| title | description | author | ms.author | ms.topic | ms.service | ms.date |
|---|---|---|---|---|---|---|
Microsoft Edge 136 web platform release notes (May 2025) |
Microsoft Edge 136 web platform release notes (May 2025) |
MSEdgeTeam |
msedgedevrel |
conceptual |
microsoft-edge |
04/02/2025 |
The following are the new web platform features and updates in Microsoft Edge 136, which releases on May 1, 2025.
To stay up-to-date and get the latest web platform features, download a preview channel of Microsoft Edge (Beta, Dev, or Canary); go to Become a Microsoft Edge Insider.
Detailed contents:
- Edge DevTools
- WebView2
- Web platform features
- CSS features
- Web APIs
- AudioContext
interruptedstate - Blob URL partitioning
- Partitioning
:visitedlinks history - Navigation initiator used in the HTTP cache partition key
- Call stacks in crash reports from unresponsive web pages
- Captured surface control
- Captured surface resolution
- Dispatching click events to captured pointer
- Explicit compile hints with magic comments
- H265 (HEVC) codec support in WebRTC
- H26x codec support updates for MediaRecorder
- Language support for
CanvasTextDrawingStyles - Permissions Policy reports for iframes
- Predictable reported storage quota
- Strict Same-origin policy for Storage Access API
- Use the
doubletype for ProgressEvent'sloadedandtotalattributes getCharNumAtPosition,isPointInFill, andisPointInStrokenow useDOMPointobjects- Web Authentication Conditional Create
- Return multiple identity providers in a single FedCM
get()call RegExp.escape()
- AudioContext
- Deprecated and removed features
- Origin trials
See What's New in Microsoft Edge DevTools.
See Release Notes for the WebView2 SDK.
The view-transition-name CSS property supports two new values, to avoid having to invent unique names for elements that participate in a view transition:
-
match-element- Generates a unique ID that's based on the element's identity. This value is useful in single-page apps where the element that's animated with a view transition is being moved in the DOM. -
auto- Generates a unique ID that's based on the element'sidattribute. This value only takes theidattribute into account, and ignores the type of element. This approach enables a view transition to work across multiple pages of an app, where elements with the sameidattribute may be of different types.
See Determining view-transition-name automatically.
The dynamic-range-limit CSS property allows limiting the maximum brightness of High Dynamic Range (HDR) content.
See Controlling Dynamic Range, in CSS Color HDR Module Level 1.
Per specification, the browser now ignores the letter-spacing CSS property when rendering cursive scripts, to avoid breaking words.
If possible, the browser may apply letter spacing by translating the extra space into cursive elongation or compression. If the text cannot be expanded without breaking cursive connections, the browser treats each word as a single typographic unit for letter spacing.
Proper cursive elongation or compression varies, based on:
- Script.
- Typeface.
- Language.
- Word location.
- Line location.
- Implementation complexity.
- Font capabilities.
- Calligraphic preferences.
Proper cursive elongation or compression may involve shortening:
- Ligatures.
- Swash variants.
- Contextual forms.
- Elongation glyphs.
Avoid applying the letter-spacing property to cursive scripts, unless you can accept non-interoperable results.
See letter-spacing at MDN.
In the attr() CSS function, instead of using a string type, use the raw-string type instead.
For example, attr(data-foo string) is now attr(data-foo raw-string).
See attr() at MDN.
The var() CSS function accepts a fallback value as its second argument, in case the referenced custom property doesn't exist, or is invalid:
width: var(--undefined-width, 100px)
Previously, when the referenced custom property was registered with a specific type, by using the @property rule, the fallback value of a var() function only applied if it was of the same type as the referenced custom property.
This change allows the fallback value to be of any type, regardless of the type of the referenced custom property.
See var() and @property at MDN.
The print-color-adjust CSS property now works without the -webkit- prefix.
The print-color-adjust property allows adjusting colors in a printed web page.
See print-color-adjust at MDN.
Overlay and non-overlay scrollbars now match the Fluent design language on Windows and Linux.
See Fluent Scrollbars Visual Spec.
The AudioContextState interface now has an interrupted state. The interrupted state allows the browser to pause playback in scenarios such as when using exclusive audio access (VoIP) or when a laptop lid is closed, and enables the web app to respond appropriately.
See AudioContext at MDN.
