May in Servo: user scripts, mp4 compat, blackboxing in DevTools, and more
May in Servo: user scripts, mp4 compat, blackboxing in DevTools, and more
May in Servo: user scripts, mp4 compat, blackboxing in DevTools, and more! Plus seven new commands for execCommand(), and Sanitizer API now experimental. Posted 2026-06-30
Servo 五月动态:用户脚本、mp4 兼容性、开发者工具黑盒化等功能更新!此外还新增了七条 execCommand() 命令,Sanitizer API 现已进入实验阶段。发布于 2026 年 6 月 30 日。
Servo 0.3.0 contains all of the changes we landed in May, which came out to 391 commits (March: 534). For security fixes, see § Security.
Servo 0.3.0 版本包含了我们在五月份合并的所有更改,共计 391 次提交(三月份为 534 次)。有关安全修复,请参阅“安全”章节。
We’ve shipped several new web platform features:
- ‘font-kerning: none’ (@simonwuelker, #44634)
- ‘font-variant-east-asian’ (@simonwuelker, #44989)
- ‘font-variant-ligatures’ (@simonwuelker, #44903)
- ‘font-variant-numeric’ (@simonwuelker, #44950)
- ‘font-variant-position’ (@simonwuelker, #45142)
- mp4 files without fast start in
- (@yezhizhen, #45111)
- layout (@mrobinson, #44791)
我们发布了多项新的 Web 平台特性:
- ‘font-kerning: none’ (@simonwuelker, #44634)
- ‘font-variant-east-asian’ (@simonwuelker, #44989)
- ‘font-variant-ligatures’ (@simonwuelker, #44903)
- ‘font-variant-numeric’ (@simonwuelker, #44950)
- ‘font-variant-position’ (@simonwuelker, #45142)
- (@yezhizhen, #45028)
- (@yezhizhen, #45111)
- 布局支持 (@mrobinson, #44791)
Plus a bunch of new DOM APIs:
- onslotchange property on ShadowRoot (@jdm, #44688)
- screenLeft and screenTop on Window (@TG199, #45128)
- new Blob() with {endings: “native”} (@yezhizhen, #44803)
- new PerformanceMark() (@shubhamg13, #44702)
- parseHTML() on Document (@kkoyung, #44952)
- readAsBinaryString() on FileReader (@yezhizhen, #44858, #44921)
- performance.measure() with mark values ‘redirectStart’, ‘redirectEnd’, ‘secureConnectionStart’, and ‘responseEnd’ (@shubhamg13, #44673, #44624, #44850, #44739)
此外还有一系列新的 DOM API:
- ShadowRoot 上的 onslotchange 属性 (@jdm, #44688)
- Window 上的 screenLeft 和 screenTop (@TG199, #45128)
- 支持 {endings: “native”} 的 new Blob() (@yezhizhen, #44803)
- new PerformanceMark() (@shubhamg13, #44702)
- Document 上的 parseHTML() (@kkoyung, #44952)
- FileReader 上的 readAsBinaryString() (@yezhizhen, #44858, #44921)
- 支持 ‘redirectStart’、‘redirectEnd’、‘secureConnectionStart’ 和 ‘responseEnd’ 标记值的 performance.measure() (@shubhamg13, #44673, #44624, #44850, #44739)
We’ve also fixed some build issues on Windows (@mukilan, #45079), FreeBSD (@delan, @mrobinson, @mukilan, #44600), and for anyone building Servo on NixOS or with Nix (@freyacodes, #45051, #45135).
我们还修复了 Windows (@mukilan, #45079) 和 FreeBSD (@delan, @mrobinson, @mukilan, #44600) 上的构建问题,以及在 NixOS 或使用 Nix 构建 Servo 时遇到的问题 (@freyacodes, #45051, #45135)。
Security (安全)
Servo’s JS runtime, SpiderMonkey 140.10.0, had several memory safety bugs that have been fixed in Servo 0.3.0 with the update to SpiderMonkey 140.10.1 (@jschwe, #44755). For more details, see CVE-2026-7322, CVE-2026-7323, and MFSA 2026-36.
