Chrome 60

Enabled (31) | Origin Trial (1) | Behind a flag (3) | Deprecated (0) | Removed (7)

Enabled by default in 60

This release of Chrome had 31 new features.

Android Payment Apps

Web payments is a W3C standard API for e-commerce websites to collect payment information from users with user consent. This feature lets users pay using native Android payment apps. #

This feature was specified in this Spec.

Resources

No linked docs

Samples: https://rsolomakhin.github.io/pr/bob/https://rsolomakhin.github.io/pr/alipay/

CSS font-display

Adds the @font-face descriptor and a corresponding property for controlling how a downloadable font renders before it is fully loaded. #

This feature was specified in this Spec.

Resources

Docs: https://developer.mozilla.org/docs/Web/CSS/@font-face/font-display

Samples: http://output.jsbin.com/nigahi/latest/quiet

CSS font-stretch

Add support the the CSS font-stretch property. #

This feature was specified in this Spec.

Resources

Docs: https://developer.mozilla.org/en-US/docs/Web/CSS/font-stretch

No linked samples

CSS4 :focus-within pseudo-class

The :focus-within pseudo-class applies to elements for which the :focus pseudo class applies. An element also matches :focus-within if one of its descendants in the flat tree (including non-element nodes, such as text nodes) matches the conditions for matching :focus. #

This feature was specified in this Spec.

Resources

Docs: https://developer.mozilla.org/en-US/docs/Web/CSS/:focus-within

Samples: http://codepen.io/anon/pen/xOLJymhttps://blogs.igalia.com/mrego/files/2017/05/focus-within-demo.htmlhttps://blogs.igalia.com/mrego/files/2017/05/focus-within-menu.html

Client.type

The type read-only property of the Client interface indicates the type of client the service worker is controlling. #

This feature was specified in this Spec.

Resources

Docs: https://developer.mozilla.org/en-US/docs/Web/API/Client/type

No linked samples

Constructor for DataTransfer

The new asynchronous clipboard API makes use of DataTransfer objects and has a need to be able to construct new ones. For example (with new clipboard api): var data = new DataTransfer(); data.items.add("\(°o°)/", "text/plain"); navigator.clipboard.write(data).then(function() { console.log(“Copied to clipboard successfully! ᕕ( ᐛ )ᕗ”); }, function() { console.error(“Unable to write to clipboard. (╯ಠ_ಠ)╯︵ ┻━┻”); }); #

This feature was specified in this Spec.

Resources

Docs: Spec change: https://github.com/whatwg/html/commit/688a102b52c7050a6808a05c5d8fe149c0937fd7Tests: http://w3c-test.org/html/editing/dnd/datastore/datatransfer-constructor-001.htmlhttps://developer.mozilla.org/en-US/docs/Web/API/DataTransferhttps://developer.mozilla.org/en-US/docs/Web/API/DataTransfer/DataTransfer

Samples: https://w3c.github.io/clipboard-apis/#h-clipboard-write-data

Credential Management API - CredentialsContainer.create

This feature introduces the CredentialsContainer.create method to the Credential Management API. This method allows for asynchronous creation of Credential objects. #

This feature was specified in this Spec.

Resources

Docs: https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainerhttps://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create

No linked samples

Document constructor

Support new Document() to create a Document instance. #

This feature was specified in this Spec.

Resources

Docs: https://developer.mozilla.org/en-US/docs/Web/API/Documenthttps://developer.mozilla.org/en-US/docs/Web/API/Document/Document

No linked samples

Don't load tiny cross-origin plugin content

Remove tiny content exception for "Detect and run important plugin content" setting. This means that cross-origin plugin content that is 5x5 or smaller will not load under the default setting. #

This feature was specified in this Spec.

