Lucene search
K
JakearchibaldMost viewed

116 matches found

Jake Archibald's Blog
Jake Archibald's Blog
added 2021/03/31 1:0 a.m.257 views

Who has the fastest F1 website in 2021? Part 5

This is part 5 in a multi-part series looking at the loading performance of F1 websites. Not interested in F1? It shouldn't matter. This is just a performance review of 10 recently-built/updated sites that have broadly the same goal, but are built by different teams, and have different performanc...

6.9AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2021/04/30 1:0 a.m.239 views

Performance-testing the Google I/O site

I've been looking at the performance of F1 websites recently, but before I dig into the last couple of teams, I figured I'd look a little closer to home, and dig into the Google I/O website. 1. Part 1: Methodology & Alpha Tauri 2. Part 2: Alfa Romeo 3. Part 3: Red Bull 4. Part 4: Williams 5. Part...

6.7AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2021/03/26 1:0 a.m.212 views

Who has the fastest F1 website in 2021? Part 2

Ohhh, you've come back for more? Excellent. I was worried it was just going to be me sat here, typing to myself. This is part 2 in a multi-part series looking at the loading performance of F1 websites. Not interested in F1? It shouldn't matter. This is just a performance review of 10...

7AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2021/03/25 1:0 a.m.211 views

Who has the fastest F1 website in 2021? Part 1

In 2019 I did a performance review of F1 websites, and it was fun so I figured I'd do it again, but bigger definitely and better I hope. Turns out a lot has changed in the past two years, and well, some things haven't changed. Not interested in F1? It shouldn't matter. This is just a performance...

6.8AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2021/06/11 1:0 a.m.181 views

Halve the size of images by optimising for high density displays

A long time ago we had monitors of varying resolutions, but once we started to go beyond 1024x768, screens started to get bigger as resolution got bigger. Then full-colour web-capable mobile phones arrived, but the story was the same. They had small screens, but also small resolutions. Then in 20...

6.7AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2019/03/19 12:0 p.m.181 views

Who has the fastest website in F1?

I was trying to make my predictions for the new Formula One season by studying the aerodynamics of the cars, their cornering speeds, their ability to run with different amounts of fuel. Then it hit me: I have no idea what I'm doing. So, I'm going to make my predictions the only way I know how: By...

6.7AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2018/06/20 2:17 p.m.169 views

I discovered a browser bug

I accidentally discovered a huge browser bug a few months ago and I'm pretty excited about it. Security engineers always seem like the "cool kids" to me, so I'm hoping that now I can be part of the club, and y'know, get into the special parties or whatever. I've noticed that a lot of these securi...

4.3CVSS6.5AI score0.02673EPSS
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2021/06/30 1:0 a.m.133 views

Encoding data for POST requests

Right now, when you go to copilot.github.com you're greeted with this example: async function isPositivetext const response = await fetchhttp://text-processing.com/api/sentiment/, method: 'POST', body: text=$text, headers: 'Content-Type': 'application/x-www-form-urlencoded', , ; const json = awai...

7.2AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2019/01/07 2:19 p.m.92 views

A declarative router for service workers

I'm looking for feedback on this API. It isn't yet supported in any standard or browser. In the very early days of service workers while they were still named "navigation controllers" we had the idea of a declarative router. This provided a high-level API to define the behaviour of particular...

Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2021/07/03 1:0 a.m.82 views

`export default thing` is different to `export { thing as default }`

Dominic Elm DM'd me on Twitter to ask me questions about circular dependencies, and, well, I didn't know the answer. After some testing, discussion, and ahem chatting to the V8 team, we figured it out, but I learned something new about JavaScript along the way. I'm going to leave the circular...

0.1AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2019/10/06 2:5 p.m.80 views

Service workers at TPAC

Last month we had a service worker meeting at the W3C TPAC conference in Fukuoka. For the first time in a few years, we focused on potential new features and behaviours. Here's a summary: Resurrection finally killed reg.unregister; If you unregister a service worker registration, it's removed fro...

Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2018/12/14 11:41 a.m.71 views

What happens when packages go bad?

I built spritecow.com back in 2011, and I no longer actively maintain it. A few months ago, a user berated me for using a crypto currency miner on the site without their informed consent. And sure enough, the site's JS had a small addition that loaded the mining JS, and sent the result somewhere...

