Tag Archives: HTML

Replacing the Jet Engine While Still Flying

Firefox is taking a one-piece-at-a-time strategy to replace the Gecko rendering engine with a modern one coded in Rust.

 

Mozilla’s been working on a brand new, top-secret engine. Except it’s totally not top-secret. Never was. At another company it would have been a top-secret project. At Mozilla, it’s all done out in the open.

The project is called Servo. It was started as an experiment. It’s coded in a new programming language called Rust. (Gecko is written in C++.) And it’s open source. You can totally help us make it.

Read more from the source: jensimmons.com

Writing Less Damn Code

The better you understand the newest HTML and CSS, you’ll find that much of the code we write can be eliminated altogether

 

But it turns out the only surefire way to make performant Web Stuff is also to just write less. Minify? Okay. Compress? Well, yeah. Cache? Sounds technical. Flat out refuse to code something or include someone else’s code in the first place? Now you’re talking.

Read more from heydonworks.com

The target=”_blank” phishing attack vector

If you use target=”_blank” you need to also use rel=”noopener noreferrer”

 

Ben Halpern writes:

If you use the target=”_blank” attribute on a link, and do not accompany it with a rel=”noopener” attribute, you are leaving your users open to a very simple phishing attack.

When a website uses target=”_blank” on their links in order to open a new tab or window, that website gives the new page access to the existing window through the window.opener API, allowing it a few permissions. Some of these permissions are automatically negated by cross-domain restrictions, but window.location is fair game.

In order to restrict the behavior window.opener access, the original page needs to add a rel=”noopener” attribute to any link that has target=”_blank”. However, Firefox does not support that tag, so you should actually use rel=”noopener noreferrer” for full coverage. Some amount of prevention can be acheived through scripting, though, as observed with Twitter, this seems to fail on Safari.

Read more from The Practical Developer

normalize.css hits 4.0

I ran into an IE 9 – 11 bug last night that would have been fixed with a css reset and now I have more respect for normalize.css

 

What does it do?

  • Preserves useful defaults, unlike many CSS resets.
  • Normalizes styles for a wide range of elements.
  • Corrects bugs and common browser inconsistencies.
  • Improves usability with subtle modifications.
  • Explains what code does using detailed comments.

Read more and download on GitHub

Styling Broken Images

Use :before and :after pseudo-elements with an attr() expression to make broken images look snazzy

 

Broken images are ugly. But they don’t always have to be. We can use CSS to apply styles to the element to provide a better experience than the default. Two Facts About The Element To understand how we can style broken images, there

Read how at bitsofcode