Firefox 128 for developers
This article provides information about the changes in Firefox 128 that affect developers. Firefox 128 was released on July 9, 2024.
Changes for web developers
HTML
- The
target
attribute of the<base>
element now disallows ASCII newlines, tabs, or the<
character, changing the value to_blank
if any are present. This prevents dangling markup injection attacks that use an unclosedtarget
attribute (Firefox bug 1835157).
CSS
- Relative color syntax is now enabled by default. Relative color syntax allows you to create a color value relative to an origin color, and can allow you to change a color in a different color space using color functions (Firefox bug 1900251).
- The
content
property now supports alternative text for content that includes an image. The alternative text is then exposed to the browsers accessibility tree. (See Firefox bug 1281158 and Firefox bug 1896047). - The
syntax
descriptor of the@property
at-rule now supports the<string>
syntax component name. (See Firefox bug 1846635).
Removals
- The masonry layout properties
align-tracks
andjustify-tracks
have been removed. These properties were only implemented in Firefox and were recently dropped from the spec (Firefox bug 1900195).
JavaScript
-
Resizable
ArrayBuffer
and growableSharedArrayBuffer
are now supported, allowing the size of buffers to be changed without having to allocate a new buffer and copy data into it (Firefox bug 1884150). The relevant methods and properties are:-
Grow
SharedArrayBuffer
using theSharedArrayBuffer.prototype.grow()
method. The maximum allowed size of the buffer is specified using theoptions.maxByteLength
parameter to theSharedArrayBuffer()
constructor. TheSharedArrayBuffer.prototype.growable
andSharedArrayBuffer.prototype.maxByteLength
properties indicate whether the buffer can grow, and its maximum allowed size, respectively. -
Resize
ArrayBuffer
using theArrayBuffer.prototype.resize()
method. The maximum allowed size of the buffer is specified using theoptions.maxByteLength
parameter to theArrayBuffer()
constructor. TheArrayBuffer.prototype.resizable
andArrayBuffer.prototype.maxByteLength
properties indicate whether the buffer can be resized, and its maximum allowed size, respectively.
-
Grow
HTTP
- The HTTP
Accept
header in default requests and image requests now includes theimage/svg+xml
MIME type (Firefox bug 1711622). - The RFC 9218: Extensible Prioritization Scheme for HTTP is now supported, including the HTTP
Priority
request and response header, which allows clients to hint at the expected relative priority for resources sent over a connection, and the HTTP/2 and HTTP/3PRIORITY_UPDATE
frames that allow the priority to be subsequently changed after the header has been sent (Firefox bug 1865040).
APIs
RTCRtpReceiver.getParameters()
andRTCRtpSender.getParameters()
are now supported, returning an object that describes the current codecs used for the encoding and transmission of media on the receiver and sender tracks, respectively. (Firefox bug 1534687).Request.bytes()
andResponse.bytes()
are now supported as a convenient way to get aUint8Array
from aRequest
andResponse
, respectively. (Firefox bug 1896475).PushMessageData.bytes()
is now supported for returning the data from a push message as an array of bytes in aUint8Array
object. (Firefox bug 1897871).Blob.bytes()
is supported for returning the data from aBlob
as an array of bytes in aUint8Array
object. (Firefox bug 1896509).-
MediaKeys.getStatusForPolicy()
is now supported for checking whether the CDM module, which is used to decrypt DRM protected content, would allow the presentation of encrypted media data for a "hypothetical" key based on specified policy requirements such as the High-bandwidth Digital Content Protection (HDCP) version supported by the system. This provides an application with a simple mechanism to know in advance whether playback at the optimal resolution will be allowed, without having to create a media key session or fetch a real license. (Firefox bug 1878714). RTCRtpTransceiver.setCodecPreferences()
is now supported for setting the codecs that a WebRTC local peer is able to use for decoding received data, in its preferred codec order. Web applications can use this to cause the remote peer to choose a preferred codec, and to disable the negotiation of specific codecs — including those used for retransmission, redundancy, and forward error correction. (Firefox bug 1396922).- Serialization of declarative shadow DOM, including the methods
ShadowRoot.getHTML()
andElement.getHTML()
, and associated propertiesShadowRoot.serializable
andHTMLTemplateElement.shadowRootSerializable
. - The
CSSPropertyRule
interface is now supported by default and represents a CSS@property
at-rule. The interface allows you to get the values, includingname
,syntax
,inherits
, andinitialValue
, of CSS custom properties defined using the@property
at-rule (Firefox bug 1864818). - The
registerProperty()
method is now supported by default. It allows you to define CSS custom properties via JavaScript, which is similar to using the@property
at-rule in CSS (Firefox bug 1864818).