Blob URL access is now partitioned by storage key. Storage keys are top-level sites, frame origins, and the has-cross-site-ancestor boolean. Top-level navigations remain partitioned only by frame origin.
Partitioning Blob URL access by storage key is similar to what's currently implemented by both Firefox and Safari. This aligns Blob URL usage with the partitioning scheme that's used by other storage APIs as part of Storage Partitioning.
Along with that change, Microsoft Edge now enforces noopener on renderer-initiated top-level navigations to Blob URLs, where the corresponding site is cross-site to the top-level site that's performing the navigation. This aligns with similar behavior in Safari and with the corresponding specifications.
Blob URL partitioning can be temporarily reverted by setting the PartitionedBlobUrlUsage policy. If this policy is set to Enabled or is not set, Blob URLs are partitioned. If this policy is set to Disabled, Blob URLs are not partitioned.
See Access restrictions on blob URLs in the File API specification.
To eliminate leaking the user's browsing history, an HTML <a> element is now styled as :visited only if the link has previously been clicked from the top-level site and frame origin. Microsoft Edge now partitions visited links according to three keys:
- The link URL.
- The top-level site.
- The frame origin.
By only styling links that have been clicked on this site and frame before, side-channel attacks that obtain :visited links styling information are prevented.
Self-links are excluded from this protection; a link to a site's own pages can be styled as :visited even if the link hasn't been clicked on in this exact top-level site and frame origin before. This exemption is only enabled in top-level frames or subframes which are same-origin with the top-level frame.
See Explainer: Partitioning :visited links history.
The browser's HTTP cache keying scheme now includes the boolean is-cross-site-main-frame-navigation. Use this boolean to mitigate cross-site leak attacks that involve top-level navigation.
This boolean prevents a cross-site attack in which the attacker initiates a top-level navigation to a given page and then navigates to a resource that's known to be loaded by the page, in order to infer sensitive information via load timing.
This change also improves privacy by preventing a malicious site from using navigations to infer whether a user has previously visited a given site.
When a webpage becomes unresponsive due to JavaScript code running a very long computation, such as an infinite loop, the Javascript call stack is recorded and included in the crash report that's sent to the Reporting API server endpoint that's configured by the website.
See Reporting API at MDN.
The CaptureController API allows a video-conferencing app to control the zoom level and scroll position of the content of a browser tab that's used with screen sharing.
See the Captured Surface Control specification.
The screenPixelRatio property of the MediaStreamTrack API exposes the pixel ratio of the captured surface while screen sharing.
This property allows an app to preserve system resources or adapt to the quality vs. bandwidth tradeoff, based on the physical resolution and logical resolution of the captured surface.
See screenPixelRatio in the Screen Capture specification.
If a pointer is captured while the pointerup event is being dispatched, the click event is dispatched to the captured target instead of being dispatched to the nearest common ancestor of pointerdown and pointerup events.
The click target remains unchanged for uncaptured pointers.
See Event dispatch in the Pointer Events specification.
Magic comments are comments that send a signal to the browser that the functions in a JavaScript file are likely to be needed by the website. This allows the browser to parse, compile, or cache the functions eagerly, which can improve page load times.
In JavaScript, magic comments are comments that start with //#.
See Explainer for Explicit JavaScript Compile Hints.
The H265 (HEVC) codec has increased compression efficiency (higher quality per bitrate) relative to VP8/VP9/H264, and has very strong hardware support.
Support for the H265 (HEVC) codec in WebRTC improves the visual experience, increases battery life, and reduces the risk of performance issues.
See WebRTC API at MDN.
The MediaRecorder API now supports HEVC encoding. This introduces the hvc1.* codec string, and adds new codecs (hev1.* and avc3.*), which support variable resolution video in MP4.
The MediaRecorder API now supports both MP4 and Matroska (*.mkv) formats with different HEVC and H.264 mime type specifications. HEVC encoding is only supported if the user's device and operating system provide the necessary capabilities.
See MediaRecorder at MDN.
The lang attribute can now be set on a <canvas> or OffscreenCanvas context. This allows you to specify the language for text drawing and metrics in canvas. Specifying the language is important for correct rendering of text in different languages, especially when rendering or measuring text content offscreen before outputting it to a visible canvas.
See OffscreenCanvas at MDN.