Resources

Docs: https://groups.google.com/a/chromium.org/d/msg/chromium-dev/QL2K4yFVg_U/vj44YWOaAwAJhttps://docs.google.com/document/d/1IqaOmCgQWN1l-dgM9fSDFDQQEy_fQjs7SiqDsYjrefE/edit

No linked samples

Drop SiteBoundCredential concept in favor of a CredentialUserData mixin in CM API

This change drops the SiteBoundCredential interface in favor of a CredentialUserData mixin. This change was introduced in the Credential Manager API specification with commit a43865bd8aa9842dbc8d8e688d5668c087677eac (https://github.com/w3c/webappsec-credential-management/commit/a43865bd8aa9842dbc8d8e688d5668c087677eac). #

This feature was specified in this Spec.

Resources

Docs: https://developer.mozilla.org/en-US/docs/Web/API/Credential_Management_API

No linked samples

Expose passwords to JavaScript in Credential Management API

This change exposes passwords to JavaScript in the Credential Management API by providing the corresponding attribute on PasswordCredential. Furthermore it deprecates the previously existing PasswordCredential attributes and the custom `fetch()` `credential` infrastructure. #

This feature was specified in this Spec.

Resources

Docs: https://developers.google.com/web/updates/2017/06/credential-management-updateshttps://developer.mozilla.org/en-US/docs/Web/API/PasswordCredentialhttps://developer.mozilla.org/en-US/docs/Web/API/PasswordCredential/password

No linked samples

Feature Policy

Allow site authors to selectively enable and disable use of various browser features and APIs. #

This feature was specified in this Spec.

Resources

Docs: https://developers.google.com/web/updates/2018/06/feature-policyhttps://docs.google.com/document/d/1k0Ua-ZWlM_PsFCFdLMa8kaVTo32PeNZ4G7FFHqpFx4E/edit?usp=sharinghttps://chrome.google.com/webstore/detail/feature-policy-tester-dev/pchamnkhkeokbpahnocjaeednpbpacop

Samples: https://feature-policy-demos.appspot.com/

Fetch API: Request/Response.formData

Allows multipart/form-data and application/x-www-form-urlencoded fetch requests and responses to be consumed and parsed into FormData objects. #

This feature was specified in this Spec.

Resources

Docs: https://developer.mozilla.org/en-US/docs/Web/API/Bodyhttps://developer.mozilla.org/en-US/docs/Web/API/Body/formData

No linked samples

First Paint Timing API

API to enable developers to measure time for First Paint (FP) & First Contentful Paint (FCP) -- the first key moments in loading that they care about. These moments are added as 'paint' entries in the Performance Timing API. #

This feature was specified in this Spec.

Resources

Docs: https://developer.mozilla.org/en-US/docs/Web/API/PerformancePaintTiminghttps://developers.google.com/web/updates/2017/07/nic60#paint

No linked samples

InputEvent

InputEvent allows user input to be managed by script and help interactive with IME. #

This feature was specified in this Spec.

Resources

Docs: https://developer.mozilla.org/en-US/docs/Web/API/InputEvent

No linked samples

New VP9 codec string and Profile 2 support

VP9 is an open and royalty-free video codec that has been supported in Chromium since 2013. This update adds a new string format for describing the encoding properties, such as the profile, level, etc. Such properties are common in video codecs but are not exposed in the current VP9 string format. In addition, this update includes using the new format to advertise support for VP9 Profile 2. The string format is accepted by media-related APIs #

This feature was specified in this Spec.

Resources

Docs: https://www.webmproject.org/vp9/mp4/

Samples: https://googlechrome.github.io/samples/media/vp9-codec-string.html

Object rest/spread properties

This introduces rest properties for object destructuring assignment and spread properties for object literals. #

This feature was specified in this Spec.

Resources

Docs: https://developers.google.com/web/updates/2017/06/object-rest-spreadhttps://developer.mozilla.org/docs/Web/JavaScript/Reference/Operators/Object_initializer#Spread_propertieshttps://developer.mozilla.org/docs/Web/JavaScript/Reference/Operators/Spread_syntax#Spread_in_object_literalshttps://docs.google.com/document/d/1ZlhIAoZkaSddN6dXbebzNjXUA-oIEwzOd3dgoVejnK8/

Samples: http://www.2ality.com/2016/10/rest-spread-properties.html

PaymentDetailsInitId

Add a free-form identifier for payment request. This will be set using PaymentDetailsInit and reflected through PaymentRequest and PaymentResponse and to payment apps. If no identifier is specified a unique identifier will be created. #

This feature was specified in this Spec.