Media, WebRTC, and Web Audio
Removals
- The non-standard
HTMLMediaElement.seekToNextFrame()
method has been removed, and is now not supported by any browser. (Firefox bug 1336404).
WebDriver conformance (WebDriver BiDi, Marionette)
General
- We now support the extended "unhandledPromptBehavior" capability which can either be a string (WebDriver classic) or a JSON object (WebDriver BiDi). The object type offers more capabilities for WebDriver BiDi like handling "beforeunload" prompts. (Firefox bug 1884650)
WebDriver BiDi
- Added support for the "BiDi flag" of a WebDriver Session to align with the WebDriver BiDi specification. This allows to identify sessions created for or upgraded to WebDriver BiDi. (Firefox bug 1898719)
- Added support for several arguments for the
network.continueRequest
command, which now allows to modify headers, cookies, method and body of a request before it is sent over the network. (Firefox bug 1850680) - Added support for the
userContext
argument in thepermissions.setPermission
command, which allows to isolate a permission to a specific user context (implemented as containers in Firefox). (Firefox bug 1894217) - Fixed a bug in
browsingContext.navigate
where a navigation error would load an error page and cause subsequent commands to fail. (Firefox bug 1878690) - We fixed the order in which
network.responseCompleted
events are emitted for redirects. The original request'sresponseCompleted
is now always emitted before the events for the redirect. (Firefox bug 1879580) - To align with the current Firefox behavior, we introduced the workaround to not partition cookies which are added with the "storage.setCookie" command for the same domain as the page loaded in the targeted context. (Firefox bug 1898222)
- The
input.setFiles
command has been updated to throw anUnsupportedOperation
error if the specified file does not exist. (Firefox bug 1887644)
Marionette
- Added support for the "HTTP flag" of a WebDriver Session to align with the WebDriver classic specification. This allows to identify sessions created for WebDriver classic. (Firefox bug 1884090)
- Added support for the Permissions API in WebDriver Classic. (Firefox bug 1524074)
Changes for add-on developers
- Adds the ability to enable and disable rules in static declarative net request rulesets with
declarativeNetRequest.updateStaticRules
and list disabled rules for a static ruleset withdeclarativeNetRequest.getDisabledRuleIds
(Firefox bug 1810762). - A static declarative net request rule, one defined through the
declarative_net_request
manifest key, is now loaded when it contains unrecognized properties but is otherwise valid (Firefox bug 1886608). - Introduces
MAX_NUMBER_OF_DYNAMIC_RULES
andMAX_NUMBER_OF_SESSION_RULES
todeclarativeNetRequest
. These properties represent the maximum number of dynamic and session-scoped rules an extension can add. They replaceMAX_NUMBER_OF_DYNAMIC_AND_SESSION_RULES
, which is now deprecated (Firefox bug 1894128). - The default value of
proxy.settings
propertyproxyDNS
is nowfalse
when using SOCKS4 andtrue
when using SOCKS5. Previously, it defaulted tofalse
for SOCKS4 and SOCKS5 (Firefox bug 1741375). - Support is now provided for
webRequest.onAuthRequired
to handle authentication requests asynchronously by specifying"asyncBlocking"
in theaddListener
parameterextraInfoSpec
(Firefox bug 1889897). - The optional_host_permissions manifest key has been added. This key enables runtime requests for access (access granted by the user after an extension has been installed) for the APIs in the extension that read or modify host data (Firefox bug 1766026).
