What's new in this version:
- Icons in Tabs: Enable in Preferences to identify tabs visually with website icons.
- Automatic Strong Passwords: Safari now automatically generates strong, unique passwords when signing up for accounts or changing passwords on websites.
- 3D & AR Model Viewer: View 3D models or jump into an AR viewing experience in Safari on iOS 12.
- Web Pages on watchOS: View web pages and HTML messages from Mail and Messages on watchOS 5 with Apple Watch Series 3.
- Added support for automatically generating strong, unique passwords in account creation and change password scenarios.
- Added support for generating passwords that are compatible with website password format requirements with the passwordrules attribute.
- Added support for suggesting user names during sign-up flows in Safari.
- Use the username, current-password, and new-password values for the autocomplete attribute (e.g. ) to help Safari understand your credential-related forms.
Security Code AutoFill (new in Safari 12 on macOS 10.14 and iOS 12):
- Added support for filling security codes delivered over SMS.
- Tag text fields using the one-time-code value of the autocomplete attribute (e.g. ) to ensure that Security Code AutoFill is offered.
- Use text messages with a numeric sequence near the word “code” (e.g. “Your secure login code is: 123456”).
- 3D & AR Model Viewer on iOS:
- Added support for viewing USDZ AR models embedded in websites.
Fullscreen API on iOS for iPad:
- HTML elements can be viewed in fullscreen on iPad.
CSS and Text Features:
- Font Collections: Added support for font collections in WOFF2 and TTC files.
- OpenType SVG: Added support for defining letterforms in OpenType fonts using SVG.
- Font-display: Added support for the font-display CSS property to declaratively control web font loading behaviors.
Updated HSL and HSLA Syntax:
- Improved HSL and HSLA parsing to match the CSS Color Module Level 4 specification.
Security and Privacy:
- Intelligent Tracking Prevention 2.0:
- Improved Intelligent Tracking Prevention to permanently partition cookie access in third-party contexts, add a user prompt to the Storage Access API, detect bounce trackers and purge their website data, identify tracker collusion, and send origin-only headers for third-party tracker requests.
- Added support for specifying cookies that shouldn’t be sent for cross-site requests.
- cross-origin-window-policy: Added support for cross-origin-window-policy to defend against Cross Site Script Inclusion attacks.
- cross-origin-resource-policy: Added support for cross-origin-resource-policy to defend against Cross Site Script Inclusion attacks.
Updated X-Frame-Options and CSP:
- Updated X-Frame-Options and CSP frame-ancestors to give authors stronger defenses against cross-site framing.
Web Inspector and Tools: WebGL Shader Debugging:
- Added support for debugging WebGL shaders in the Canvas tab.
- Safari WebDriver now implements the protocol as defined by the W3C WebDriver specification.
- Deprecated .safariextz-style Safari Extensions: Support for .safariextz-style Safari Extensions installed from the Safari Extensions Gallery is deprecated with Safari 12 on macOS. Submissions to the Safari Extensions Gallery will no longer be accepted after December 2018. Developers are encouraged to transition to Safari App Extensions.
- Disabled canLoad Safari Extensions on first launch: Safari Extensions that make use of the canLoad event will be disabled on first launch and users will be notified with a warning that their use is harmful to performance. These extensions can be enabled in Safari Extensions preferences. Developers are encouraged to move to Content Blocker Extensions.
- Removed Support for Developer-signed .safariextz Safari Extensions: Support for developer-signed .safariextz Safari Extensions in Safari 12 on macOS has been removed. They no longer appear in Safari preferences and cannot be enabled. On first launch users will receive a warning notification and these extension will not load.
Legacy NPAPI Plug-ins:
- Removed support for running legacy NPAPI plug-ins other than Adobe Flash.