ES6 and ES7 support in Chromium provides JavaScript developers with many sought-after features common in other programming languages, but previously missing from the web. These features include ways to simplify common programming patterns, make code easier to write, and customize low-level JavaScript behavior. Classes, for example, allow developers to easily write object-oriented programs and safely extend built-in JavaScript objects. Arrow functions, default parameters, and array convenience methods make common idioms simpler to program and reduce the need to copy and paste boilerplate code between projects. It can be difficult to reason about JavaScript’s asynchronous execution flow and nested callbacks, so ES6 introduces promises, iterators, and generators to simplify asynchronous code, make control flow more expressive, and make writing bug-free code easier. Powerful features like proxies and well-known symbols also give advanced developers the ability to customize language behavior to better match their application’s needs.


In order for websites to take full advantage of these new JavaScript features, multiple browsers must support the latest specifications. Fortunately, cross-browser support has rapidly improved in the past few months. The latest development versions of all modern browsers now support more than 90% of ES6, with polyfills and transpilation available to add support to older browsers as well. Adoption will continue to expand over the coming months, given that the ability to load JavaScript modules from HTML was recently standardized with the <script type="module"> tag. Chromium has already started implementing this new tag, and module support will be available soon, making it even easier to write and ship websites with ES6 and ES7 code.


For more details on the JavaScript standards process, features still under discussion such as proper tail calls, and a deeper dive into the technical side of spec conformance, visit the V8 blog. Check back soon to hear more about upcoming JavaScript features and continued performance optimizations.


Posted by Seth Thompson, Product Manager and ECMAScript ESsayist

Credential Management API

Many sites allow their users to sign in to receive personalized content. Today that requires remembering and typing credentials, which lowers account security when users reuse passwords across multiple sites. Modern browsers have credential managers that remember and autofill saved passwords, but these managers cannot account for custom login flows or remember federated identity preferences.
The latest version of Chrome now supports the Credential Management API, allowing sites to interact with the browser’s credential manager to improve the login experience for users. The API enables users to sign in with one tap and lets them automatically sign back in when returning to the site.

Screen Shot 2016-04-28 at 13.56.55.png
Signing in with one tap using the Credential Management API
Reducing the overhead of offscreen rendering
Modern websites commonly embed cross-origin content like videos, social widgets, and ads. Embedding these resources allows sites to offer compelling content experiences, but it also creates a lot of overhead that can jank the page in ways the embedding site can’t control. The latest version of Chrome no longer runs the rendering pipeline or requestAnimationFrame() callbacks for cross-origin frames that are offscreen. This eliminates unnecessary work and reduces power consumption by up to 30% on several popular mobile sites without affecting the user experience.

Additional features in this release

Other changes

  • The ability to customize the message shown in the onbeforeunload dialog has been removed to protect users from malicious websites and align with other browsers.
  • Chrome on Android now uses the same media pipeline as desktop Chrome, improving  WebAudio support and allowing sites to interact with the playback rate on <audio> and <video> tags.
  • The latest version of Chrome improves web animations interoperability by supporting lists of values and removing dashed-names in keyframes.
  • Chrome now requires a border style to paint border images, improving spec compliance and interoperability.
  • Percentages can now be used for the sizes of flex item children.
  • DHE-based ciphers have been deprecated and will be removed in Chrome 52 in favor of ECDHE ciphers to improve TLS security.

Posted by Sabine Borsay and Mike West, Authenticator's Apprentices


Labels:



Chrome provides robust APIs that empower developers to create compelling extensions and apps, and users often need to provide access to their data to allow these services to run. The new User Data Policy extends existing policies to ensure transparent use of the data in a way that is consistent with the wishes and expectations of users. Some of the new requirements for developers are:


  • Be transparent about the handling of user data and disclose privacy practices
  • Post a privacy policy and use encryption, when handling personal or sensitive information, and
  • Ask users to consent to the collection of personal or sensitive data via a prominent disclosure, when the use of the data isn’t related to a prominent feature.


The policy also has other requirements, including prohibiting the collection of web browsing activity when it’s not required for an item’s main functionality. The full text of the policy is available in our Developer Program Policies and more information is available in the FAQ section.


We'll notify developers when we discover items that violate the User Data Policy, and they'll have until July 14, 2016 to make any changes needed for compliance. Starting July 15th, 2016, items that violate the policy will be removed from the Web Store and will need to become compliant to be reinstated.


Protecting our users is our key priority, and we believe this change will make sure users are better informed and allow them to choose how their user data is handled.


Posted by Teresita Perez and Athas Nikolakakos, Chrome Policy Team