May in Servo: user scripts, mp4 compat, blackboxing in DevTools, and more

May in Servo: user scripts, mp4 compat, blackboxing in DevTools, and more

May in Servo: user scripts, mp4 compat, blackboxing in DevTools, and more! Plus seven new commands for execCommand(), and Sanitizer API now experimental. Posted 2026-06-30

Servo 五月动态:用户脚本、mp4 兼容性、开发者工具黑盒化等功能更新!此外还新增了七条 execCommand() 命令,Sanitizer API 现已进入实验阶段。发布于 2026 年 6 月 30 日。

Servo 0.3.0 contains all of the changes we landed in May, which came out to 391 commits (March: 534). For security fixes, see § Security.

Servo 0.3.0 版本包含了我们在五月份合并的所有更改,共计 391 次提交(三月份为 534 次)。有关安全修复,请参阅“安全”章节。

We’ve shipped several new web platform features:

  • ‘font-kerning: none’ (@simonwuelker, #44634)
  • ‘font-variant-east-asian’ (@simonwuelker, #44989)
  • ‘font-variant-ligatures’ (@simonwuelker, #44903)
  • ‘font-variant-numeric’ (@simonwuelker, #44950)
  • ‘font-variant-position’ (@simonwuelker, #45142)
  • mp4 files without fast start in
  • (@yezhizhen, #45028)
  • (@yezhizhen, #45111)
  • layout (@mrobinson, #44791)

我们发布了多项新的 Web 平台特性:

  • ‘font-kerning: none’ (@simonwuelker, #44634)
  • ‘font-variant-east-asian’ (@simonwuelker, #44989)
  • ‘font-variant-ligatures’ (@simonwuelker, #44903)
  • ‘font-variant-numeric’ (@simonwuelker, #44950)
  • ‘font-variant-position’ (@simonwuelker, #45142)
  • (@yezhizhen, #45028)
  • (@yezhizhen, #45111)
  • 布局支持 (@mrobinson, #44791)

Plus a bunch of new DOM APIs:

  • onslotchange property on Shadow­Root (@jdm, #44688)
  • screen­Left and screen­Top on Window (@TG199, #45128)
  • new Blob() with {endings: “native”} (@yezhizhen, #44803)
  • new Performance­Mark() (@shubhamg13, #44702)
  • parse­HTML() on Document (@kkoyung, #44952)
  • read­As­Binary­String() on File­Reader (@yezhizhen, #44858, #44921)
  • performance.measure() with mark values ‘redirect­Start’, ‘redirect­End’, ‘secure­Connection­Start’, and ‘response­End’ (@shubhamg13, #44673, #44624, #44850, #44739)

此外还有一系列新的 DOM API:

  • Shadow­Root 上的 onslotchange 属性 (@jdm, #44688)
  • Window 上的 screen­Left 和 screen­Top (@TG199, #45128)
  • 支持 {endings: “native”} 的 new Blob() (@yezhizhen, #44803)
  • new Performance­Mark() (@shubhamg13, #44702)
  • Document 上的 parse­HTML() (@kkoyung, #44952)
  • File­Reader 上的 read­As­Binary­String() (@yezhizhen, #44858, #44921)
  • 支持 ‘redirect­Start’、‘redirect­End’、‘secure­Connection­Start’ 和 ‘response­End’ 标记值的 performance.measure() (@shubhamg13, #44673, #44624, #44850, #44739)

We’ve also fixed some build issues on Windows (@mukilan, #45079), FreeBSD (@delan, @mrobinson, @mukilan, #44600), and for anyone building Servo on NixOS or with Nix (@freyacodes, #45051, #45135).

我们还修复了 Windows (@mukilan, #45079) 和 FreeBSD (@delan, @mrobinson, @mukilan, #44600) 上的构建问题,以及在 NixOS 或使用 Nix 构建 Servo 时遇到的问题 (@freyacodes, #45051, #45135)。


Security (安全)

Servo’s JS runtime, SpiderMonkey 140.10.0, had several memory safety bugs that have been fixed in Servo 0.3.0 with the update to SpiderMonkey 140.10.1 (@jschwe, #44755). For more details, see CVE-2026-7322, CVE-2026-7323, and MFSA 2026-36.

