WebKit
Our great sponsors
standards-positions | WebKit | |
---|---|---|
178 | 150 | |
595 | 7,416 | |
1.7% | 2.1% | |
7.6 | 10.0 | |
about 2 months ago | about 5 hours ago | |
Python | ||
Mozilla Public License 2.0 | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
standards-positions
-
iOS404
You can check why Mozilla and Apple have opted to not support this.
https://github.com/mozilla/standards-positions/issues/154
https://github.com/WebKit/standards-positions/issues/28
Neither Mozilla or Webkit are satisfied that the proposal is safe by default, and contains footguns for the user that can be pretty destructive.
-
Show HN: DualShock calibration in the browser using WebHID
FWIW Mozilla updated their position on Web Serial API to "neutral" and clarified that they might be okay with enabling the API with an add-on.
https://mozilla.github.io/standards-positions/#webserial
Allowing serial but not HID would be really strange. With HID you get standard identifiers that let you filter out devices that are too dangerous for the web. With serial you get nothing. Even if you know a device is dangerous, there's no way to protect users from it.
> It is available only for Google Chrome, Chromium or compatiable browsers (e.g. Edge) because it uses WebHID, a javascript extension that can be used to send commands to a HID device.
I didn’t know about WebHID, but it’s interesting Firefox doesn’t support it. According to Mozilla’s position[0]:
> This API, like WebUSB, provides access to generic devices. Though this API is limited to human interface devices (HID), the same concerns apply as WebUSB, namely that devices are generally not designed with access from arbitrary websites in their threat model.
-
Tailwind CSS v4.0.0 Alpha
Hasn't FireFox been dragging their asses on @scope? https://github.com/mozilla/standards-positions/issues/472
It took years to just convince them of the need for it. And I'm not sure anyone got convinced vs Chrome had already shipped it and Safari has it planned so they caved in.
Hard to believe FireFox used to be a leader of the modern web.
-
An HTML Switch Control
As mentioned by others, OK idea, but not a fan that this isn't standardized. After a quick search+peruse, these seem to indicate that it's not around the corner either. Happy (/hope) to be corrected.
-
Platform issues which disadvantage Firefox compared to first-party browsers
Mozilla's position on these specs is nicely outlined publicly and transparently as part of their standards-positions project: https://github.com/mozilla/standards-positions/issues/100
I'm kinda glad it's not implemented in my browser, to be honest, because the whole thing seems like a security nightmare.
It's a shame it impacts some hobby usecases, but I don't think this outweighs the reasoning set out on the GitHub issue.
-
What Progressive Web App (PWA) Can Do Today
This should have big warnings on it. Some of these are not web standards; they are features implemented unilaterally by Google in Blink that have been explicitly rejected by both Mozilla and Apple on privacy and security grounds.
Take Web Bluetooth, for example:
Mozilla:
> This model is unsustainable and presents a significant risk to users and their devices.
— https://mozilla.github.io/standards-positions/#web-bluetooth
Apple:
> Here are some examples of features we have decided to not yet implement due to fingerprinting, security, and other concerns, and where we do not yet see a path to resolving those concerns
— https://webkit.org/tracking-prevention/
This is Microsoft’s Embrace, Extend, and Extinguish bullshit applied to the web platform by Google. Google keeps implementing these things despite all other major rendering engines rejecting them, convinces people that they are part of the web, resulting in sites like this, then people start asking why Firefox and Safari are “missing functionality”. These are not part of the web platform, they are Google APIs that have been explicitly rejected.
-
Why Are Tech Reporters Sleeping on the Biggest App Store Story?
Is BLE a PWA requirement? I think they explained their position pretty well here, regardless of whether I agree:
https://github.com/mozilla/standards-positions/issues/95#iss...
-
Reason to Use Firefox Is Sync That Works
I took a glance at Can I Use what the difference between the last public release of Firefox and Chrome is [1] and they don't really have that big of a difference in the eyes of normal use-cases? Some of these aren't implemented purely because of privacy reasons, the proposals aren't finished yet or complexity [2].
Why would Firefox need to change to Chromium engine? The only websites I notice that don't work with Firefox is because of user-agent targetting or just putting 5-second time-outs in Youtube code on non-chrome webbrowsers [3].
Can you give some examples of websites not working on Firefox?
[1] https://caniuse.com/?compare=chrome+120%2Cfirefox+121&compar...
[2] https://mozilla.github.io/standards-positions/
[3] https://www.neowin.net/news/youtube-seemingly-intentionally-...
