Rob Weir
Via @adactio, use this the next time someone asks you “why would a user turn off JavaScript/use an ad blocker?” adactio.com/links/13285
I’m harvesting credit card numbers and passwords from your site. Here’s how.
This is a “what if?” scenario, but it’s all too plausible.
For site owners, the (partial) solution is to have a strong Content Security Policy.
For users, the solution is to disable JavaScript.
(In the wake of Spectre and Meltdown, this is now a perfectly legitimate action for security-conscious web users to take; I hope your site can support that.)
Responses
Related links
Why your website should work without Javascript. | endtimes.dev
The obvious answer to why you should build a website that doesn’t need
jsis… because some people don’t usejs. But how many?!
Ban embed codes
Prompted by my article on third-party code, here’s a recommendation to ditch any embeds on your website.
Remove Trackers - CSS-Tricks
Laura and I are on the same page here.
Ain’t No Party Like a Third Party - CSS-Tricks
Chris is doing another end-of-year roundup. This time the prompt is “What is one thing people can do to make their website bettter?”
This is my response.
I’d like to tell you something not to do to make your website better. Don’t add any third-party scripts to your site.
Web Almanac 2020
I spent most of the weekend reading through this and I’ve still barely scratched the surface—a lot of work has gone to the analyses and write-ups!
The sections on accessibility and performance get grimmer each year but the raw numbers on framework adaption are refreshingly perspective-setting.
Related posts
Backdoor Service Workers
The tragedy of the iframe commons.
JavaScript
Inside me there are two wolves. They’re both JavaScript.
Mental models
Back-end development isn’t the same as front-end development.
Securing client-side JavaScript
Tightening up my content security policy.