- The non-standard Web API events
overflow
andunderflow
have been deprecated. Use of these events should be removed from extension documents before the release of Firefox 131 (Firefox bug 1898445). - Support is now provided for scripts to run in the web page execution environment. This is provided through support for
MAIN
inExecutionWorld
for thescripting
API, the addition ofworld
to thecontentScripts.register()
API, and support forworld
in thecontent_scripts
manifest key (Firefox bug 1736575). - The
scripting
API can now inject scripts and CSS into sandboxed pages withabout:blank
,about:srcdoc
, anddata:
URLs. This was implemented forscripting.executeScript
,scripting.insertCSS
, andscripting.removeCSS
in Firefox bug 1475831 andscripting.registerContentScripts
andscripting.updateContentScripts
in Firefox bug 1853411 through the introduction ofmatchOriginAsFallback
toscripting.RegisteredContentScript
. - Content scripts now run on sandboxed
http
,https
, andfile:
URLs (Firefox bug 1411641). - The manifest key
content_scripts
now supportsmatch_origin_as_fallback
andcontentScripts.register
matchOriginAsFallback
, enabling scripts to be injected intoabout:
,data:
, andblob:
pages when the document origin is opaque due to the use of CSP or iframe sandbox (Firefox bug 1475831 and Firefox bug 1896669). In addition, scripts registered with thecontent_scripts
manifest key can now only run inblob:
pages whenmatch_origin_as_fallback
istrue
(Firefox bug 1897113). - Support added for the
declarativeNetRequest.RuleCondition
propertydomainType
(Firefox bug 1797408). - Extensions containing an unrecognized property in manifest key
browser_specific_settings.gecko
now load with a warning. Previously, these extensions errored on installation. This ensures that if a newbrowser_specific_settings.gecko
property is added, extensions using that new property will load in versions of Firefox back to this release (Firefox bug 1757293).
Experimental web features
These features are newly shipped in Firefox 128 but are disabled by default. To experiment with them, search for the appropriate preference on the about:config
page and set it to true
. You can find more such features on the Experimental features page.
-
image/jxl
MIME type in Accept header for default and image requests:image.jxl.enabled
.The HTTP
Accept
header in default requests and image requests can be configured to indicate support for theimage/jxl
MIME type. (Firefox bug 1711622). -
Cookies Having Independent Partitioned State (CHIPS):
network.cookie.CHIPS.enabled
.CHIPS, or "partitioned cookies", allow developers to opt a cookie into partitioned storage using the
partitioned
directive of theSet-Cookie
HTTP header. When set, cookies have separate storage for each top-level site, and can only be read within the same top-level site they were set on and its subdomains. This blocks cross-site tracking, while still enabling legitimate uses of third-party cookies such as persisting state of embedded maps or chat widgets across different subdomains of a site. (Firefox bug 1898253). -
Privacy Preserving Attribution API (PPA):
dom.origin-trials.private-attribution.state
.PPA API provides an alternative to user tracking for ad attribution using the new
navigator.privateAttribution
object withsaveImpression()
andmeasureConversion()
methods. Read more about PPA in the explainer. This experiment can be enabled for websites via origin trial or in the browser by setting the preference to1
. (Firefox bug 1900929).
Older versions
- Firefox 127 for developers
- Firefox 126 for developers
- Firefox 125 for developers
- Firefox 124 for developers
- Firefox 123 for developers
- Firefox 122 for developers
- Firefox 121 for developers
- Firefox 120 for developers
- Firefox 119 for developers
- Firefox 118 for developers
- Firefox 117 for developers
- Firefox 116 for developers
- Firefox 115 for developers
- Firefox 114 for developers
- Firefox 113 for developers
- Firefox 112 for developers
- Firefox 111 for developers
- Firefox 110 for developers
- Firefox 109 for developers
- Firefox 108 for developers
- Firefox 107 for developers
- Firefox 106 for developers
- Firefox 105 for developers
- Firefox 104 for developers
- Firefox 103 for developers
- Firefox 102 for developers
- Firefox 101 for developers
- Firefox 100 for developers
- Firefox 99 for developers
- Firefox 98 for developers
- Firefox 97 for developers