalition for better ads
1
contact picker
1
content indexing
1
cookies
1
core web vitals
2
csrf
1
css
1
cumulative layout shift
1
custom tabs
1
dart
8
dashboard
1
Data Saver
3
Data saver desktop extension
1
day 2
1
deceptive installation
1
declarative net request api
1
design
2
developer dashboard
1
Developer Program Policy
2
developer website
1
devtools
13
digital event
1
discoverability
1
DNS-over-HTTPS
4
DoH
4
emoji
1
emscriptem
1
enterprise
1
extensions
27
Fast badging
1
faster web
1
features
1
feedback
2
field data
1
first input delay
1
Follow
1
fonts
1
form controls
1
frameworks
1
fugu
2
fund
1
funding
1
gdd
1
google earth
1
google event
1
google io 2019
1
google web developer
1
googlechrome
12
harmful ads
1
html5
11
HTTP/3
1
HTTPS
4
iframes
1
images
1
incognito
1
insecure forms
1
intent to explain
1
ios
1
ios Chrome
1
issue tracker
3
jank
1
javascript
5
lab data
1
labelling
1
largest contentful paint
1
launch
1
lazy-loading
1
lighthouse
2
linux
2
Lite Mode
2
Lite pages
1
loading interventions
1
loading optimizations
1
lock icon
1
long-tail
1
mac
1
manifest v3
2
metrics
2
microsoft edge
1
mixed forms
1
mobile
2
na
1
native client
8
native file system
1
New Features
5
notifications
1
octane
1
open web
4
origin trials
2
pagespeed insights
1
pagespeedinsights
1
passwords
1
payment handler
1
payment request
1
payments
2
performance
20
performance tools
1
permission UI
1
permissions
1
play store
1
portals
3
prefetching
1
privacy
2
privacy sandbox
4
private prefetch proxy
1
profile guided optimization
1
progressive web apps
2
Project Strobe
1
protection
1
pwa
1
QUIC
1
quieter permissions
1
releases
3
removals
1
rlz
1
root program
1
safe browsing
2
Secure DNS
2
security
36
site isolation
1
slow loading
1
sms receiver
1
spam policy
1
spdy
2
spectre
1
speed
4
ssl
2
store listing
1
strobe
2
subscription pages
1
suspicious site reporter extension
1
TCP
1
the fast and the curious
23
TLS
1
tools
1
tracing
1
transparency
1
trusted web activities
1
twa
2
user agent string
1
user data policy
1
v8
6
video
2
wasm
1
web
1
web apps
1
web assembly
2
web developers
1
web intents
1
web packaging
1
web payments
1
web platform
1
web request api
1
web vitals
1
web.dev
1
web.dev live
1
webapi
1
webassembly
1
webaudio
3
webgl
7
webkit
5
WebM
1
webmaster
1
webp
5
webrtc
6
websockets
5
webtiming
1
writable-files
1
yerba beuna center for the arts
1
Archive
2024
dic
ago
giu
mag
apr
mar
feb
2023
nov
ott
set
ago
giu
mag
apr
feb
2022
dic
set
ago
giu
mag
apr
mar
feb
gen
2021
dic
nov
ott
set
ago
lug
giu
mag
apr
mar
feb
gen
2020
dic
nov
ott
set
ago
lug
giu
mag
apr
mar
feb
gen
2019
dic
nov
ott
set
ago
lug
giu
mag
apr
mar
feb
gen
2018
dic
nov
ott
set
ago
lug
giu
mag
apr
mar
feb
gen
2017
dic
nov
ott
set
ago
lug
giu
mag
apr
mar
feb
gen
2016
dic
nov
ott
set
ago
giu
mag
apr
mar
feb
gen
2015
dic
nov
ott
set
ago
lug
giu
mag
apr
mar
feb
gen
2014
dic
nov
ott
set
ago
lug
giu
mag
apr
mar
feb
gen
2013
dic
nov
ott
set
ago
lug
giu
mag
apr
mar
feb
gen
2012
dic
nov
ott
set
ago
lug
giu
mag
apr
mar
feb
gen
2011
dic
nov
ott
set
ago
lug
giu
mag
apr
mar
feb
gen
2010
dic
nov
ott
set
ago
lug
giu
mag
apr
mar
feb
gen
2009
dic
nov
set
ago
lug
giu
mag
apr
mar
feb
gen
2008
dic
nov
ott
set
Feed
Follow @ChromiumDev
Give us feedback in our
Product Forums
.