From 30bb7c6b5b9f3e19276a8c528134fe78f131c9a5 Mon Sep 17 00:00:00 2001 From: wbamberg Date: Tue, 13 Jan 2026 05:17:56 -0800 Subject: [PATCH 1/7] Fix issue 38238: IdP cookies must have SameSite=None (#42696) --- files/en-us/web/api/fedcm_api/idp_integration/index.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/files/en-us/web/api/fedcm_api/idp_integration/index.md b/files/en-us/web/api/fedcm_api/idp_integration/index.md index 8c5be666d07c99d..7e7db741b56627e 100644 --- a/files/en-us/web/api/fedcm_api/idp_integration/index.md +++ b/files/en-us/web/api/fedcm_api/idp_integration/index.md @@ -105,7 +105,7 @@ The following table summarizes the different requests made by the FedCM API: ### The accounts list endpoint -The browser sends credentialed requests (i.e., with a cookie that identifies the user that is signed in) to this endpoint via the `GET` method. The request has no `client_id` parameter, {{httpheader("Origin")}} header, or {{httpheader("Referer")}} header. This effectively prevents the IdP from learning which RP the user is trying to sign in to. The list of accounts returned is RP-agnostic. +The browser sends requests to this endpoint using the `GET` method. The request has no `client_id` parameter, {{httpheader("Origin")}} header, or {{httpheader("Referer")}} header. This effectively prevents the IdP from learning which RP the user is trying to sign in to. For example: @@ -117,7 +117,11 @@ Cookie: 0x23223 Sec-Fetch-Dest: webidentity ``` -The response to a successful request returns a list of all the IdP accounts that the user is currently signed in with (not specific to any particular RP), with a JSON structure that matches the following: +The request is credentialed: that is, it includes cookies for the IdP's site, which the IdP can use to identify which IdP accounts the user is signed into. + +Note that because the browser's request to this endpoint is a cross-site request, cookies will only be included if they have a [`SameSite`](/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#samesitesamesite-value) attribute value of `None`. This means that IdP's can't use `SameSite` as part of their defense against [Cross-Site Request Forgery(CSRF)](/en-US/docs/Web/Security/Attacks/CSRF) attacks, so they must implement alternative defenses. + +The response returns a list of all the IdP accounts that the user is currently signed in with (not specific to any particular RP), with a JSON structure that matches the following: ```json { From d66e6bc8eab45062f3ce5caed05994440b836f62 Mon Sep 17 00:00:00 2001 From: Jesper van den Ende Date: Tue, 13 Jan 2026 14:34:10 +0100 Subject: [PATCH 2/7] Better error handling for WebGPU feature testing (#42647) Added error handling for requestAdapter example call. --- files/en-us/web/api/webgpu_api/index.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/files/en-us/web/api/webgpu_api/index.md b/files/en-us/web/api/webgpu_api/index.md index 3a2a7869478cf30..82fde084b91f7d6 100644 --- a/files/en-us/web/api/webgpu_api/index.md +++ b/files/en-us/web/api/webgpu_api/index.md @@ -59,7 +59,12 @@ async function init() { throw Error("WebGPU not supported."); } - const adapter = await navigator.gpu.requestAdapter(); + let adapter; + try { + adapter = await navigator.gpu.requestAdapter(); + } catch (error) { + console.error(error); + } if (!adapter) { throw Error("Couldn't request WebGPU adapter."); } From 23dc2a1d20352c3fe95431d4e70455ee06969de1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Jan 2026 14:11:22 +0000 Subject: [PATCH 3/7] chore(deps-dev): bump lefthook from 2.0.14 to 2.0.15 (#42766) --- package-lock.json | 88 +++++++++++++++++++++++------------------------ package.json | 2 +- 2 files changed, 45 insertions(+), 45 deletions(-) diff --git a/package-lock.json b/package-lock.json index 4451c082cf25099..f5967b030448c70 100644 --- a/package-lock.json +++ b/package-lock.json @@ -34,7 +34,7 @@ "imagemin-pngquant": "^10.0.0", "imagemin-svgo": "^11.0.1", "is-svg": "^6.1.0", - "lefthook": "^2.0.14", + "lefthook": "^2.0.15", "markdownlint-cli2": "0.20.0", "markdownlint-rule-search-replace": "1.2.0", "node-html-parser": "^7.0.2", @@ -6097,9 +6097,9 @@ } }, "node_modules/lefthook": { - "version": "2.0.14", - "resolved": "https://registry.npmjs.org/lefthook/-/lefthook-2.0.14.tgz", - "integrity": "sha512-JpNpQLXwJJlWNZB/4gDD8UW1pVdABZ6bYRbCShjYHoPq70xbcuZKVIKj177IxJ4R5Nz6xD33BJVdUb1N1NdO7g==", + "version": "2.0.15", + "resolved": "https://registry.npmjs.org/lefthook/-/lefthook-2.0.15.tgz", + "integrity": "sha512-sl5rePO6UUOLKp6Ci+MMKOc86zicBaPUCvSw2Cq4gCAgTmxpxhIjhz7LOu2ObYerVRPpTq3gvzPTjI71UotjnA==", "dev": true, "hasInstallScript": true, "license": "MIT", @@ -6107,22 +6107,22 @@ "lefthook": "bin/index.js" }, "optionalDependencies": { - "lefthook-darwin-arm64": "2.0.14", - "lefthook-darwin-x64": "2.0.14", - "lefthook-freebsd-arm64": "2.0.14", - "lefthook-freebsd-x64": "2.0.14", - "lefthook-linux-arm64": "2.0.14", - "lefthook-linux-x64": "2.0.14", - "lefthook-openbsd-arm64": "2.0.14", - "lefthook-openbsd-x64": "2.0.14", - "lefthook-windows-arm64": "2.0.14", - "lefthook-windows-x64": "2.0.14" + "lefthook-darwin-arm64": "2.0.15", + "lefthook-darwin-x64": "2.0.15", + "lefthook-freebsd-arm64": "2.0.15", + "lefthook-freebsd-x64": "2.0.15", + "lefthook-linux-arm64": "2.0.15", + "lefthook-linux-x64": "2.0.15", + "lefthook-openbsd-arm64": "2.0.15", + "lefthook-openbsd-x64": "2.0.15", + "lefthook-windows-arm64": "2.0.15", + "lefthook-windows-x64": "2.0.15" } }, "node_modules/lefthook-darwin-arm64": { - "version": "2.0.14", - "resolved": "https://registry.npmjs.org/lefthook-darwin-arm64/-/lefthook-darwin-arm64-2.0.14.tgz", - "integrity": "sha512-5pSYHM3oiI2dApZ/r+fUE6EEh3fJx5ggUnS3B/XoK7moM8T2gLJJqvSyU8kGP/KE0xZrQs37RQYm1UskO/zeNA==", + "version": "2.0.15", + "resolved": "https://registry.npmjs.org/lefthook-darwin-arm64/-/lefthook-darwin-arm64-2.0.15.tgz", + "integrity": "sha512-ygAqG/NzOgY9bEiqeQtiOmCRTtp9AmOd3eyrpEaSrRB9V9f3RHRgWDrWbde9BiHSsCzcbeY9/X2NuKZ69eUsNA==", "cpu": [ "arm64" ], @@ -6134,9 +6134,9 @@ ] }, "node_modules/lefthook-darwin-x64": { - "version": "2.0.14", - "resolved": "https://registry.npmjs.org/lefthook-darwin-x64/-/lefthook-darwin-x64-2.0.14.tgz", - "integrity": "sha512-Hp8DJ9rRfG3eluguHomUz8XU2bGM2wctjsWQYoQ1OTh6eWL6BMQjToumComEt1imJXjO8EVmME5gNjBUJNgjxw==", + "version": "2.0.15", + "resolved": "https://registry.npmjs.org/lefthook-darwin-x64/-/lefthook-darwin-x64-2.0.15.tgz", + "integrity": "sha512-3wA30CzdSL5MFKD6dk7v8BMq7ScWQivpLbmIn3Pv67AaBavN57N/hcdGqOFnDDFI5WazVwDY7UqDfMIk5HZjEA==", "cpu": [ "x64" ], @@ -6148,9 +6148,9 @@ ] }, "node_modules/lefthook-freebsd-arm64": { - "version": "2.0.14", - "resolved": "https://registry.npmjs.org/lefthook-freebsd-arm64/-/lefthook-freebsd-arm64-2.0.14.tgz", - "integrity": "sha512-3dwB8e0Jedzgwq8q8pg7QjdLHIX46+fPJ33uH/DkFHayzh0wqaz8cU63VSwFWKo7uq5SJ8IJ8qvTjBpDqfdKTQ==", + "version": "2.0.15", + "resolved": "https://registry.npmjs.org/lefthook-freebsd-arm64/-/lefthook-freebsd-arm64-2.0.15.tgz", + "integrity": "sha512-FbYBBLVbX8BjdO+icN1t/pC3TOW3FAvTKv/zggBKNihv6jHNn/3s/0j2xIS0k0Pw9oOE7MVmEni3qp2j5vqHrQ==", "cpu": [ "arm64" ], @@ -6162,9 +6162,9 @@ ] }, "node_modules/lefthook-freebsd-x64": { - "version": "2.0.14", - "resolved": "https://registry.npmjs.org/lefthook-freebsd-x64/-/lefthook-freebsd-x64-2.0.14.tgz", - "integrity": "sha512-hL8DJzCYDRZH0oW1+QGXUtBPcsl1ZLxutiuuqBUHtFNt0M25QxSKAN7yAx77l1xEYVg+GgxUgOytYSr0Q7K9wQ==", + "version": "2.0.15", + "resolved": "https://registry.npmjs.org/lefthook-freebsd-x64/-/lefthook-freebsd-x64-2.0.15.tgz", + "integrity": "sha512-udHMjh1E8TfC0Z7Y249XZMATJOyj1Jxlj9JoEinkoBvAsePFKDEQg5teuXuTGhjsHYpqVekfSvLNNfHKUUbbjw==", "cpu": [ "x64" ], @@ -6176,9 +6176,9 @@ ] }, "node_modules/lefthook-linux-arm64": { - "version": "2.0.14", - "resolved": "https://registry.npmjs.org/lefthook-linux-arm64/-/lefthook-linux-arm64-2.0.14.tgz", - "integrity": "sha512-VubfIiTNthTsjiDX/ZDROLtXyDFkN3REKQjLYu+VA6VJPHrNPVhRs30bc3975JTFT6bf20gKDSAIWqCokDrewQ==", + "version": "2.0.15", + "resolved": "https://registry.npmjs.org/lefthook-linux-arm64/-/lefthook-linux-arm64-2.0.15.tgz", + "integrity": "sha512-1HAPmdYhfcOlubv63sTnWtW2rFuC+kT1MvC3JvdrS5V6zrOImbBSnYZMJX/Dd3w4pm0x2ZJb9T+uef8a0jUQkg==", "cpu": [ "arm64" ], @@ -6190,9 +6190,9 @@ ] }, "node_modules/lefthook-linux-x64": { - "version": "2.0.14", - "resolved": "https://registry.npmjs.org/lefthook-linux-x64/-/lefthook-linux-x64-2.0.14.tgz", - "integrity": "sha512-osVNjNAxPTsJnZnX5ahHJJW1XvDYvYuMdddAQ+49mnXPfTyHPQQsPIGo90nHm7WmBi6oUwfOCZC5HPPzqEc2oA==", + "version": "2.0.15", + "resolved": "https://registry.npmjs.org/lefthook-linux-x64/-/lefthook-linux-x64-2.0.15.tgz", + "integrity": "sha512-Pho87mlNFH47zc4fPKzQSp8q9sWfIFW/KMMZfx/HZNmX25aUUTOqMyRwaXxtdAo/hNJ9FX4JeuZWq9Y3iyM5VA==", "cpu": [ "x64" ], @@ -6204,9 +6204,9 @@ ] }, "node_modules/lefthook-openbsd-arm64": { - "version": "2.0.14", - "resolved": "https://registry.npmjs.org/lefthook-openbsd-arm64/-/lefthook-openbsd-arm64-2.0.14.tgz", - "integrity": "sha512-VikhZ+oo9pHWa7HGtYVti/aEUACll/t93Lh06UKeLp9ctUqILINs/pYB0NatUXT0Krc4g6u8w5LtzMtDS8qdlg==", + "version": "2.0.15", + "resolved": "https://registry.npmjs.org/lefthook-openbsd-arm64/-/lefthook-openbsd-arm64-2.0.15.tgz", + "integrity": "sha512-pet03Edlj1QeFUgxcIK1xu8CeZA+ejYplvPgdfe//69+vQFGSDaEx3H2mVx8RqzWfmMbijM2/WfkZXR2EVw3bw==", "cpu": [ "arm64" ], @@ -6218,9 +6218,9 @@ ] }, "node_modules/lefthook-openbsd-x64": { - "version": "2.0.14", - "resolved": "https://registry.npmjs.org/lefthook-openbsd-x64/-/lefthook-openbsd-x64-2.0.14.tgz", - "integrity": "sha512-TW3GUSYlbdmrwRJ61bduLJEyXrTTQzOeGszODlf4caRr2cu7jmml1/vSz2wLJ43Gokx/59FXeSIcysMKijIBhw==", + "version": "2.0.15", + "resolved": "https://registry.npmjs.org/lefthook-openbsd-x64/-/lefthook-openbsd-x64-2.0.15.tgz", + "integrity": "sha512-i+a364CcSAeIO5wQzLMHsthHt/v6n3XwhKmRq/VBzPOUv9KutNeF55yCE/6lvuvzwxpdEfBjh6cXPERC0yp98w==", "cpu": [ "x64" ], @@ -6232,9 +6232,9 @@ ] }, "node_modules/lefthook-windows-arm64": { - "version": "2.0.14", - "resolved": "https://registry.npmjs.org/lefthook-windows-arm64/-/lefthook-windows-arm64-2.0.14.tgz", - "integrity": "sha512-TH04uiyvEIe6r1adfQUxQwFDtE7GRGfOcFsRZb7hwMc5OzixLw5a/HqT3qDmNbBlq8QYFpSH9R9VtjLjio/Odw==", + "version": "2.0.15", + "resolved": "https://registry.npmjs.org/lefthook-windows-arm64/-/lefthook-windows-arm64-2.0.15.tgz", + "integrity": "sha512-69u5GdVOT4QIxc2TK5ce0cTXLzwB55Pk9ZnnJNFf1XsyZTGcg9bUWYYTyD12CIIXbVTa0RVXIIrbU9UgP8O1AQ==", "cpu": [ "arm64" ], @@ -6246,9 +6246,9 @@ ] }, "node_modules/lefthook-windows-x64": { - "version": "2.0.14", - "resolved": "https://registry.npmjs.org/lefthook-windows-x64/-/lefthook-windows-x64-2.0.14.tgz", - "integrity": "sha512-ucxZc+FJErQu9gS/+ldhEMTKbhA/Ez4F1dPIR06E14Jax7pqdls1IyRWPhRPlvsDh7dkmXrEuBm1iglWpR0/8w==", + "version": "2.0.15", + "resolved": "https://registry.npmjs.org/lefthook-windows-x64/-/lefthook-windows-x64-2.0.15.tgz", + "integrity": "sha512-/zYEndCUgj8XK+4wvLYLRk3AcfKU6zWf2GHx+tcZ4K2bLaQdej4m+OqmQsVpUlF8N2tN9hfwlj1D50uz75LUuQ==", "cpu": [ "x64" ], diff --git a/package.json b/package.json index 005263f3d26ea2b..fb41392e6882d58 100644 --- a/package.json +++ b/package.json @@ -69,7 +69,7 @@ "imagemin-pngquant": "^10.0.0", "imagemin-svgo": "^11.0.1", "is-svg": "^6.1.0", - "lefthook": "^2.0.14", + "lefthook": "^2.0.15", "markdownlint-cli2": "0.20.0", "markdownlint-rule-search-replace": "1.2.0", "node-html-parser": "^7.0.2", From be011c2d90dd6d754ebb7c95521fef185ef1d3c0 Mon Sep 17 00:00:00 2001 From: Hamish Willee Date: Wed, 14 Jan 2026 02:04:31 +1100 Subject: [PATCH 4/7] Restructure import assertions description to ease maintainability (#42309) * Restructure import assertions description to ease maintainability * Apply suggestions from code review * Clarify ECMAScript supports type of json * Apply suggestions from code review * Apply suggestions from code review Co-authored-by: Joshua Chen * minor cleanup * Description intro - attempt to match original flow * Update files/en-us/web/javascript/reference/statements/import/with/index.md * Update files/en-us/web/javascript/reference/statements/import/with/index.md Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> * Update files/en-us/web/javascript/reference/statements/import/with/index.md --------- Co-authored-by: Joshua Chen Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- .../reference/statements/import/with/index.md | 73 +++++++++++++++---- 1 file changed, 59 insertions(+), 14 deletions(-) diff --git a/files/en-us/web/javascript/reference/statements/import/with/index.md b/files/en-us/web/javascript/reference/statements/import/with/index.md index 1c3952f1bb09339..2cce6692ed5f768 100644 --- a/files/en-us/web/javascript/reference/statements/import/with/index.md +++ b/files/en-us/web/javascript/reference/statements/import/with/index.md @@ -34,6 +34,16 @@ export { names } from "module-name" with { key: "data", key2: "data2", /* …, * - `"dataN"` - : An attribute value. Must be a string literal. +### Exceptions + +- {{jsxref("SyntaxError")}} + - : An unsupported `key` was specified in a _static import_. + +- {{jsxref("TypeError")}} + - : An unsupported `key` was specified in a _dynamic import_. + +Note that specifying an unsupported value for a supported key may also result in an exception in some cases, depending on the key. + ## Description Import attributes tell the runtime how a particular module should be loaded. @@ -53,36 +63,73 @@ Content-Type: application/json; charset=utf-8 {"name":"Maria"} ``` -Modules are identified and parsed only according to their served [MIME type](/en-US/docs/Web/HTTP/Guides/MIME_types) — the file extension in the URL cannot be used to identify a file's type. In this case, the MIME type is `application/json`, which tells the browser that the file is JSON and must be parsed as JSON. If, for some reason (e.g., the server is hijacked or bogus), the MIME type in the server response is set to `text/javascript` (for JavaScript source), then the file would be parsed and executed as code. If the "JSON" file actually contains malicious code, the `import` declaration would unintentionally execute external code, posing a serious security threat. +Modules are identified and parsed only according to their served [media type (MIME type)](/en-US/docs/Web/HTTP/Guides/MIME_types) — the file extension in the URL cannot be used to identify a file's type. In this case, the MIME type is `application/json`, which tells the browser that the file is JSON and must be parsed as JSON. If, for some reason (e.g., the server is hijacked or bogus), the media type in the server response is set to `text/javascript` (for JavaScript source), then the file would be parsed and executed as code. If the "JSON" file actually contains malicious code, the `import` declaration would unintentionally execute external code, posing a serious security threat. -Import attributes fix this problem by allowing the author to explicitly specify how a module should be validated. For example, the import statement above, which lacks an attribute, would actually fail: +Import attributes fix this problem by allowing the author to explicitly specify how a module should be validated. +In particular, the `type` attribute allows you to validate that the file is served with a particular media type, and fails the import if a different media type is used. -```plain -Failed to load module script: Expected a JavaScript module script but the server responded with a MIME type of "application/json". Strict MIME type checking is enforced for module scripts per HTML spec. +For example, the code above can be written to specify that the expected type is `"json"` and the import would fail if it was served with the `text/javascript` (or any media type other than `application/json`): + +```js +import data from "https://example.com/data.json" with { type: "json" }; ``` -Instead, you must provide an attribute to tell the runtime that this file must contain JSON. To validate the module's type (via MIME type), you use the attribute key called `type`. To validate that the module is a JSON module, the value is `"json"`. +The `type` attribute allows you to specify that modules are served as JSON or CSS (and implicitly as JavaScript). -> [!NOTE] -> The actual `type` attribute value does not correspond directly to the MIME type. It's separately specified by the [HTML specification](https://html.spec.whatwg.org/multipage/webappapis.html#module-type-allowed). +Other attributes may also be supported, and [can affect the behaviour of different parts of the loading process](#intended_semantics_for_import_attributes). +A syntax error is thrown if an unknown attribute is used. + +### Standard attributes + +The available attributes depend on the language and runtime environment. +The ECMAScript standard [defines the `type` attribute with the value of `"json"`](https://tc39.es/ecma262/multipage/ecmascript-language-scripts-and-modules.html#sec-HostLoadImportedModule). + +The HTML specification also [defines the `type` attribute with values `"json"` and `"css"`](https://html.spec.whatwg.org/multipage/webappapis.html#module-type-allowed) — these