Resources

Docs: https://github.com/w3c/browser-payment-api/issues/388https://github.com/w3c/browser-payment-api/pull/426https://developer.mozilla.org/en-US/docs/Web/API/PaymentRequest/PaymentRequesthttps://developer.mozilla.org/en-US/docs/Web/API/PaymentRequesthttps://developer.mozilla.org/en-US/docs/Web/API/PaymentResponse

No linked samples

PaymentRequest.complete result "unknown"

Replace the PaymentRequest.complete enum value "" with the more descriptive "unknown". #

This feature was specified in this Spec.

Resources

Docs: https://developer.mozilla.org/en-US/docs/Web/API/PaymentResponse/complete

No linked samples

Push API: support for ietf-webpush-encryption-08

Chrome currently supports encrypted push message payloads encrypted with the `aesgcm` content encoding (draft 03). A series of substantial changes were made to the encryption drafts, yielding a new content coding: `aes128gcm` (draft 08). We'll continue to accept `aesgcm` for received push messages as well. #

This feature was specified in this Spec.

Resources

Docs: https://tools.ietf.org/html/draft-ietf-webpush-encryption-03https://tools.ietf.org/html/draft-ietf-webpush-encryption-08

No linked samples

PushManager.supportedContentEncodings

Static property containing the supported content encodings developers can use for encrypting push messages. #

This feature was specified in this Spec.

Resources

Docs: https://developer.mozilla.org/en-US/docs/Web/API/PushManagerhttps://developer.mozilla.org/en-US/docs/Web/API/PushManager/supportedContentEncodings

No linked samples

PushSubscription.expirationTime

Property indicating the time at which, if any, the subscription won't be valid anymore. The user agent will attempt to fire a `pushsubscriptionchange` event with a new subscription before this happens. Chrome will always return NULL, until we support subscription refreshes. #

This feature was specified in this Spec.

Resources

Docs: https://developer.mozilla.org/en-US/docs/Web/API/PushSubscriptionhttps://developer.mozilla.org/en-US/docs/Web/API/PushSubscription/expirationTime

No linked samples

Remove navigator.vibrate without user gesture

Calls to navigator.vibrate will immediately return 'false' if user hasn't tapped on the frame or any embedded frame yet. The Vibrate API is being abused by malicious sites. This extends what we do for cross-origin iframes to all frames including top-level page. See https://www.chromestatus.com/features/5682658461876224. #

This feature was specified in this Spec.

Resources

Docs: https://github.com/WICG/interventions/issues/47https://developer.mozilla.org/en-US/docs/Web/API/Navigator/vibrate

No linked samples

Rename `requireUserMediation` to `preventSilentAccess` in Credential Management API

This change renames CredentialsContainer.requireUserMediation to CredentialsContainer.preventSilentAccess in the Credential Management API. #

This feature was specified in this Spec.

Resources

Docs: https://developers.google.com/web/updates/2017/06/credential-management-updateshttps://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainerhttps://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/preventSilentAccess

No linked samples

Replace CredentialRequestOptions.unmediated flag with CredentialRequestOptions.mediation enum in Credential Management API

This feature introduces an CredentialMediationRequirement enum argument to the CredentialRequestOptions of CredentialsContainer.get() that is intended to replace the currently existing boolean flag CredentialRequestOptions.unmediated. The enum will have three states ("silent", "optional", "required") with "silent" and "optional" directly mapping to the existing boolean states, "required" is a novel option. #

This feature was specified in this Spec.

