You Might As Well Use a Content Security Policy
Content Security Policies, even for simple, content-focused sites, offer good protection against rare but real vulnerabilities out there. You might as well just get one.
Read ItPosts
-
-
Avoiding a "Host Permission" Review Delay When Publishing a Chrome Extension
Get a Chrome extension reviewed a smidge more quickly by more carefully executing its client-side scripts only when they're needed.
Read It -
Collect All Requested Images on a Website Using Puppeteer
Walking through how I used Puppeteer to programmatically collect every image loaded when a page is viewed in the browser.
Read It -
TIL: inline event handlers still fire when passed to React's dangerouslySetInnerHTML
Even though it won't run <script> tags, React's dangerouslySetInnerHTML still allows inline event handlers to execute. Here's how you might neutralize that threat.
Read It -
Streaming Text Like an LLM with TypeIt (and React)
We're getting real familiar with seeing LLMs stream chunks of text to a page. Here's a simple demonstration of how you'd mimic the effect with TypeIt.
Read It -
I didn't know you could use sibling parameters as default values in functions.
Default parameter values have been in JavaScript for a while. But I just found out you can use sibling parameters as the default values themselves.
Read It -
Empty Building
I’ve started to notice my stomach bunch up when I come across #BuildInPublic hashtags, or see people throw around phrases like: “Forget everything else. Just get out there and build.”“It’s all about building cool stuff together.”“The future belongs to the builders.”“Stop talking. Start building.”“So much to build, so little time.”At first,
Read It -
JamComments Now Offers AI-Powered Moderation
You can now use an LLM to moderate new comments submitted through JamComments. Here's the why and how.
Read It -
It Might Be Worth Converting that GIF to an Animated WebP
The animated GIF has become a key piece of today’s meme culture, despite being around decades prior. But there are serious technical advantages to
Read It -
Exploring the Possibilities of Native JavaScript Decorators
frontendmasters.comNative support for decorators is inevitable! It simplifies augmenting class methods, which can help with things like logging, memoization, debouncing, and dependency injection.
Read It -
How to Back Up Self-Hosted Plausible Analytics Data to an R2 or S3 Bucket
Services like S3 and R2 can be invaluable when self-hosting Plausible Analytics. Let's walk through what it looks like to use them for automated backups a simple cron job.
Read It -
On Building Structured Data with Client-Side JavaScript
Thinking through some of the trade-offs and benefits in using client-side JavaScript to generate structured data.
Read It -
Control JavaScript Promises from Anywhere Using Promise.withResolvers()
frontendmasters.comA guest post I had the privilege of writing for the Frontend Masters blog.
Read It -
Re-Enabling Emails for Ghost CMS Members
After upgrading my self-hosted instance of Ghost CMS, a significant number of my members' emails were inappropriately disabled. Here's how I went about fixing it (for now).
Read It -
Adding Structured Data in Astro's Starlight Documentation Framework
Astro's Starlight documentation theme is great, but currently lacks support for building structured data (JSON-LD). Fortunately, it's easy enough to roll yourself by overriding a component.
Read It