Ladybird Browser Soars: Major Progress on Web Standards, Security, and Performance in July Update
Share this article
In a significant leap forward for the independent browser ecosystem, the Ladybird project delivered substantial progress across web standards compliance, security hardening, and rendering performance during July. With 319 pull requests merged from 47 contributors, the open-source browser engine continues its methodical march toward becoming a viable alternative to dominant players—fueled by community backing and technical rigor.
Core Advancements: Standards & Compatibility
Ladybird added 13,090 passing Web Platform Tests, bringing its total to over 1.83 million. This relentless focus on standards bore fruit in critical user-facing fixes:
- postMessage Overhaul: A long-standing deserialization bug blocking Google reCAPTCHA was resolved, though same-origin policy limitations persist for now.
- SVG foreignObject Integration: Major improvements in layout and style resolution now enable seamless HTML embedding within SVG content—a notoriously complex specification edge.
- CSS Pseudo-Element Upgrades: Added content: url(...) support for ::before/::after, plus new pseudo-classes :open and :closed for modern component and form styling.
Performance & Security Leap
Performance saw two standout enhancements:
1. High Refresh Rate Rendering: By dynamically detecting display refresh rates (up to 120Hz), animations, scrolling, and requestAnimationFrame calls now run dramatically smoother.
2. HTTP/3 Support: Leveraging curl 8.14.0+ and OpenSSL, Ladybird now negotiates HTTP/3 via Alt-Svc headers—with the team even contributing a parsing fix upstream to curl.
Security took a major step with initial Trusted Types implementation, enforcing type-safe DOM writes to mitigate XSS risks. This locks down dangerous sinks like innerHTML and script.src using developer-defined policies, narrowing attack surfaces.
Under-the-Hood Engine Upgrades
- CSS Substitution Functions:
var()andattr()were rewritten as formal "arbitrary substitution functions," future-proofing support forenv()andif(). - Logical Property Compilation: Logical-to-physical CSS property mappings (e.g., margin groups) now generate at compile time, boosting style manipulation performance.
- Houdini Progress:
@propertyrules andCSS.registerProperty()gained initial support, advancing variable syntax control. - UTF-16 Strings: LibJS transitioned from UTF-8 to native UTF-16 strings—eliminating transcoding bugs and aligning with web standards.
Why This Matters
Ladybird isn’t just chasing specs; it’s proving that a small, independent team can tackle foundational browser challenges—from low-level string encoding to security primitives—while prioritizing open collaboration. Each fix, like the postMessage breakthrough, unlocks real-world sites (e.g., reCAPTCHA), while architectural shifts like UTF-16 strings prevent entire classes of Unicode edge cases.
As sponsors rally behind the project, July’s progress underscores Ladybird’s growing capability to reshape expectations for what community-driven browser innovation can achieve. The path remains long, but the trajectory is unmistakable.