Servo 的 JS 运行时 SpiderMonkey 140.10.0 存在多个内存安全漏洞,已在 Servo 0.3.0 中通过升级至 SpiderMonkey 140.10.1 得到修复 (@jschwe, #44755)。更多详情请参阅 CVE-2026-7322、CVE-2026-7323 和 MFSA 2026-36。
Work in progress (开发中)
We’re continuing to implement document.execCommand() for rich text editing, under —pref dom_exec_command_enabled (@TimvdLippe, #44735, #44973, #44887). This release adds support for the ‘backColor’, ‘foreColor’, ‘createLink’, ‘unlink’, ‘superscript’, ‘subscript’, and ‘removeFormat’ commands (@TimvdLippe, #44644, #44682, #44657, #44710, #44677), plus partial support for the ‘insertParagraph’ command (@TimvdLippe, #44909).
我们正在继续实现用于富文本编辑的 document.execCommand(),该功能可通过 --pref dom_exec_command_enabled 开启 (@TimvdLippe, #44735, #44973, #44887)。此版本增加了对 ‘backColor’、‘foreColor’、‘createLink’、‘unlink’、‘superscript’、‘subscript’ 和 ‘removeFormat’ 命令的支持 (@TimvdLippe, #44644, #44682, #44657, #44710, #44677),并初步支持了 ‘insertParagraph’ 命令 (@TimvdLippe, #44909)。
We’re also working on the Sanitizer API, under —pref dom_sanitizer_enabled. With the feature now enabled in servoshell’s experimental mode (@kkoyung, #44701), this release adds support for setComments(), setDataAttributes(), allowProcessingInstruction(), removeProcessingInstruction(), and removeUnsafe() on Sanitizer (@kkoyung, #44734, #44983).
我们也在开发 Sanitizer API,可通过 --pref dom_sanitizer_enabled 开启。该功能现已在 servoshell 的实验模式中启用 (@kkoyung, #44701),此版本增加了对 Sanitizer 的 setComments()、setDataAttributes()、allowProcessingInstruction()、removeProcessingInstruction() 和 removeUnsafe() 的支持 (@kkoyung, #44734, #44983)。
IndexedDB continues to improve, under —pref dom_indexeddb_enabled. This release brings a more conformant abort() on IDBTransaction (@Taym95, #43950). All of the features above are enabled in servoshell’s experimental mode.
IndexedDB 也在持续改进中,可通过 --pref dom_indexeddb_enabled 开启。此版本为 IDBTransaction 带来了更符合规范的 abort() 实现 (@Taym95, #43950)。以上所有功能均已在 servoshell 的实验模式中启用。
We’ve made more progress towards accessibility support, including the name from contents algorithm (@alice, @delan, @mrobinson, #44439) and several changes towards building the accessibility tree incrementally (@alice, @delan, @mrobinson, #44766, #45035, #45207, #44768, #44785, #44801, #44767, #45029). The latter is critical for performance in real-world web content.
我们在无障碍支持方面取得了更多进展,包括“从内容获取名称”(name from contents)算法 (@alice, @delan, @mrobinson, #44439),以及为增量构建无障碍树所做的多项更改 (@alice, @delan, @mrobinson, #44766, #45035, #45207, #44768, #44785, #44801, #44767, #45029)。后者对于提升真实 Web 内容的性能至关重要。
We’re now working on SharedWorker and ServiceWorker, under —pref dom_sharedworker_enabled and —pref dom_serviceworker_enabled respectively. This release adds support for new SharedWorker() (@Taym95, #44761), and parts of the ServiceWorker API (@gterzian, @arihant2math, #45082, #44787).
我们目前正在开发 SharedWorker 和 ServiceWorker,分别可通过 --pref dom_sharedworker_enabled 和 --pref dom_serviceworker_enabled 开启。此版本增加了对 new SharedWorker() (@Taym95, #44761) 以及部分 ServiceWorker API (@gterzian, @arihant2math, #45082, #44787) 的支持。
Embedding API (嵌入式 API)
Servo now requires Rust 1.88.0 or newer, up from the old MSRV of 1.86.0 (@sagudev, #44815). We run compile tests with the MSRV, but most of our testing is now done with Rust 1.95.0 (@simonwuelker, #44632).
