Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

WDRL ― Edition 251: Clear Site Data, Edge will use Chromium, Register you SPA a ...

0
0

Hey,

The web gets more complicated every week. With each new feature added to browsers, being explored by security reasearchers and other things, it gets harder for developers to grasp all that. Don’t get me wrong ― it’s not that I dislike all the new features, I really like many of them. But I also realise that many of them are being built for edge-cases, for specific services that need them. The normal developer will never need it and yet, it’s part of their learning curve, part of books, videos and other educational material. It’s hard to stay sane, to not learn everything new as developer. I just want to assure you this week that this is fine. You shouldn’t quit learning new stuff but stay confident that your job will not cease to exist just because you know how to use the latest new javascript Web Sharing API or how to use a new Clear Site-Data header. It’s fine to not know everything ― pick your knowledge wisely. Count on others to help you and have a strategy to learn new things once you really need to use them.

News Microsoft just announced that they change their strategy with Edge : They’re going to use Chromium as browser engine on the Desktop instead of EdgeHTML and might even provide Microsoft Edge for macOS then. They’ll also from now on help development on the Blink engine. Chrome 71 is out and brings relative time support via the Internationalization API and Speech synthesis now requires user activation. Safari Technology Preview 71 is out and brings supported-color-schemes in CSS, and adds Web Authentication as an experimental feature. UI/UX Matthew Strm on the importance of fixing things later, of not being perfect . Security Scott Helme shares information about a new security header that we can make use of: Clear Site Data allows site owners to clear data from cache, (local/session/permanent)storage, or cookies. This could be useful to delete sensitive or private data stored in localStorage or authentication cookies easily. We knowby now that using rel=noopener is a good idea for target=_blank link elements. Now Firefox experiments with automatically substituting rel=noopener in the browser to ensure, the security attack can’t be abused. Web Performance How do WebP image file sizes compare to the best performing JPEG optimizations? Daniel Aleksandersen shows the numbers and concludes that WebP does a pretty amazing job to beat other optimized formats nearly every time. JavaScript In Chrome 71 there’s the new Background Fetch available behind flags and brings the possibiliy of fetching resources like big movies in the background. Pete LePage explains how we can register a service as Share Target with the Web Share Target API . Is it still a good idea to use JavaScript for loading web fonts? Zach Leatherman shares why we should decide case by case today and for most use-cases modern CSS using font-display: swap; is best. CSS Here we go: CSS Environment Variables are coming and here’s why we need it in addition to Custom Properties and why it’s a great idea. Andy Bell explains how we can use CSS Custom Properties to manage flow and rythm in our layout well. A nice example that goes beyond the usage of Custom Properties for color values. Work & Life Sandor Dargo on how he managed to do his job properly again and avoiding distrations during work time .

Last week I has a link to Mozilla’s Privacy Guide ― here it is , the former one was broken.

―Anselm


Viewing all articles
Browse latest Browse all 12749