Basilisk 2023.11.05

This is a major development and security update.

• Added an initial implementation of the ReadableStreams API, improving web compatibility with sites that apparently use this API in utilitarian fashion.
• Added support for transparency in WebM videos for the edge case of using <video> elements for transparent animated images. Major caveat: this will massively impact performance of video playback if an alpha channel is present in the video.
• Added support for crypto.randomUUID to allow website scripting to generate random UUIDs (universally unique identifiers) through the WebCrypto interface.
• Removed the user-agent override for Netflix, since they have stopped supporting the Silverlight browser plugin. Basilisk no longer has a way to provide Netflix DRM-controlled playback with them dropping it, so there is no longer a reason to try and force compatibility.
• Updated the user-agent override for Spotify. While it is possible to use the website with this, it suffers from the same DRM issue and not all media will be playable (only non-encumbered media can be played in Basilisk like podcasts). Your mileage may vary.
• Implemented timer nesting and clamping for workers, preventing timer hangs on bad website code.
• Improved handling of drawing SVG images on canvases without explicit width or height attributes. We now follow the css-sizing-3 Intrinsic Sizes spec.
• Improved performance of our memory allocator.
• Updated libvpx to 1.6.1.
• Cleaned up and updated some media playback code.
• Removed the last vestiges of EME/DRM code from UXP, since this will never be supported in any application building on it due to the media industry's draconic policies around FOSS.
• Removed support for DRM from Basilisk as a followup to the EME/DRM removal in UXP.
• Removed simd.js, moving actually used SIMD handling to C++.
• Removed the use of libav in our source, replacing its supply of FFT with the equivalent from FFMpeg.
• Fixed potential type confusion in IonMonkey due to 3-byte opcodes.
• Fixed an issue with tooltips persisting even if the browser window would have lost focus.
• Fixed PerformanceObserver navigation and resource timing (default disabled for privacy); our implementation now fully passes conformance tests.
• Fixed an issue where top-level SVG images would not be correctly clipped by positioned elements, giving the impression of wrong z-ordering as the SVG would overlap other elements.
• Dev: Updated setInterval to fall back to 0 if no duration is supplied.
• Dev: Updated ResizeObserver to a recent spec change, now returning an array of results for borderBoxSize and contentBoxSize instead of an object.
• Dev: Updated Intl.NumberFormat and DefaultNumberOption() to follow spec updates. Most importantly for web compatibility, we now allow the "maximumFractionDigits" option in Intl.NumberFormat to be less than the default minimum fraction digits for the chosen locale, following the general consensus in TC39 around this issue.
• Increased leniency (removed upper limit) of GLSL versions as they tend to be fully backwards compatible.
• Fixed various crashes.
• Added a safeguard to the sec-gpc header (Global Privacy Control) so it cannot be inadvertently overwritten.
• Removed the 360 Secure Browser profile migrator from Basilisk.
• WebRTC Spec Improvements.
• Add ability toggle WebRTC and WebAssembly under Tools->Preferences->Content.
• Enable PerformanceObserver by default in Basilisk.
• Security fixes: addressed CVE-2023-5722, CVE-2023-5723, CVE-2023-5724, CVE-2023-5727 and several other issues without a CVE number assigned to them.
• UXP Mozilla security patch summary: 6 fixed, 2 DiD, 19 not applicable.