are the attributes that are supported in browser environments. + +#### JSON Modules (`{ type: "json" }`) -Therefore, the code above should be re-written as: +The `json` type indicates that the imported file must contain JSON. +You can load JSON from a file into the `data` object using the following code: ```js import data from "https://example.com/data.json" with { type: "json" }; ``` +If the file is served with any other media type than `"application/json"`, the import will fail. + The `type` attribute changes how the module is fetched (the browser sends the request with `{{HTTPHeader("Accept")}}: application/json` header), but does _not_ change how the module is parsed or evaluated. The runtime already knows to parse the module as JSON given the response MIME type. It only uses the attribute to do _after-the-fact_ checking that the `data.json` module is, in fact, a JSON module. For example, if the response header changes to `Content-Type: text/javascript` instead, the program will fail with a similar error as above. -The specification explicitly calls out `type: "json"` to be supported — if a module is asserted to be `type: "json"` and the runtime does not fail this import, then it must be parsed as JSON. However, there's no behavior requirement otherwise: for imports without a `type: "json"` attribute, the runtime may still parse it as JSON if security is not an issue in this environment. Browsers, on the other hand, implicitly assume that the module is JavaScript, and fail if the module is not JavaScript (for example, JSON). This ensures that module types are always strictly validated and prevents any security risks. In reality, non-browser runtimes such as Node and Deno align with browser semantics and enforce `type` for JSON modules. +The specification explicitly calls out `type: "json"` to be supported — if a module is asserted to be `type: "json"` and the runtime does not fail this import, then it must be parsed as JSON. + +However, there's no behavior requirement otherwise: for imports without a `type: "json"` attribute, the runtime may still parse it as JSON if security is not an issue in this environment. + +Browsers, on the other hand, implicitly assume that the module is JavaScript if the `type` is not specified, and fail if the module is not JavaScript (for example, JSON). This ensures that module types are always strictly validated and prevents any security risks. +Non-browser runtimes such as Node and Deno align with browser semantics and enforce `type` for JSON modules. + +In other words, if you omit the `type` and attempt to import a file as `"application/json"` you will usually get an error like the following: + +```plain +Failed to load module script: Expected a JavaScript module script but the server responded with a MIME type of "application/json". Strict MIME type checking is enforced for module scripts per HTML spec. +``` + +#### CSS Modules (`{ type: "css" }`) -The `type` attribute also supports other module types. For example, the HTML spec also defines the `css` type, which imports a {{domxref("CSSStyleSheet")}} object: +The HTML spec defines the `css` type, which imports a stylesheet into a script as an {{domxref("CSSStyleSheet")}} object. + +The code below shows how you might import a style and add it to your document. +The import will throw an exception if `example_styles.css` is served with any media type other than `"text/css"`. ```js -import styles from "https://example.com/styles.css" with { type: "css" }; +import exampleStyles from "https://example.com/example_styles.css" with { type: "css" }; + +document.adoptedStyleSheets.push(exampleStyles); ``` -The attributes syntax is designed to be extensible — although only `type` is specified by the language, the runtime can read and process other attributes. An attribute can change the runtime's behavior at every stage of the module loading process: +Note that importing CSS modules into workers is usually not supported, because the CSSOM specification only exposes `CSSStyleSheet` in the window context. + +### Intended semantics for import attributes + +An attribute can change the runtime's behavior at every stage of the module loading process: - Resolution: the attribute is part of the module specifier (the string in the `from` clause). Therefore, given the same string path, different attributes may lead to entirely different modules being loaded. For example, [TypeScript supports the `resolution-mode` attribute](https://devblogs.microsoft.com/typescript/announcing-typescript-5-3/#stable-support-resolution-mode-in-import-types). @@ -95,8 +142,6 @@ The attributes syntax is designed to be extensible — although only `type` is s - Fetching: for example, CSS modules are fetched with the [`destination`](/en-US/docs/Web/API/Request/destination) set to `"style"`, and JSON modules are fetched with `destination: "json"`. This means given the same destination URL, the server may still return different content. - Parsing and evaluation: the runtime may use the attribute to determine how to parse and evaluate the module. -However, you cannot use unknown attributes — the runtime throws an error if it encounters an unknown attribute. - ## Examples ### Importing JSON modules with the type attribute From 65fb7de138a5905680763cb07192b5704c9567b6 Mon Sep 17 00:00:00 2001 From: Jake Archibald Date: Tue, 13 Jan 2026 15:43:52 +0000 Subject: [PATCH 5/7] Add Firefox 147 devtools stuff (#42764) * Add Firefox 147 devtools stuff * Update files/en-us/mozilla/firefox/releases/147/index.md --------- Co-authored-by: Vadim Makeev --- files/en-us/mozilla/firefox/releases/147/index.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/files/en-us/mozilla/firefox/releases/147/index.md b/files/en-us/mozilla/firefox/releases/147/index.md index 5bfba0a6d5b0d4b..9f5836edc915684 100644 --- a/files/en-us/mozilla/firefox/releases/147/index.md +++ b/files/en-us/mozilla/firefox/releases/147/index.md @@ -20,6 +20,11 @@ Firefox 147 is the current [Beta version of Firefox](https://www.firefox.com/en- - When you select a [pseudo-element](/en-US/docs/Web/CSS/Reference/Selectors/Pseudo-elements) (such as {{cssxref("::before")}} or {{cssxref("::after")}}) in the HTML pane of the Inspector, you can now edit the selector of the corresponding rule in the CSS pane. ([Firefox bug 1998704](https://bugzil.la/1998704)). +- During a view transition, {{cssxref("::view-transition")}} pseudo-elements now appear in the elements view. ([Firefox bug 1996608](https://bugzil.la/1996608)). +- During a view transition, the associated animations now appear in the animations panel. ([Firefox bug 1995296](https://bugzil.la/1995296)). +- Elements with a valid {{cssxref("anchor-name")}} get an 'anchor' badge in the elements view. ([Firefox bug 1895196](https://bugzil.la/1895196)). +- A highlighted element's associated {{cssxref("@position-try")}} rules are now displayed in the CSS rules panel. ([Firefox bug 1895176](https://bugzil.la/1895176)). +- JSON payloads can be imported into Firefox Profiler from the JSON viewer using a new button. This provides a breakdown of the size of the resource. ([Firefox bug 1997209](https://bugzil.la/1997209)). From fa422ef89f5da5c7bc10a03f8e84b01b8132061c Mon Sep 17 00:00:00 2001 From: Vadim Makeev Date: Tue, 13 Jan 2026 17:37:23 +0100 Subject: [PATCH 6/7] Finalize release note for Firefox 147 release (#42768) --- .../mozilla/firefox/releases/146/index.md | 6 +- .../mozilla/firefox/releases/147/index.md | 51 ++---------- .../mozilla/firefox/releases/148/index.md | 6 +- .../mozilla/firefox/releases/149/index.md | 83 +++++++++++++++++++ 4 files changed, 94 insertions(+), 52 deletions(-) create mode 100644 files/en-us/mozilla/firefox/releases/149/index.md diff --git a/files/en-us/mozilla/firefox/releases/146/index.md b/files/en-us/mozilla/firefox/releases/146/index.md index 79d52cd69c3310f..1d8ebe319ac8b94 100644 --- a/files/en-us/mozilla/firefox/releases/146/index.md +++ b/files/en-us/mozilla/firefox/releases/146/index.md @@ -1,8 +1,8 @@ --- -title: Firefox 146 release notes for developers (Stable) -short-title: Firefox 146 (Stable) +title: Firefox 146 release notes for developers +short-title: Firefox 146 slug: Mozilla/Firefox/Releases/146 -page-type: firefox-release-notes-active +page-type: firefox-release-notes sidebar: firefox --- diff --git a/files/en-us/mozilla/firefox/releases/147/index.md b/files/en-us/mozilla/firefox/releases/147/index.md index 9f5836edc915684..7923127c8c0bb9d 100644 --- a/files/en-us/mozilla/firefox/releases/147/index.md +++ b/files/en-us/mozilla/firefox/releases/147/index.md @@ -1,18 +1,13 @@ --- -title: Firefox 147 release notes for developers (Beta) -short-title: Firefox 147 (Beta) +title: Firefox 147 release notes for developers (Stable) +short-title: Firefox 147 (Stable) slug: Mozilla/Firefox/Releases/147 page-type: firefox-release-notes-active sidebar: firefox --- This article provides information about the changes in Firefox 147 that affect developers. -Firefox 147 is the current [Beta version of Firefox](https://www.firefox.com/en-US/channel/desktop/#beta) and ships on [January 13, 2026](https://whattrainisitnow.com/release/?version=147). - -> [!NOTE] -> The release notes for this Firefox version are still a work in progress. - - +Firefox 147 was released on [January 13, 2026](https://whattrainisitnow.com/release/?version=147). ## Changes for web developers @@ -26,15 +21,9 @@ Firefox 147 is the current [Beta version of Firefox](https://www.firefox.com/en- - A highlighted element's associated {{cssxref("@position-try")}} rules are now displayed in the CSS rules panel. ([Firefox bug 1895176](https://bugzil.la/1895176)). - JSON payloads can be imported into Firefox Profiler from the JSON viewer using a new button. This provides a breakdown of the size of the resource. ([Firefox bug 1997209](https://bugzil.la/1997209)). - - - - - - - +### HTML - +No notable changes. ### SVG @@ -42,8 +31,6 @@ Firefox 147 is the current [Beta version of Firefox](https://www.firefox.com/en- - When the SVG includes a [SMIL animation](/en-US/docs/Web/SVG/Guides/SVG_animation_with_SMIL), you can use [temporal dimension](/en-US/docs/Web/URI/Reference/Fragment/Media_fragments#temporal_dimension_fragment_syntax) syntax to play a portion of the animation from a specific start time to a specific end time, after which the animation will pause. - You can use [spatial dimension](/en-US/docs/Web/URI/Reference/Fragment/Media_fragments#spatial_dimension_fragment_syntax) syntax to display a specific area of the SVG document. - - ### CSS - [CSS anchor positioning](/en-US/docs/Web/CSS/Guides/Anchor_positioning) is now enabled by default. @@ -61,8 +48,6 @@ Firefox 147 is the current [Beta version of Firefox](https://www.firefox.com/en- - The following [relative length units based on root element's font](/en-US/docs/Web/CSS/Reference/Values/length#relative_length_units_based_on_root_elements_font) are now supported: `rcap`, `rch`, `rex`, and `ric`. These units allow you to define `` values based on the size of a particular character or font attribute of the [root](/en-US/docs/Web/CSS/Reference/Selectors/:root) element. ([Firefox bug 1740584](https://bugzil.la/1740584)). - - ### JavaScript - CSS module scripts are now supported, allowing a stylesheet to be loaded into a script as a {{domxref("CSSStyleSheet")}} instance using the [`import`](/en-US/docs/Web/JavaScript/Reference/Statements/import) keyword and the [`type` import attribute](/en-US/docs/Web/JavaScript/Reference/Statements/import/with) set to `type="css"`. @@ -70,18 +55,6 @@ Firefox 147 is the current [Beta version of Firefox](https://www.firefox.com/en- - The {{jsxref("Iterator.concat()")}} method is now supported. This method enables you to create a new iterator that combines multiple input iterables into a single sequence. ([Firefox bug 1986672](https://bugzil.la/1986672)). - - - - - - - - - - - - ### APIs - The {{domxref("Document.activeViewTransition")}} property is now supported, which returns a {{domxref("ViewTransition")}} instance representing the [view transition](/en-US/docs/Web/API/View_Transition_API) currently active on the document. This provides a consistent way to access an active view transition in any context without having to manually store a reference to it for later use. ([Firefox bug 2001836](https://bugzil.la/2001836)). @@ -95,16 +68,6 @@ Firefox 147 is the current [Beta version of Firefox](https://www.firefox.com/en- To load a service worker module, specify a [`type`](/en-US/docs/Web/API/ServiceWorkerContainer/register#type) of `'module'` when calling {{domxref("ServiceWorkerContainer.register()")}}. ([Firefox bug 1360870](https://bugzil.la/1360870)). - - - - - - - - - - ### WebDriver conformance (WebDriver BiDi, Marionette) #### General @@ -129,10 +92,6 @@ Firefox 