Servo 的 JS 运行时 SpiderMonkey 140.10.0 存在多个内存安全漏洞,已在 Servo 0.3.0 中通过升级至 SpiderMonkey 140.10.1 得到修复 (@jschwe, #44755)。更多详情请参阅 CVE-2026-7322、CVE-2026-7323 和 MFSA 2026-36。


Work in progress (开发中)

We’re continuing to implement document.exec­Command() for rich text editing, under —pref dom­_exec­_command­_enabled (@TimvdLippe, #44735, #44973, #44887). This release adds support for the ‘back­Color’, ‘fore­Color’, ‘create­Link’, ‘unlink’, ‘superscript’, ‘subscript’, and ‘remove­Format’ commands (@TimvdLippe, #44644, #44682, #44657, #44710, #44677), plus partial support for the ‘insert­Paragraph’ command (@TimvdLippe, #44909).

我们正在继续实现用于富文本编辑的 document.execCommand(),该功能可通过 --pref dom_exec_command_enabled 开启 (@TimvdLippe, #44735, #44973, #44887)。此版本增加了对 ‘backColor’、‘foreColor’、‘createLink’、‘unlink’、‘superscript’、‘subscript’ 和 ‘removeFormat’ 命令的支持 (@TimvdLippe, #44644, #44682, #44657, #44710, #44677),并初步支持了 ‘insertParagraph’ 命令 (@TimvdLippe, #44909)。

We’re also working on the Sanitizer API, under —pref dom­_sanitizer­_enabled. With the feature now enabled in servoshell’s experimental mode (@kkoyung, #44701), this release adds support for set­Comments(), set­Data­Attributes(), allow­Processing­Instruction(), remove­Processing­Instruction(), and remove­Unsafe() on Sanitizer (@kkoyung, #44734, #44983).

我们也在开发 Sanitizer API,可通过 --pref dom_sanitizer_enabled 开启。该功能现已在 servoshell 的实验模式中启用 (@kkoyung, #44701),此版本增加了对 Sanitizer 的 setComments()、setDataAttributes()、allowProcessingInstruction()、removeProcessingInstruction() 和 removeUnsafe() 的支持 (@kkoyung, #44734, #44983)。

IndexedDB continues to improve, under —pref dom­_indexeddb­_enabled. This release brings a more conformant abort() on IDB­Transaction (@Taym95, #43950). All of the features above are enabled in servoshell’s experimental mode.

IndexedDB 也在持续改进中,可通过 --pref dom_indexeddb_enabled 开启。此版本为 IDBTransaction 带来了更符合规范的 abort() 实现 (@Taym95, #43950)。以上所有功能均已在 servoshell 的实验模式中启用。

We’ve made more progress towards accessibility support, including the name from contents algorithm (@alice, @delan, @mrobinson, #44439) and several changes towards building the accessibility tree incrementally (@alice, @delan, @mrobinson, #44766, #45035, #45207, #44768, #44785, #44801, #44767, #45029). The latter is critical for performance in real-world web content.

我们在无障碍支持方面取得了更多进展,包括“从内容获取名称”(name from contents)算法 (@alice, @delan, @mrobinson, #44439),以及为增量构建无障碍树所做的多项更改 (@alice, @delan, @mrobinson, #44766, #45035, #45207, #44768, #44785, #44801, #44767, #45029)。后者对于提升真实 Web 内容的性能至关重要。

We’re now working on SharedWorker and ServiceWorker, under —pref dom­_sharedworker­_enabled and —pref dom­_serviceworker­_enabled respectively. This release adds support for new Shared­Worker() (@Taym95, #44761), and parts of the ServiceWorker API (@gterzian, @arihant2math, #45082, #44787).

我们目前正在开发 SharedWorker 和 ServiceWorker,分别可通过 --pref dom_sharedworker_enabled--pref dom_serviceworker_enabled 开启。此版本增加了对 new SharedWorker() (@Taym95, #44761) 以及部分 ServiceWorker API (@gterzian, @arihant2math, #45082, #44787) 的支持。


Embedding API (嵌入式 API)

Servo now requires Rust 1.88.0 or newer, up from the old MSRV of 1.86.0 (@sagudev, #44815). We run compile tests with the MSRV, but most of our testing is now done with Rust 1.95.0 (@simonwuelker, #44632).