6.5AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2021/01/29 1:0 a.m.65 views

Don't use functions as callbacks unless they're designed for it

Here's an old pattern that seems to be making a comeback: // Convert some numbers into human-readable strings: import toReadableNumber from 'some-library'; const readableNumbers = someNumbers.maptoReadableNumber; Where the implementation of toReadableNumber is like this: export function...

7.2AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2019/06/11 8:16 a.m.56 views

Probably?

Remy Sharp asked a question on Twitter that got me thinking about probability for the first time in a while. The problem Get your copybooks out now! Remy is using an image service that has an API which returns a URL for one of its images, picked at random. Remy makes five requests to the service,...

6.8AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2021/06/24 1:0 a.m.49 views

In JS functions, the 'last' return wins

In JavaScript functions, which return wins? function test return 'one'; return 'two'; return 'three'; You might say, "well it's the first one", but I'm going to try and convince you it's the last one. Don't worry, the function above definitely returns 'one', but in this case the first return...

7.2AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2021/04/07 1:0 a.m.47 views

Who has the fastest F1 website in 2021? Part 7

This is part 7 in a multi-part series looking at the loading performance of F1 websites. Not interested in F1? It shouldn't matter. This is just a performance review of 10 recently-built/updated sites that have broadly the same goal, but are built by different teams, and have different performanc...

6.8AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2018/06/20 2:17 p.m.47 views

I discovered a browser bug

I accidentally discovered a huge browser bug a few months ago and I'm pretty excited about it. Security engineers always seem like the "cool kids" to me, so I'm hoping that now I can be part of the club, and y'know, get into the special parties or whatever. I've noticed that a lot of these securi...

4.3CVSS6.5AI score0.02673EPSS
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2021/03/29 1:0 a.m.46 views

Who has the fastest F1 website in 2021? Part 3

I once spent an hour creating an F1 lights-out reaction test which went viral and was even played by F1 drivers. That sounds like a brag, and it kinda is, but now whenever I pour days or even weeks of work into something, it just seems so inefficient compared to that time I spent an hour on...

6.9AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2021/08/04 1:0 a.m.45 views

Writing great alt text: Emotion matters

If you prefer videos to articles, there's an episode of HTTP 203 on this topic. Ok, on with the article… Good alt text means that screen reader users get the same 'meaning' from the page as a fully sighted user. But sometimes that's easier said than done. I recently got stuck trying to figure out...

6.6AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2021/03/30 1:0 a.m.38 views

Who has the fastest F1 website in 2021? Part 4

This is part 4 in a multi-part series looking at the loading performance of F1 websites. Not interested in F1? It shouldn't matter. This is just a performance review of 10 recently-built/updated sites that have broadly the same goal, but are built by different teams, and have different performanc...

6.9AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2020/07/29 1:0 a.m.37 views

Different versions of your site can be running at the same time

It's pretty easy for a user to be running an old version of your site. Not only that, but a user could be running many different versions of your site at the same time, in different tabs, and that's kinda terrifying. For instance: 1. A user opens your site. 2. You deploy an update. 3. The user...

6.6AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2020/09/08 1:0 a.m.35 views

AVIF has landed

Back in ancient July I released a video that dug into how lossy and lossless image compression works and how to apply that knowledge to compress a set of different images for the web. Well, that's already out of date because AVIF has arrived. Brilliant. AVIF is a new image format derived from the...

6.2AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2020/08/07 1:0 a.m.32 views

A padlock problem

There's a difference between what the browser 🔒 means to users, vs what it means to browsers. To users, it means "the page is secure", but to the browser: The certificate dialog in Chrome …it means the "connection" is secure. This is because the security check happens as part of setting up the...

0.3AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2021/04/14 1:0 a.m.31 views

Who has the fastest F1 website in 2021? Part 8

This is part 8 in a multi-part series looking at the loading performance of F1 websites. Not interested in F1? It shouldn't matter. This is just a performance review of 10 recently-built/updated sites that have broadly the same goal, but are built by different teams, and have different performanc...

6.7AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2021/04/06 1:0 a.m.26 views

Who has the fastest F1 website in 2021? Part 6

This is part 6 in a multi-part series looking at the loading performance of F1 websites. Not interested in F1? It shouldn't matter. This is just a performance review of 10 recently-built/updated sites that have broadly the same goal, but are built by different teams, and have different performanc...

Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2022/07/11 1:0 a.m.25 views

Avoiding <img /> layout shifts: aspect-ratio vs width & height attributes

By default, an takes up zero space until the browser loads enough of the image to know its dimensions: &origin=source&to=/c/senna-d1c8a036.jpg When you run the demo, you'll see the immediately. Then, after a few seconds, this paragraph and subsequent page content shifts downwards to make room for...

6.9AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2020/06/12 1:0 a.m.25 views

Event listeners and garbage collection

Imagine a bit of code like this: async function showImageSizeurl const blob = await fetchurl.thenr = r.blob; const img = await createImageBitmapblob; updateUISomehowimg.width, img.height; btn1.onclick = = showImageSizeurl1; btn2.onclick = = showImageSizeurl2; This has a race condition. If the use...

0.7AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2017/12/11 4:50 p.m.25 views

Arrays, symbols, and realms

On Twitter, Allen Wirfs-Brock asked folks if they knew what Array.isArrayobj did, and the results suggested… no they don't. For what it's worth, I also got the answer wrong. Type-checking arrays function fooobj // … Let's say we wanted to do something specific if obj is an array. JSON.stringify i...

7.2AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2021/10/12 1:0 a.m.23 views

How to win at CORS

CORS Cross-Origin Resource Sharing is hard. It's hard because it's part of how browsers fetch stuff, and that's a set of behaviours that started with the very first web browser over thirty years ago. Since then, it's been a constant source of development; adding features, improving defaults, and...

6.6AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2017/10/31 11:2 a.m.23 views

Netflix functions without client-side React, and it's a good thing

A few days ago Netflix tweeted that they'd removed client-side React.js from their landing page and they saw a 50% performance improvement. It caused a bit of a stir. This shouldn't be a surprise The following: 1. Download HTML & CSS in parallel. 2. Wait for CSS to finish downloading & execute it...

7AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2018/02/27 2:47 p.m.22 views

Third party CSS is not safe

A few days ago there was a lot of chatter about a 'keylogger' built in CSS. Some folks called for browsers to 'fix' it. Some folks dug a bit deeper and saw that it only affected sites built in React-like frameworks, and pointed the finger at React. But the real problem is thinking that third part...

7.3AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2017/05/30 12:36 a.m.22 views

HTTP/2 push is tougher than I thought

"HTTP/2 push will solve that" is something I've heard a lot when it comes to page load performance problems, but I didn't know much about it, so I decided to dig in. HTTP/2 push is more complicated and low-level than I initially thought, but what really caught me off-guard is how inconsistent it ...

7AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2014/03/13 12:0 a.m.22 views

Promises: resolve is not the opposite of reject

When I first started working with promises I had the overly simplistic view that passing a value into reject would mark the promise as "failed", and passing a value into resolve would mark it as "successful". However, the latter isn't always true. new Promiseresolve, reject = resolvesomething;...

0.2AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2020/12/11 1:0 a.m.21 views

CSS paint API: Being predictably random

Take a look at this: Space invaders If you're using a browser that supports the CSS paint API, the element will have a 'random' pixel-art gradient in the background. But it turns out, doing random in CSS isn't as easy as it seems… Initial implementation This isn't a full tutorial on the CSS paint...

6.8AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2017/09/08 9:57 a.m.21 views

Lazy async SVG rasterisation

Phwoar I love a good sciency-sounding title. SVG can be slow When transforming an SVG image, browsers try to render on every frame to keep the image as sharp as possible. Unfortunately SVG rendering can be slow, especially for non-trivial images. Here's a demo, press "Scale SVG". Devtools timelin...

7.1AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2017/09/08 9:57 a.m.20 views

Lazy async SVG rasterisation

Phwoar I love a good sciency-sounding title. SVG can be slow When transforming an SVG image, browsers try to render on every frame to keep the image as sharp as possible. Unfortunately SVG rendering can be slow, especially for non-trivial images. Here's a demo, press "Scale SVG". Devtools timelin...

7.1AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2023/07/06 1:0 a.m.19 views

The case against self-closing tags in HTML

Let's talk about /: You'll see this syntax on my blog because it's what Prettier does, and I really like Prettier. However, I don't think / is a good thing. First up: The facts Enter XHTML Back in the late 90s and early 2000s, the W3C had a real thing for XML, and thought that it should replace...

6.8AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2021/11/22 1:0 a.m.19 views

Cross-fading any two DOM elements is currently impossible

Update: A spec change has landed to make this possible, it'll ship in Chrome 100, it's been implemented in Firefox, and it already existed as a non-standard feature in Safari. Soon this feature will be supported across all major browsers! Ok, it isn't always impossible. Be amazed as I cross-fade...