Resources

Docs: https://developers.google.com/web/updates/2017/06/credential-management-updateshttps://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainerhttps://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/get

No linked samples

Support VP9 in ISO-BMFF

VP9 is an open and royalty free video coding format. ISO-BMFF (MP4) is an industry standard container and is broadly accepted and used in the industry. Chrome already supports the VP9 codec (currently only in WebM container) and the ISO-BMFF container. This enables them to be used together. #

This feature was specified in this Spec.

Resources

Docs: http://www.webmproject.org/vp9/mp4/

Samples: https://cs.chromium.org/chromium/src/media/test/data/bear-320x240-v_frag-vp9.mp4

Support for collecting payer's name for PaymentRequest.

If the requestPayerName flag was set to true in the PaymentOptions passed to the PaymentRequest constructor, then UA should collect and return the payer's name as part of the payment request. For example, this would be set to true to allow merchant to make a booking in the payer's name. This option has been behind a flag on mobile since Chrome 55. On desktop, it's shipping in Chrome 60 with the rest of Payment Request API. #

This feature was specified in this Spec.

Resources

Docs: https://developer.mozilla.org/en-US/docs/Web/API/PaymentRequest/PaymentRequest

No linked samples

Web payment manifests

For every payment method, there must be a corresponding JSON manifest file describing how that method participates in the web payments ecosystem. #

This feature was specified in this Spec.

Resources

Docs: https://developers.google.com/web/fundamentals/payments/payment-apps-developer-guide/android-payment-appshttps://github.com/zkoch/zkoch.github.io/blob/master/pmi-v2.md

No linked samples

X-Frame-Options: SAMEORIGIN matches all ancestors.

Currently, XFO performs a same origin check only against the top-level frame in a document's ancestor chain. As lcamtuf notes in [1], "Any site that allows a rogue ad to be displayed in an IFRAME; or that frames third-party content for other reasons (e.g., iGoogle, Image Search results, Facebook gadgets), is effectively not protected)." We should check all ancestors instead. #

This feature was specified in this Spec.

Resources

Docs: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

No linked samples

getElementsByTagName accepts qualified names

getElementsByTagName() used to accept only local names. The DOM specification was updated to accept qualified names. #

This feature was specified in this Spec.

window.open() throws on an invalid URL parameter

Currently, we only log a message to the console. For consistency with other APIs, the WhatWG spec now requires that window.open throws a DOMException "SyntaxError" instead. #

This feature was specified in this Spec.

Origin Trials in-progress in 60

This release of Chrome had 1 new origin trials.

Budget API

This specification describes an API that can be used to retrieve the amount of budget an origin has available for resource consuming background operations, as well as the cost associated with doing such an operation. #

This feature was specified in this Spec.

Resources

Docs: https://developer.mozilla.org/en-US/docs/Web/API/Web_Budget_APIhttps://developer.mozilla.org/en-US/docs/Web/API/BudgetServicehttps://developer.mozilla.org/en-US/docs/Web/API/BudgetState

No linked samples

Flagged features in 60

This release of Chrome had 3 are available behind a flag.

CSS line-height-step property

The CSS line-height-step property provides an ability to round the heights of line boxes to the multiple of the specified length. This property allows authors to control vertical rhythm. #

This feature was specified in this Spec.

Resources

Docs: https://developer.mozilla.org/en-US/docs/Web/CSS/line-height-step

Samples: https://drafts.csswg.org/css-rhythm/examples/snap-height.html

createElementNS() : Throw InvalidCharacterError instead of NamespaceError on validating a qualified name

createElementNS() should now throw only InvalidCharacterError, not NamespaceError. Validating a qualified name should only throw InvalidCharacterError, not NamespaceError, after: https://github.com/whatwg/dom/issues/319 https://github.com/w3c/web-platform-tests/issues/5161 https://github.com/whatwg/dom/issues/423 Latest spec: https://dom.spec.whatwg.org/#validate #

This feature was specified in this Spec.

rAF Aligned Mouse Events

Align continuous mouse events (mousemove, mousewheel) so that they occur close to requestAnimationFrame() as possible. Historical events can be accessed via getCoalescedEvents (see https://w3c.github.io/pointerevents/extension.html#extensions-to-the-pointerevent-interface) #

This feature was specified in this Spec.

