every week I learn so many new things about front-end development. By building various kinds of projects, by talking to other developers, by reading new articles. Of course, it can be overwhelming, but to me this is the best part of the job. By sharing and talking to other people, my job gets more interesting.
For example, this week I learned how to build malicious links with
target="_blank", I learned how CSRF works, and how important it is that an icon clearly indicates what it is thought for — the latter after I implemented the icons and only found some of them helpful as I saw the fallback/title text for them. Always stay curious.
- What’s new in Chromium 49 and Opera 36? They support ES6 default function parameter values, ES6 destructuring assignment, ES6 Proxy and Reflect, CSS Custom Properties,
<a rel=noopener>(see article in the security section), and many things more.
- With the provocative title “Frameworks don’t make much sense — good coders code, great coders reuse”, Peteris Krumins writes about why he thinks it’s not sustainable to focus on learning frameworks and why he sees them as an anti-pattern for software development.
- You remember Project Comet, that had been announced back in December by Adobe? After some months of development, they now share it as a public preview that everyone can use for free. If you’ve never heard of it before, it’s a great new way for designers to build prototypes for websites and mobile apps.
- Wes Bos’ new slide deck about modern workflow and tooling in front-end development is pretty interesting and gives you some insight if you want to know if your workflow is still state-of-the-art.
target="_blank"can be abused to serve malicious links is shown in this demo by Mathias Bynens.
- Mozilla implemented a new block-all-mixed-content CSP directive that lets websites opt-in to hard-fail on mixed content (it won’t be shown and no warning will be triggered).
- Do you know how a Cross-Site Request Forgery works? There is now an infographic that visually explains how CSRF works.
- If you run git on a server, if you use git, please update your software clients immediately. An exploit has been published that allows remote code execution in all versions up to 2.7.4 (the version containing the fix).
- What happens when a surveillance state becomes an affordable gadget? Maybe it doesn’t faze you that your local police has a $400,000 device that listens in on cell phones. But how do you feel when your neighbor has a $1,500 version? In most countries it’s illegal to buy such devices, however, a recent study revealed that anyone can buy one very easily nonetheless.
HTML & SVG
- If you use React, it’s relatively easy to implement an SVG icon system with the
<use>element. But Sarah Drasner found an even better way that uses React’s core principles of a virtual DOM.
- Rodney Rehm published the first big update to his amazing accessibility library ally.js. Version 1.1 has completely rewritten tests, supports way more browsers, and is even more reliable to handle focus states on your web application. And finally, you can also learn a lot about how to maintain an open-source project — just look at the incredibly detailed release notes or at the test suite that’s behind it.
- If you want to know if a specific node.js version supports some ECMAScript language feature yet, here is an article that explains how you can find that out. http://node.green/
- Toggling passwords is considered a great UX pattern for users. On the other hand, there are some risks and challenges that you should know of. Avoid caching of the passwords and disabling autofill managers by following this short article.
- Adam Morse shares his experience with user testing web projects and sums up what he thinks about using web fonts in the context of providing a good user experience. I have to admit that while it can be cool and necessary to use a web font, it often doesn’t have to be. A lot of projects don’t care about using a proper fallback font that matches the web font — and these days, with content and privacy blockers available for every device, there are a lot of people not seeing any web fonts at all.
Work & Life
- One year after being fired, Zach Holman wrote up his knowledge on Firing People. A great read for both, employees and employers.
- Casey Gerald gave a great talk at this year’s SXSW questioning the traditional approach of doing work and also asking the question “With all the power we hold in our hands, why are people still suffering?”
- “Most offices are the average of what works for everyone,” says Mike Del Ponte, who believes that companies should offer employees the best of both worlds — working remote and on-site — to employees and give them the choice of both. We’ve already seen a lot of such articles but what I found particularly interesting here is that the article is talking about benefits of on-site work as well as remote work and puts both into perspective.