WebKit
-
HTML Streaming and DOM Diffing Algorithm
Since 2023 Chrome announced the View Transition API, and it looks like Safari is also going to support it soon.
-
Towards memory safety with ownership checks for C
One heap per type.
Here’s an allocator optimized for that use case.
https://github.com/WebKit/WebKit/blob/main/Source/bmalloc/li...
-
Bun, JavaScript, and TCO
To use this in Bun, you’d have to start Bun with the environment variable “BUN_JSC_useDollarVM=1” and then $vm.createBuiltin(mySourceCodeString)
When using this intrinsic, if any of the arguments are incorrect or it cannot otherwise enable it, the entire process will probably crash. In debug builds of JSC it will have a nicer assertion failure but that is not enabled in release builds
Example code: https://github.com/WebKit/WebKit/blob/17351231b4dedb62d81721...
also happy to answer any questions about Bun
-
Show HN: Rem: Remember Everything (open source)
Ah, good, let me introduce you to the wonderful world of the Chrome Devtools Protocol! (fka Chrome Remote Debugging Protocol)
I love this API for almost everything browser related. I built my RBI product atop this (BrowserBox: https://dosyago.com), and I think it's a drastically underrated API.
Also, it works out of the box in Edge, Brave, Chromium, and many parts of CRDP are supported by Firefox and Safari^1
1: See for example: https://github.com/WebKit/webkit/tree/main/Source/JavaScript...
- WebGPU now available for testing in Safari Technology Preview
-
Disabling iOS Personalized Ads tells kernel to kill daemon every 3 seconds
No, it's unrelated.
https://github.com/WebKit/WebKit/commit/064df1a9f395f8c6e32c...
-
Replacing WebRTC: real-time latency with WebTransport and WebCodecs
It's being worked on now: https://github.com/WebKit/WebKit/pull/17320
-
iLeakage: Browser-Based Timerless Speculative Execution Attacks on Apple Devices
It is different. The cross-site navigation flag is a couple of years old. It was enabled by default for iOS in November 2018 for example https://github.com/WebKit/WebKit/commit/e191fc8c412850cb9fd0...
Technology Preview versions 173 and newer [58].
[57] is https://github.com/WebKit/WebKit/pull/10169. At the bottom of it, an engineer continues to link ongoing hardening patches for window.open() + process isolation.
-
Show HN: Firefox add-on to open YouTube videos in alternative front ends
> That's excessive scope creep. Adding site-specific workarounds for some sites feels uncomfortable.
Not to Google and its fellow corporations apparently.
https://news.ycombinator.com/item?id=29707078
https://github.com/WebKit/WebKit/blob/main/Source/WebCore/pa...
They have site-specific fixes for their own sites. Why can obviously apply the exact same strategy to dealing with every single website out there. If a website is broken or generally annoying to use, just fix it by providing a site specific version of the browser.
> Who decides what websites get "fixed", and how?
Whoever develops the browser or its extensions. Arguably the whole of uBlock Origin and its filter lists is just a database of site specific fixes. If people can maintain an extremely huge list of advertisers and blockers for every website out there, surely they can maintain something like this too.
> Also, remember how Mozilla is funded.
I remember Mozilla has about a billion dollars in the bank. Who cares about their Google funding? I doubt they're gonna drop them anyway. I bet they pay them just to ward off risk of antitrust lawsuits.
What are some alternatives?
chromium - The official GitHub mirror of the Chromium source
otter-browser - Otter Browser aims to recreate the best aspects of the classic Opera (12.x) UI using Qt5
webcontainer-core - Dev environments. In your web app.
fingerprintjs - Browser fingerprinting library. Accuracy of this version is 40-60%, accuracy of the commercial Fingerprint Identification is 99.5%. V4 of this library is BSL licensed.
cname-trackers - This repository contains a list of popular CNAME trackers
gecko-dev - Read-only Git mirror of the Mercurial gecko repositories at https://hg.mozilla.org. How to contribute: https://firefox-source-docs.mozilla.org/contributing/contribution_quickref.html
uBlock-Safari - uBlock Origin - An efficient blocker for Chromium, Firefox, and Safari. Fast and lean.
firefox-ios - Firefox for iOS
xdg-desktop-portal - Desktop integration portal
WHATWG HTML Standard - HTML Standard
SmartTube - SmartTube - an advanced player for set-top boxes and tvs running Android OS
wpt - Test suites for Web platform specs — including WHATWG, W3C, and others