Skip to main content

Posts

Chrome to Unlock Unfiltered Clipboard Access with New API

Async Clipboard API: Unfettered HTML Access in Chrome! Boost web dev efficiency & creativity. Paste tables, build dynamic elements, say goodbye to sanitization. Secure & controlled. Coming soon! Get ready, web devs, because Chrome is about to drop a game-changer: unfettered access to raw HTML in the Async Clipboard API. This means you can finally ditch the sanitized snippets and embrace the full power of rich content directly from the clipboard. This might sound like a technical jargon salad, but trust me, it's a web development dream come true. But hold on, what exactly does "unsanitized" mean? Well, it simply means you get the raw HTML data, warts and all, without any pesky filtering or alterations. This opens up a whole new world of possibilities : Imagine this: you effortlessly paste that beautifully formatted table from your design tool, complete with images and styles, straight into your web page. No more clunky workarounds or data loss! You build a dynamic

How Related Website Sets (RWS) Address the Challenges of Third-Party Cookie Blocking

Related Website Sets (RWS) are a new browser feature that aims to improve user experience and privacy by managing cookie access across related websites. TL;DR Allows browsers to make smart decisions about cookie access, reducing disruptions for users. Enhances user experience by enabling seamless navigation between related sites. Accommodate country-specific variations through country code top-level domain subsets. Web browsers like Google Chrome are increasingly blocking third-party cookies for privacy reasons. Third-party cookies are often used by organizations with multiple related websites to maintain a consistent user experience and shared identity across their different domains. However, the blocking of these cookies can disrupt this consistency and make it harder for these organizations to recognize users across their different sites. To address this challenge, Google Chrome has introduced a feature called Related Website Sets. This feature allows organizations to declare relati

Instagram Silently Rolls Out Message Reminders (You Can Turn Then Off!)

Instagram has silently rolled out a new feature that some users might find annoying. We are talking about Message Reminders . An app sending reminders to check missed or unread messages is not a new thing. Some messenger apps like Skype send reminders to users who have not opened incoming messages.  Apparently, Instagram has now got a new, similar feature at least on Android. These reminders come in the form of a notification, similar to any other notifications including direct messages. However, the only difference is even if you cleared an original notification without responding to a message, Instagram will still send you another notification after a period. In our case, we received this new reminder notification around 23 hours after receiving the first (original message) notification. Just to make it clear, reminder notifications are not the same as standard notifications that will not go away even after clearing them or reappear along with other unread messages. These are new not

Exclusive: Web Environment Integrity (Currently) Limited to Android, Testing on Chrome and WebView

Both Chrome and WebView are undergoing Web Environment Integrity (WEI) integration tests, with Android being the only platform currently supported by Google’s recently proposed API, Techtsp is able to report and confirm. As per the codebase we have examined, several developments are happening around WEI. One such development is adding a new storage capability on Android devices, designed to store key-pair identifiers "Environment Integrity Handles" (read attestations), along with calls to the Play Integrity Attester for Android. These “Handles” are 64-bit integer identifiers used within the proposed system. They play a vital role in creating "Integrity Tokens" (read attestation tokens). These cryptographic tokens will be used to carry out integrity checks on web environments, as evidenced by the code we have seen. Interestingly, attentions are being designed in such a way that they can be retrieved even after the browser is closed. Perhaps, Google views this as an

Google Chrome to Add Array Grouping Methods

Google Chrome 117 is adding two new methods to the Object and Map objects: groupBy() and mapGroupBy() . These methods allow developers to group elements in an array based on a common property, such as the first letter of a word or the date an event occurred. The groupBy() method returns a plain object, where the groups are property keys and the values are arrays of elements. The mapGroupBy() method returns a Map object, where the keys are arbitrary values and the values are arrays of elements. The main benefits of these new methods are for web developers to efficiently group elements in arrays based on common properties, simplifying data analysis tasks and making it easier to manipulate and organize data in their applications. This enhanced functionality in JavaScript can result in more efficient and concise code for developers, potentially leading to faster and more feature-rich web applications. It might also allow developers to create more sophisticated data analysis tools on the cl

