If you use target=”_blank” you need to also use rel=”noopener noreferrer”
Ben Halpern writes:
If you use the target=”_blank” attribute on a link, and do not accompany it with a rel=”noopener” attribute, you are leaving your users open to a very simple phishing attack.
When a website uses target=”_blank” on their links in order to open a new tab or window, that website gives the new page access to the existing window through the window.opener API, allowing it a few permissions. Some of these permissions are automatically negated by cross-domain restrictions, but window.location is fair game.
In order to restrict the behavior window.opener access, the original page needs to add a rel=”noopener” attribute to any link that has target=”_blank”. However, Firefox does not support that tag, so you should actually use rel=”noopener noreferrer” for full coverage. Some amount of prevention can be acheived through scripting, though, as observed with Twitter, this seems to fail on Safari.
Read more from The Practical Developer
When? var => never. const => for objects and arrays. let => for primitives
Remy Sharp writes:
As I slowly make my way into the land of ES6 (sure I started mid-2016 when all the cool kids were doing it for years) I’ve been presented with the problem of: when do you use const and when do you use let and do I still use var.
Read more from the source: remysharp.com
Test units of code, pieces together, or the full-fledged application
To help with that problem, in this article I’ll give you a guide comparing the different kinds of testing types available, and some recommendations for their use.
Read the article at codeutopia.net
MS Edge adds ES6 features including import and export
Most of ES2015 (aka ES6) language support is already available in Edge, and last week’s Windows Insider Preview build 14342 brings more ES6 capabilities including modules, default parameters, and destructuring. We’re not stopping there – Edge also supports all ES2016 (aka ES7) proposals – the exponentiation operator and Array.prototype.includes – as well as future ECMAScript proposals such as Async Functions and utility methods like Object.values/entries and String.prototype.padStart/padEnd.
Read more from the source: Microsoft Edge Dev Blog
Come on TC39, V8 and Node have implemented all but the most obscure parts of ES6–where is the standard for import?
NodeJS 6.1 passes 96% of ES6 tests, failing only on proper tail calls, iterator closing, and some Proxying of internal `get` calls.
But no standard is in sight for resolving resources based on the string in import statements.
View the compatibility table results at node.green
This is a demonstration of all the data your browser knows about you. All this data can be accessed by any website without asking you for any permission.
Run the test for yourself at webkay.robinlinus.com