Web Development

I tested what happens when you paste code into popular online developer tools. Some sites contact 96 external domains, set 540 cookies, and run real-time ad auctions on your data. Here is everything I found.

The goal is to write small, clean, accessible HTML that works on any device, any browser, any screen, even without CSS or JavaScript. A smolwebsite should load on a smartphone from 2010, work in a text browser like Lynx, and be readable on a Braille display. Not because those are common cases, but because if your page works there, it works everywhere.

About Deno:

Deno is an open-source JavaScript runtime for the modern web. Built on web standards with zero-config TypeScript, unmatched security, and a complete built-in toolchain.

Hello, I was looking at WXT extension framework which supports multiple UI frameworks, but they are all JavaScript frameworks only. Is there any alternative way to write Firefox browser extension in a different language (like Rust / Python / Go, etc.) with minimal or no JavaScript, with a ok developer experience?

Transpilation to JavaScript is fine if it is well supported in Firefox with ok developer experience.

I also checked Dart but its support on Firefox does not seem great, like the extension only works on Chrome browsers.

Just noticed that Stackoverflow has a new front end in Beta. I do not like it, however I slowly begin to fear im just another boomer. :( What do people on here think about it?

I think the beta looks just like any other weekend project with cookie cutter elements. There is nothing to differentiate it from other sites that are made after 2020. Current design is also way more concise Im not sure when we started using the whole widescreen for a website. Sure wasted screen estate is unfortunate but long mouse travel times are also uncool.

Learn how to build a lightweight SPA router with true async crossfade page transitions using Vanilla JavaScript, GSAP, and Vite — no framework required.

Recently the idea of serving Markdown to AI agents has gained traction. Cloudflare wrote about it and built a dashboard toggle to convert responses to Markdown automatically, using content negotiation to detect whether the requesting client wants Markdown or HTML.

I'm putting together an API for a project, and one of the requirements is MFA. I'm using TOTP and that all works. I also have facilities to clear the MFA token and regenerate / re-enroll the secret, but I'm wondering what the best practice is for invoking that.

Essentially I need a "forgot password" but for their MFA method (e.g. if they lose their phone or MFA secret).

Would a valid password + validation email be sufficient? Or should I require the user to contact the administrators to reset the MFA? Or something else?

Implementation Notes:

• MFA is required for a password reset, so if their email is compromised, the attacker wouldn't necessarily be able to set a new password
• A valid email address is required and verified at signup.
• If they lose access to their email and MFA, they will have to contact the application administrators for assistance.
• This isn't a "high stakes" application (e.g not banking, healthcare, etc) but I do want to make sure accounts are reasonably secure.

cross-posted from: https://lemmy.bestiver.se/post/946712

Comments

I come with a seemingly simple question: should outbound links be styled differently than intra-site links? For example, the way Wikipedia does it with an icon after the text of the link. Do users care? Did anyone done any research on that?

I’m thinking of situations where you might have a sentence like ‘I’ve written about this before, and recent events around ACME corporation only made me entrenched in my opinion.’ where ‘written about this before’ would be a link to another page on the website and ‘recent events around ACME corporation’ would be link to external site.