Google Engineer's Controversial Call to Ignore Criticism Rocks Developer Community

(Photo: Unsplash) Recent remarks from a Google engineer  Rick Byers  have sparked widespread criticism over the openness of dialogue surrounding Google's controversial Web Environment Integrity (WEI) API proposal. With a career spanning 12 years at Google and over 6 years at Microsoft prior to that, Byers is no stranger to complex technical discussions and heated debates. However, it's his latest comments that have touched a raw nerve in the developer community. Byers' controversial remarks centered around his encouragement to the team developing the API to disregard feedback from forums that do not comply with Chromium's code of conduct. "I have encouraged the team working on this [WEI API] to ignore feedback in any forum in which something like Chromium's code of conduct is not being maintained as anything else would be creating an unsafe working environment," Byers said in his comment on a discussion forum. Although Byers' comment was in response t

Is Google's Proposed Web Environment Integrity API A Step Towards Browser Monopoly? Developer Raises Alarm

Google's proposed Web Environment Integrity API has ignited a serious debate within the developer community , with some expressing fears that the new technology could undermine open web standards and user privacy. Jake Rarisma, a developer, is one of the latest voices to express concerns about the potential implications of Google's proposal. "Honestly your proposal scares me and it clearly scares other people too. I've seen this proposal from its first day and yet I am unable to find anyone online who supports this that isn't being paid by Google/Alphabet," wrote Rarisma. Rarisma expressed fear that the new API could be abused to further consolidate Chrome's dominance in the browser market, a situation he described as 'already rather egregious.' He highlighted the potential for technology like WEI to restrict access to certain applications or functionalities, citing his personal experiences with his rooted Pixel phone: "I own a computer and e

Chrome to Remove Support for SHA-1 Signatures in TLS

Google will be removing support for SHA-1 signatures in TLS in a future release of Chrome (version 117). SHA-1 is a hash function that has been known to have collisions, which means that it is possible to create two different pieces of data that have the same SHA-1 hash value. This makes it possible for an attacker to impersonate a TLS server by creating a certificate with a SHA-1 signature that matches the signature of a legitimate certificate. The removal of support for SHA-1 signatures in TLS is a security measure that will help to protect users from this attack. The IETF, the organization that develops the standards for the internet, has deprecated the use of SHA-1 signatures in TLS, and most browsers have already removed support for them. Chrome will continue to support SHA-1 in client certificates and client signatures for now. However, server operators can and should reject SHA-1 from the client when deploying client certificates. This will help to mitigate the risk of client im

Chrome to Remove -webkit-highlight CSS Property

Google will be removing the -webkit-highlight CSS property from Chrome in an upcoming version 117. The property was intended to highlight text, but was never standardized and has no visible effect in Chromium. It was removed from WebKit in 2014 and has been marked as deprecated on MDN. The motivation for the removal is to avoid confusion with the new CSS Highlight Pseudo spec, which provides a more consistent and standardized way to highlight text. The removal will also clean up the code and remove about 1K of memory usage. The -webkit-highlight property is currently used in a single third-party library, but the library developers have been notified of the removal and will be updating their code to use the CSS Highlight Pseudo spec.

Former Google Engineer Speaks Out Against Controversial Web Environment Integrity API Proposal

Photo: Web.Dev Chris Palmer, a former Google engineer involved with Chrome OS Security, has called for a retraction of the Web Environment Integrity API proposal. This comes amidst the ongoing dialogue between Google's engineers and the broader developer community on the potential impacts and implications of the proposed API . Palmer, citing his experience as a 'recent former Chromie,' expressed serious concerns about the API's effect on the openness of the web as a mainstream application platform. He argued that the proposal, while potentially serving publishers' interests, could be neutralized by browser extensions and Dev Tools, which he described as 'incalculably valuable' and non-negotiable. "The web is the open, mainstream application platform. The world really, really needs it to stay that way... Whatever goals publishers might think this serves (although it doesn't), extensions and Dev Tools (and other debuggers) neutralize it. Extensions a