6.8AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2019/06/11 8:16 a.m.19 views

Probably?

Remy Sharp asked a question on Twitter that got me thinking about probability for the first time in a while. The problem Get your copybooks out now! Remy is using an image service that has an API which returns a URL for one of its images, picked at random. Remy makes five requests to the service,...

7AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2017/04/28 3:5 p.m.19 views

Combining fonts

I love the font Just Another Hand, I use it a lot in diagrams during my talks: Here it is! Yay! The thing is, I don't like the positioning of the hyphen & equals glyphs… Cache-Control: max-age=3600 They look awkwardly positioned – they sit too high. Thankfully CSS lets you merge fonts together, s...

7.3AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2015/03/24 12:0 a.m.19 views

That's so fetch!

There's been some confusion around the new fetch API recently. Let's clear things up. The first thing you'll notice about fetch is it's a massive improvement on XMLHttpRequest in terms of API design. Here's how to get some JSON using XHR: var xhr = new XMLHttpRequest; xhr.open'GET', url;...

6.8AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2024/04/24 1:0 a.m.18 views

HTML attributes vs DOM properties

Attributes and properties are fundamentally different things. You can have an attribute and property of the same name set to different values. For example: … const div = document.querySelector'divfoo=bar'; console.logdiv.getAttribute'foo'; // 'bar' console.logdiv.foo; // undefined div.foo = 'hell...

6.5AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2017/10/31 11:2 a.m.18 views

Netflix functions without client-side React, and it's a good thing

A few days ago Netflix tweeted that they'd removed client-side React.js from their landing page and they saw a 50% performance improvement. It caused a bit of a stir. This shouldn't be a surprise The following: 1. Download HTML & CSS in parallel. 2. Wait for CSS to finish downloading & execute it...

7AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2017/05/02 2:29 p.m.18 views

ECMAScript modules in browsers

ES modules are now available in browsers! They're in… Safari 10.1. Chrome 61. Firefox 60. Edge 16. import addTextToBody from './utils.mjs'; addTextToBody'Modules are pretty cool.'; // utils.mjs export function addTextToBodytext const div = document.createElement'div'; div.textContent = text;...

0.2AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2017/04/18 3:25 p.m.18 views

Async iterators and generators

Streaming fetches are supported in Chrome, Edge, and Safari, and they look a little like this: async function getResponseSizeurl const response = await fetchurl; const reader = response.body.getReader; let total = 0; while true const done, value = await reader.read; if done return total; total +=...

7.1AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2017/02/20 12:15 p.m.18 views

Do we need a new heading element? We don't know

There's a proposal to add a new element to the HTML spec. It solves a fairly common use-case. Take this HTML snippet: Do you find the "plot" a distraction in movies? If so, you should check out "John Wick" - satisfaction guaranteed! This could be a web component, or a simple include. The problem...

6.5AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2023/01/11 1:0 a.m.17 views

The gotcha of unhandled promise rejections

Let's say you wanted to display a bunch of chapters on the page, and for whatever reason, the API only gives you a chapter at a time. You could do this: async function showChapterschapterURLs for const url of chapterURLs const response = await fetchurl; const chapterData = await response.json;...

7.1AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2017/02/17 12:56 p.m.17 views

Events and disabled form fields

I've been working on the web since I was a small child all the way through to the haggard old man I am to day. However, the web still continues to surprise me. Turns out, mouse events don't fire when the pointer is over disabled form elements, except in Firefox. Serious? Serious. Give it a go. Mo...

6.8AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2024/02/21 1:0 a.m.16 views

View transitions: Handling aspect ratio changes

This post assumes some knowledge of view transitions. If you're looking for a from-scratch intro to the feature, see this article. When folks ask me for help with view transition animations that "don't quite look right", it's usually because the content changes aspect ratio. Here's how to handle...

7.4AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2022/12/19 1:0 a.m.16 views

Getting the correct HTML codecs parameter for an AV1 video

This post is mostly for my own reference, but I couldn't find a good guide elsewhere, so here we go! I wanted to embed a screencast in a web page, and I wanted it to be as efficient as possible. To achieve this, I created two version of the video, and embedded it like this: The MP4 version uses t...

6.7AI score
Exploits0
Total number of security vulnerabilities116