Servo 现在要求 Rust 1.88.0 或更高版本,之前的最低支持版本(MSRV)为 1.86.0 (@sagudev, #44815)。我们使用 MSRV 进行编译测试,但目前大部分测试是在 Rust 1.95.0 下完成的 (@simonwuelker, #44632)。
Breaking changes to the cookies methods in our SiteDataManager API (@longvatrong111, #44708):
- SiteDataManager::clear_cookies now takes an additional callback argument, allowing it to be called async – to continue calling it sync, pass None as the callback
- SiteDataManager::clear_session_cookies now takes an additional callback argument, allowing it to be called async – to continue calling it sync, pass None as the callback
- SiteDataManager::set_cookie_for_url now takes an additional callback argument, allowing it to be called async – to continue calling it sync, pass None as the callback
- SiteDataManager::set_cookie_for_url_async has been removed in favour of set_cookie_for_url – to migrate, replace set_cookie_for_url_async(callback) with set_cookie_for_url(Some(Box::new(callback)))
SiteDataManager API 中的 Cookie 方法发生了破坏性变更 (@longvatrong111, #44708):
SiteDataManager::clear_cookies现在接受一个额外的回调参数,允许异步调用;若要继续同步调用,请将回调参数设为None。SiteDataManager::clear_session_cookies现在接受一个额外的回调参数,允许异步调用;若要继续同步调用,请将回调参数设为None。SiteDataManager::set_cookie_for_url现在接受一个额外的回调参数,允许异步调用;若要继续同步调用,请将回调参数设为None。SiteDataManager::set_cookie_for_url_async已被移除,取而代之的是set_cookie_for_url。迁移时,请将set_cookie_for_url_async(callback)替换为set_cookie_for_url(Some(Box::new(callback)))。
Breaking changes to our Preferences API (@Narfinger, @mrobinson, #44307):
- threadpools_image_cache_workers_max, threadpools_indexeddb_workers_max, and threadpools_webstorage_workers_max have been removed in favour of a combined thread_pool_workers_max
- threadpools_fallback_worker_num has been renamed to thread_pool_fallback_workers
- threadpools_async_runtime_workers_max has been renamed to thread_pool_async_runtime_workers_max
- threadpools_webrender_workers_max has been renamed to thread_pool_webrender_workers_max
Preferences API 发生了破坏性变更 (@Narfinger, @mrobinson, #44307):
threadpools_image_cache_workers_max、threadpools_indexeddb_workers_max和threadpools_webstorage_workers_max已被移除,合并为thread_pool_workers_max。threadpools_fallback_worker_num重命名为thread_pool_fallback_workers。threadpools_async_runtime_workers_max重命名为thread_pool_async_runtime_workers_max。threadpools_webrender_workers_max重命名为thread_pool_webrender_workers_max。
We’ve also reworked our DiagnosticsLogging API (@mukilan, #44703):
- You can now set options with DiagnosticsLogging::toggle_option, and check if they are enabled with DiagnosticsLogging::is_enabled
- Each option is a variant of DiagnosticsLoggingOption, a new type that also has useful methods for exposing these options in embedder UI
- (Breaking change) DiagnosticsLogging no longer has pub fields representing each option – to migrate, replace field writes and field reads with…
我们还重构了 DiagnosticsLogging API (@mukilan, #44703):
- 现在可以使用
DiagnosticsLogging::toggle_option设置选项,并使用DiagnosticsLogging::is_enabled检查它们是否已启用。 - 每个选项都是
DiagnosticsLoggingOption的一个变体,这是一种新类型,并提供了用于在嵌入器 UI 中展示这些选项的实用方法。 - (破坏性变更)
DiagnosticsLogging不再包含代表每个选项的公共字段。迁移时,请将字段的读写操作替换为……