Menu Search
Jump to the content X X
Smashing Conf New York

We use ad-blockers as well, you know. We gotta keep those servers running though. Did you know that we publish useful books and run friendly conferences — crafted for pros like yourself? E.g. upcoming SmashingConf Barcelona, dedicated to smart front-end techniques and design patterns.

Web Development Reading List #129: CSRF, Modern Tooling And The UX Of Web Fonts

Every week I learn so many new things about front-end development. By building various kinds of projects, by talking to other developers, by reading new articles. Of course, it can be overwhelming, but to me this is the best part of the job. By sharing and talking to other people, my job gets more interesting.

For example, this week I learned how to build malicious links with target="_blank", I learned how CSRF works, and how important it is that an icon clearly indicates what it is thought for — the latter after I implemented the icons and only found some of them helpful as I saw the fallback/title text for them. Always stay curious.

News Link

  • What’s new in Chromium 49 and Opera 361? They support ES6 default function parameter values, ES6 destructuring assignment, ES6 Proxy and Reflect, CSS custom properties, "a rel=noopener" (see article in the security section), and many things more.

General Link

Tools Link

Security Link

Infographic explaining CSRF8
Cross-site request forgery9 (CSRF) visually explained. (Image credit: Barricade10)

Privacy Link

  • What happens when a surveillance state becomes an affordable gadget? Maybe it doesn’t faze you that your local police has a $400,000 device that listens in on cell phones. But how do you feel when your neighbor has a $1,500 version11? In most countries it’s illegal to buy such devices, however, a recent study revealed that anyone can buy one very easily nonetheless.

HTML/SVG Link

Accessibility Link

  • Rodney Rehm published the first big update to his amazing accessibility library ally.js13. Version 1.1 has completely rewritten tests, supports way more browsers, and is even more reliable to handle focus states on your web application. And finally, you can also learn a lot about how to maintain an open-source project — just look at the incredibly detailed release notes or at the test suite that’s behind it.

JavaScript Link

CSS/Sass Link

  • Toggling passwords is considered a great UX pattern for users. On the other hand, there are some risks and challenges that you should know of. Avoid caching of the passwords and disabling autofill managers16 by following this short article.
  • Adam Morse shares his experience with user testing web projects and sums up what he thinks about using web fonts17 in the context of providing a good user experience. I have to admit that while it can be cool and necessary to use a web font, it often doesn’t have to be. A lot of projects don’t care about using a proper fallback font that matches the web font — and these days, with content and privacy blockers available for every device, there are a lot of people not seeing any web fonts at all.

Work & Life Link

  • Casey Gerald gave a great talk at this year’s SXSW18 questioning the traditional approach of doing work and also asking the question “With all the power we hold in our hands, why are people still suffering?”
  • One year after being fired, Zach Holman wrote up his knowledge on firing people19. A great read for both employees and employers.
  • “Most offices are the average of what works for everyone,” says Mike Del Ponte who believes that companies should offer employees the best of both worlds20 — working remote and on-site — and give them the choice of both. We’ve already seen a lot of such articles but what I found particularly interesting here is that the article is talking about benefits of on-site work as well as remote work and puts both into perspective.

And with that, I’ll close for this week. If you like what I write each week, please support me with a donation21 or share this resource with other people. You can learn more about the costs of the project here22. It’s available via email, RSS and online.

Thanks and all the best,
Anselm

Footnotes Link

  1. 1 https://dev.opera.com/blog/opera-36/
  2. 2 http://www.catonmat.net/blog/frameworks-dont-make-sense/
  3. 3 https://wesbos.github.io/Modern-Workflow-and-Tooling-Talk/
  4. 4 https://ma.ttias.be/remote-code-execution-git-versions-client-server-2-7-1-cve-2016-2324-cve-2016-2315/
  5. 5 https://mathiasbynens.github.io/rel-noopener/
  6. 6 https://bugzilla.mozilla.org/show_bug.cgi?id=1122236
  7. 7 https://blog.barricade.io/cross-site-request-forgery-visually-explained/
  8. 8 https://blog.barricade.io/cross-site-request-forgery-visually-explained/
  9. 9 https://blog.barricade.io/cross-site-request-forgery-visually-explained/
  10. 10 https://blog.barricade.io/cross-site-request-forgery-visually-explained/
  11. 11 http://www.bloomberg.com/news/articles/2016-03-10/what-happens-when-the-surveillance-state-becomes-an-affordable-gadget
  12. 12 https://css-tricks.com/creating-svg-icon-system-react/
  13. 13 https://github.com/medialize/ally.js/releases/tag/1.1.0
  14. 14 http://molily.de/javascript-failure/
  15. 15 http://bytearcher.com/articles/how-to-check-if-node-implements-es6-language-feature/
  16. 16 http://codepen.io/shellbryson/post/toggle-passwords
  17. 17 http://mrmrs.io/writing/2016/03/17/webfonts/
  18. 18 http://www.entrepreneur.com/article/272389
  19. 19 https://zachholman.com/talk/firing-people
  20. 20 https://www.fastcompany.com/3057608/most-creative-people/why-your-company-should-do-a-work-from-anywhere-week
  21. 21 https://wdrl.info/donate
  22. 22 https://wdrl.info/costs/
SmashingConf New York

Hold on, Tiger! Thank you for reading the article. Did you know that we also publish printed books and run friendly conferences – crafted for pros like you? Like SmashingConf Barcelona, on October 25–26, with smart design patterns and front-end techniques.

↑ Back to top Tweet itShare on Facebook

Anselm Hannemann is a freelance front-end developer and architect. He curates WDRL — a weekly, handcrafted web development newsletter. Apart from that he helped the RICG, built opendevicelab.com and organizes the NightlyBuild 2015 conference in Cologne, Germany. He is available for freelance jobs.

  1. 1

    Dear Anselm,

    This write-up is very interesting. I have only a week gotten myself into setting up what is necessary to learn UX, hacking (whitehat) and wifi security. It is good to keep myself aware of these things even at an older age of 25. It is never too late to learn! Now to learn what your <code etc means…

    Gruss aus Kuala Lumpur,
    Naquiah

    1
  2. 2

    This post is packed full information abut web development. What is SVG. How it is helpful in website development.

    0

↑ Back to top