New WebKit Features in Safari 12.1

Jonathan Davis – Web Technologies Evangelist for Apple – has done a writeup on the new features that have landed in Safari 12.1, which is included with macOS Mojave 10.14.4 and iOS 12.2. This release delivers web platform features that improve website integration with the operating system, new real-time communication capabilities, more compatible encrypted media […]

Wavethrough – Stealing data from remote sites through (fake) wav files

Jake Archibald discovered a really nice browser bug (which is fixed by now) by which he was able to steal data from remote sites by loading it in as a (fake) wav file. The exploit works as follows: Make a request to evil-script, using a Content-Range header to suggest there’s more data to be loaded […]

“last 2 versions” considered harmful

When using babel-preset-env with the list of supported browsers set to “last 2 versions” – which I am doing used to do – you’re basically supporting browsers that are dead or have no users. Take Internet Explorer for example. It’s been replaced by Edge and will never have any new versions after Internet Explorer 11. […]

Using the new Async Clipboard API

Shipping with Chrome 66 is an implementation of the new Async Clipboard API. Its asynchronous nature makes it the preferred way – over document.execCommand – to perform copy-paste operations in the browser. // Write Text to the Clipboard (e.g. copy) navigator.clipboard.writeText(‘Text to be copied’) .then(() => { console.log(‘Text copied to clipboard’); }) .catch(err => { […]

Extended Validation Is Broken

https://stripe.ian.sh/ is an interesting site by Ian Carroll. See it? Take a closer look at the certificate. Yes, that’s one for “Stripe, Inc” … but, that’s not “Stripe, Inc” is it? This site uses an EV certificate for “Stripe, Inc”, that was legitimately issued by Comodo. However, when you hear “Stripe, Inc”, you are probably […]

Evolution of <img>: Gif without the GIF

In the latest Safari Tech Preview it’s now possible to use MP4 files in <img> tags. Intended use case is short, muted, looping video. Colin Bendell digs deeper into this. By enabling true video formats (like MP4) to be included in <img> tags, Safari Technology Preview has fixed performance and UX problems. With it, our […]

Inside a super fast CSS Engine: Quantum CSS (aka Stylo)

Great writeup on how Firefox’s new CSS Engine “Quantum CSS” works. Also sports a clear and in-depth explanation of the rendering pipeline, with some nice illustrations to go along. You may have heard of Project Quantum… it’s a major rewrite of Firefox’s internals to make Firefox fast. We’re swapping in parts from our experimental browser, […]

Puppeteer – Headless Chrome Node API

Puppeteer is a Node library which provides a high-level API to control headless Chrome over the DevTools Protocol. It can also be configured to use full (non-headless) Chrome. const puppeteer = require(‘puppeteer’); (async () => { const browser = await puppeteer.launch(); const page = await browser.newPage(); await page.goto(‘https://example.com’); await page.screenshot({path: ‘example.png’}); browser.close(); })(); Puppeteer – […]