147 is the current [Beta version of Firefox](https://www.firefox.com/en- - Temporarily loaded Manifest Version 3 extensions can now load scripts from localhost, as explained in [Scripts from localhost](/en-US/docs/Mozilla/Add-ons/WebExtensions/Content_Security_Policy#scripts_from_localhost) in the Content Security Policy article. ([Firefox bug 1864284](https://bugzil.la/1864284)) - - - - ## Experimental web features These features are shipping in Firefox 147 but are disabled by default. diff --git a/files/en-us/mozilla/firefox/releases/148/index.md b/files/en-us/mozilla/firefox/releases/148/index.md index 0e87e3d85ff0c64..bb09ade42078268 100644 --- a/files/en-us/mozilla/firefox/releases/148/index.md +++ b/files/en-us/mozilla/firefox/releases/148/index.md @@ -1,13 +1,13 @@ --- -title: Firefox 148 release notes for developers (Nightly) -short-title: Firefox 148 (Nightly) +title: Firefox 148 release notes for developers (Beta) +short-title: Firefox 148 (Beta) slug: Mozilla/Firefox/Releases/148 page-type: firefox-release-notes-active sidebar: firefox --- This article provides information about the changes in Firefox 148 that affect developers. -Firefox 148 is the current [Nightly version of Firefox](https://www.firefox.com/en-US/channel/desktop/#nightly) and ships on [February 24, 2026](https://whattrainisitnow.com/release/?version=148). +Firefox 148 is the current [Beta version of Firefox](https://www.firefox.com/en-US/channel/desktop/#beta) and ships on [February 24, 2026](https://whattrainisitnow.com/release/?version=148). > [!NOTE] > The release notes for this Firefox version are still a work in progress. diff --git a/files/en-us/mozilla/firefox/releases/149/index.md b/files/en-us/mozilla/firefox/releases/149/index.md new file mode 100644 index 000000000000000..d674ff34d5d9c98 --- /dev/null +++ b/files/en-us/mozilla/firefox/releases/149/index.md @@ -0,0 +1,83 @@ +--- +title: Firefox 149 release notes for developers (Nightly) +short-title: Firefox 149 (Nightly) +slug: Mozilla/Firefox/Releases/149 +page-type: firefox-release-notes-active +sidebar: firefox +--- + +This article provides information about the changes in Firefox 149 that affect developers. +Firefox 149 is the current [Nightly version of Firefox](https://www.firefox.com/en-US/channel/desktop/#nightly) and ships on [March 24, 2026](https://whattrainisitnow.com/release/?version=149). + +> [!NOTE] +> The release notes for this Firefox version are still a work in progress. + + + +## Changes for web developers + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +## Changes for add-on developers + + + + + +## Experimental web features + +These features are shipping in Firefox 149 but are disabled by default. +To experiment with them, search for the appropriate preference on the `about:config` page and set it to `true`. +You can find more such features on the [Experimental features](/en-US/docs/Mozilla/Firefox/Experimental_features) page. From cee38200097c0261de3067165362100b830a580d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?YURI=20LOUREN=C3=87O?= <90795230+YuriMascarenhasLourenco@users.noreply.github.com> Date: Tue, 13 Jan 2026 15:42:43 -0300 Subject: [PATCH 7/7] gutters definition issue expanded (#42758) --- files/en-us/glossary/gutters/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/en-us/glossary/gutters/index.md b/files/en-us/glossary/gutters/index.md index ad48b05b0547dc6..8ea236a7102cf98 100644 --- a/files/en-us/glossary/gutters/index.md +++ b/files/en-us/glossary/gutters/index.md @@ -5,7 +5,7 @@ page-type: glossary-definition sidebar: glossarysidebar --- -**Gutters** or _alleys_ are spacing between content {{glossary("grid_tracks", "tracks")}}. These can be created in [CSS grid layout](/en-US/docs/Web/CSS/Guides/Grid_layout) using the {{cssxref("column-gap")}}, {{cssxref("row-gap")}}, or {{cssxref("gap")}} properties. +**Gutters** or _alleys_ are spacing between content {{glossary("grid_tracks", "tracks")}}. These can be created in [CSS grid layout](/en-US/docs/Web/CSS/Guides/Grid_layout), [flex layout](/en-US/docs/Web/CSS/Guides/Flexible_box_layout), and [multi-column layout](/en-US/docs/Web/CSS/Guides/Multicol_layout) using the {{cssxref("column-gap")}}, {{cssxref("row-gap")}}, or {{cssxref("gap")}} properties. ## Example