Permissions Policy violation reports for cross-origin iframes are only sent to the iframe's reporting endpoint and not to the embedder's reporting endpoint, because of the concern that it might leak sensitive information about a cross-origin iframe. However, this makes it difficult for a site to enforce Permissions Policy, because the site can't learn about breakages in cross-origin iframes.
The new violation called Potential Permissions Policy violation analyzes:
- The existing Permissions Policy (including
report-onlypolicy). - The
allowattribute set in iframes.
Based on the above, the violation detects the conflict between the enforced Permissions Policy and the permissions being propagated to iframes.
See Feature: Permissions Policy reports for iframes at Chrome Platform Status.
The StorageManager's estimate now reports a predictable storage quota for sites that have limited storage permissions.
This prevents the detection of a user's browsing mode via the storage API by reporting an artificial quota. The quota is the current usage + 10 gibibytes, in all browsing modes.
Sites with unlimited storage permissions and enforced quotas are unaffected.
See Storage quotas and eviction criteria at MDN.
The Storage Access API now follows the Same-origin policy.
By default, using document.requestStorageAccess() in a frame only attaches cookies to the requests that are made to the iframe's origin. The CookiesAllowedForUrls policy and storage access headers can still be used to unblock cross-site cookies.
See Storage Access API at MDN.
The loaded and total attributes of a ProgressEvent indicate the current progress. The type of these attributes is now a floating point number between 0 and 1, which aligns ProgressEvent with the default behavior of the <progress> HTML element, when the max attribute is omitted.
See ProgressEvent at MDN.
To match the SVGGeometryElement and SVGPathElement specifications, the getCharNumAtPosition, isPointInFill, and isPointInStroke methods now use DOMPoint objects instead of an SVGPoint objects.
See DOMPoint at MDN.
A WebAuthn Conditional Create request lets a website create a passkey without prominent modal mediation, if the user previously consented to credential creation.
See conditional in the Credential Management specificiation.
The Federated Credential Management API (FedCM) can now show multiple identity providers in the same dialog.
The get() method now returns all providers in a single call. This allows a website to present all supported identity providers to users.
See Federated Credential Management (FedCM) API at MDN.
The RegExp.escape() static method takes a string and returns an escaped version of that string, which can be used as a pattern inside a regular expression.
See RegExp.escape() at MDN.
The AutomaticHttpsDefault policy is supported but discouraged in Microsoft Edge 136, and is planned to be removed in Microsoft Edge 139. Instead, use the new HttpsUpgradesEnabled policy, which is available starting in Microsoft Edge version 136.
The Intl.Locale API exposes information for a locale, including its week elements and its hour cycle type, such as 12-hour clock, Japanese 12-hour clock, or 24-hour clock.
The accessor properties of the Intl.Locale object are now deprecated, in favor of the corresponding functions, per the specification. For example, the Intl.Locale.prototype.hourCycle accessor property is deprecated in favor of the Intl.Locale.prototype.getHourCycles() function.
See Intl.Locale at MDN.
The following are new experimental APIs that you can try on your own live website for a limited time.
To learn more about origin trials, see Use origin trials in Microsoft Edge.
To see the full list of available origin trials, see Microsoft Edge Origin Trials.
Expires on December 16, 2025.
New implementation of measureText(), fillText(), and strokeText() for the CanvasRenderingContext2D API. You can compare the performance of these methods against the previous implementation of these methods.
Expires on January 27, 2026.
This feature allows a page to set a non-default device for all audio output from the page, including its child frames.
Expires on October 14, 2025.
The PerformanceNavigationTiming object now includes a confidence field. Use the confidence field to evaluate whether navigation timings accurately reflect your web app's performance. The data initially contains some noise, because this field employs differential privacy, to safeguard user privacy. By gathering this field in your Real User Monitoring (RUM) data, you can filter out the noise with enough records to analyze trends and gain meaningful insights over time.
Expires on June 30, 2025.
The Acquisition Info API supports 3P acquisition attribution for PWAs that were acquired through an app store or directly from the browser.
Expires on September 9, 2025.
Enable legacy CSS -ms-high-contrast media query and -ms-high-contrast-adjust property.
See Deprecating support for -ms-high-contrast and -ms-high-contrast-adjust.
Note
Portions of this page are modifications based on work created and shared by Chromium.org and used according to terms described in the Creative Commons Attribution 4.0 International License.