Resources

Docs: https://docs.google.com/document/d/1aM9AqyYuceRHOmsJZXFKcgi_D4jvFAymYvI36OEwIpI/edit#https://developer.mozilla.org/en-US/docs/Web/API/window/requestAnimationFramehttps://developer.mozilla.org/en-US/docs/Web/Events/mousemovehttps://developer.mozilla.org/en-US/docs/Web/Events/wheel

Samples: http://rbyers.github.io/event-timing.html

Deprecations and Removals

Deprecation policy

To keep the platform healthy, we sometimes remove APIs from the Web Platform which have run their course. There can be many reasons why we would remove an API, such as:

• They are superseded by newer APIs.
• They are updated to reflect changes to specifications to bring alignment and consistency with other browsers.
• They are early experiments that never came to fruition in other browsers and thus can increase the burden of support for web developers.

Some of these changes will have an effect on a very small number of sites. To mitigate issues ahead of time, we try to give developers advanced notice so they can make the required changes to keep their sites running.

Chrome currently has a process for deprecations and removals of API's, essentially:

• Announce on the blink-dev mailing list.
• Set warnings and give time scales in the Chrome DevTools Console when usage is detected on the page.
• Wait, monitor, and then remove the feature as usage drops.

You can find a list of all deprecated features on chromestatus.com using the deprecated filter and removed features by applying the removed filter. We will also try to summarize some of the changes, reasoning, and migration paths in these posts.

Deprecated features in 60

This release of Chrome had 0 features deprecated.

Removed features in 60

This release of Chrome had 7 features removed.

Remove Headers.prototype.getAll()

Headers.prototype.getAll() is removed from the Fetch API specification. #

This feature was specified in this Spec.

Resources

Docs: https://github.com/whatwg/fetch/commit/42464chttps://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/x3YXciXQWM0https://developer.mozilla.org/en-US/docs/Web/API/Headershttps://developer.mozilla.org/en-US/docs/Web/API/Headers/getAll

No linked samples

Remove IndexedDB: webkitGetDatabaseNames

The API asynchronously returns a list of existing database names in an origin, which seemed sensible enough. The design is flawed, in that the results may be obsolete as soon as they are returned, so it can really only be used for logging, not serious application logic. Not implemented in other browsers. https://github.com/w3c/IndexedDB/issues/31 tracks/links to previous discussion on flaws and possible alternatives. #

This feature was specified in this Spec.

Resources

Docs: https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API

No linked samples

Remove WEBKIT_KEYFRAMES_RULE and WEBKIT_KEYFRAME_RULE

Remove non-standardize APIs from CSS Rule and Developer can use KEYFRAMES_RULE and KEYFRAME_RULE instead #

This feature was specified in this Spec.

Remove document.createEvent('WebKitTransitionEvent')

Remove non-standard 'WebKitTransitionEvent' support of document.createEvent(). #

This feature was specified in this Spec.

Remove: Content initiated top frame navigations to data URLs

We intend to block web pages from loading data: URLs in the top frame using <A> tags, window.open, window.location and similar mechanisms. Pseudo URLs such as data: are generally a source of confusion for users. Because of their unfamiliarity, these schemes are widely being used in spoofing and phishing attacks. Users browsing the web ideally should only ever end up on the two well known schemes (http and https). Deprecated in M58 Removal in M60 #

This feature was specified in this Spec.

Resources

Docs: https://bugs.chromium.org/p/chromium/issues/detail?id=594215

No linked samples

Remove: NodeFilter.prototype

Correctly implement window.NodeFilter. It should not have .prototype, and NodeIterator.filter and TreeWalker.filter should not wrap JavaScript objects. #

This feature was specified in this Spec.

Remove: document.createEvent('WebKitAnimationEvent')

Remove non-standard 'WebKitAnimationEvent' support of document.createEvent(). #

This feature was specified in this Spec.