Servo 现在要求 Rust 1.88.0 或更高版本,之前的最低支持版本(MSRV)为 1.86.0 (@sagudev, #44815)。我们使用 MSRV 进行编译测试,但目前大部分测试是在 Rust 1.95.0 下完成的 (@simonwuelker, #44632)。

Breaking changes to the cookies methods in our SiteDataManager API (@longvatrong111, #44708):

  • Site­Data­Manager::clear­_cookies now takes an additional callback argument, allowing it to be called async – to continue calling it sync, pass None as the callback
  • Site­Data­Manager::clear­_session­_cookies now takes an additional callback argument, allowing it to be called async – to continue calling it sync, pass None as the callback
  • Site­Data­Manager::set­_cookie­_for­_url now takes an additional callback argument, allowing it to be called async – to continue calling it sync, pass None as the callback
  • Site­Data­Manager::set­_cookie­_for­_url­_async has been removed in favour of set­_cookie­_for­_url – to migrate, replace set­_cookie­_for­_url­_async(callback) with set­_cookie­_for­_url(Some(Box::new(callback)))

SiteDataManager API 中的 Cookie 方法发生了破坏性变更 (@longvatrong111, #44708):

  • SiteDataManager::clear_cookies 现在接受一个额外的回调参数,允许异步调用;若要继续同步调用,请将回调参数设为 None
  • SiteDataManager::clear_session_cookies 现在接受一个额外的回调参数,允许异步调用;若要继续同步调用,请将回调参数设为 None
  • SiteDataManager::set_cookie_for_url 现在接受一个额外的回调参数,允许异步调用;若要继续同步调用,请将回调参数设为 None
  • SiteDataManager::set_cookie_for_url_async 已被移除,取而代之的是 set_cookie_for_url。迁移时,请将 set_cookie_for_url_async(callback) 替换为 set_cookie_for_url(Some(Box::new(callback)))

Breaking changes to our Preferences API (@Narfinger, @mrobinson, #44307):

  • threadpools­_image­_cache­_workers­_max, threadpools­_indexeddb­_workers­_max, and threadpools­_webstorage­_workers­_max have been removed in favour of a combined thread­_pool­_workers­_max
  • threadpools­_fallback­_worker­_num has been renamed to thread­_pool­_fallback­_workers
  • threadpools­_async­_runtime­_workers­_max has been renamed to thread­_pool­_async­_runtime­_workers­_max
  • threadpools­_webrender­_workers­_max has been renamed to thread­_pool­_webrender­_workers­_max

Preferences API 发生了破坏性变更 (@Narfinger, @mrobinson, #44307):

  • threadpools_image_cache_workers_maxthreadpools_indexeddb_workers_maxthreadpools_webstorage_workers_max 已被移除,合并为 thread_pool_workers_max
  • threadpools_fallback_worker_num 重命名为 thread_pool_fallback_workers
  • threadpools_async_runtime_workers_max 重命名为 thread_pool_async_runtime_workers_max
  • threadpools_webrender_workers_max 重命名为 thread_pool_webrender_workers_max

We’ve also reworked our DiagnosticsLogging API (@mukilan, #44703):

  • You can now set options with DiagnosticsLogging::toggle­_option, and check if they are enabled with DiagnosticsLogging::is­_enabled
  • Each option is a variant of DiagnosticsLoggingOption, a new type that also has useful methods for exposing these options in embedder UI
  • (Breaking change) DiagnosticsLogging no longer has pub fields representing each option – to migrate, replace field writes and field reads with…

我们还重构了 DiagnosticsLogging API (@mukilan, #44703):

  • 现在可以使用 DiagnosticsLogging::toggle_option 设置选项,并使用 DiagnosticsLogging::is_enabled 检查它们是否已启用。
  • 每个选项都是 DiagnosticsLoggingOption 的一个变体,这是一种新类型,并提供了用于在嵌入器 UI 中展示这些选项的实用方法。
  • (破坏性变更)DiagnosticsLogging 不再包含代表每个选项的公共字段。迁移时,请将字段的读写操作替换为……