Web Interface Guidelines
Interfaces succeed because of hundreds of choices. This is a living, non-exhaustive list of those decisions. Most guidelines are framework-agnostic, some specific to React/Next.js. Feedback is welcome. Interactions Keyboard works everywhere. All flows are keyboard-operable & follow the WAI-ARIA Authoring Patterns. Clear focus. Every focusable element shows a visible focus ring. Prefer :focus-visib
Assessing Claude Mythos Preview’s cybersecurity capabilities April 7, 2026 Nicholas Carlini, Newton Cheng, Keane Lucas, Michael Moore, Milad Nasr, Vinay Prabhushankar, Winnie Xiao Hakeem Angulu, Evyatar Ben Asher, Jackie Bow, Keir Bradwell, Ben Buchanan, David Forsythe, Daniel Freeman, Alex Gaynor, Xinyang Ge, Logan Graham, Kyla Guru, Hasnain Lakhani, Matt McNiece, Mojtaba Mehrara, Renee Nichol, A
WebKit Features in Safari 17.4
ContentsArchitectural improvementsWeb AppsForm elementsCSSWeb APIJavaScriptMediaSVGWebGLWeb AssemblyWeb InspectorChanges to SafariSafari ExtensionsWeb AuthenticationBug Fixes and moreUpdating to Safari 17.4Feedback Just like Safari 15.4 and Safari 16.4, this March’s release of Safari 17.4 is a significant one for web developers. We’re proud to announce another 46 features and 146 bug fixes. You ca
Testing a new encrypted messaging app's extraordinary claims
How I accidentally breached a nonexistent database and found every private key in a 'state-of-the-art' encrypted messenger called Converso I recently heard this ad on a podcast: I use the Converso app for privacy because I care about privacy, and because other messaging apps that tell you they're all about privacy look like the NSA next to Converso. With Converso, you've got end-to-end encryption,
2025年のオープンソース活動の振り返りとGitHub Sponsorsでの収入をまとめた記事です。 今年はtextlintとJSer.infoにMCPサーバーを実装しました。 また、JavaScript PrimerをES2025に対応し、secretlintに新しい検出ルールを追加しました。 AI連携とECMAScript最新仕様への対応が中心の年でした。 TSKaigi 2025とYAPC::Fukuoka 2025では、継続的なメンテナンスについて発表しました。 サプライチェーン攻撃対策についてはZennに記事をまとめました。 npmパッケージ/GitHub Actionsを利用する側/公開する側でサプライチェーン攻撃を防ぐためにやることメモ 今までの振り返り 2014年: https://efcl.info/2014/12/31/oss-in-2014/ 2015年: https
Press Enter, and JHipster will create your app in the current directory and run npm install to install all the dependencies specified in package.json. Verify Everything Works with Cypress and KeycloakWhen you choose OAuth 2.0 and OIDC for authentication, the users are stored outside of the application rather than in it. You need to configure an identity provider (IdP) to store your users and allow
個人開発・ソロプレナーの強い味方。Supabase徹底入門で無料枠をありがたく使わせてもらう公開日 : 2025/03/08 Supabaseの概要と特長 Supabase(スーパーベース、スパベースではないようです)は、近年注目を集めているオープンソースのBaaS(Backend as a Service)です。 Firebaseの代替として位置づけられており、バックエンドに必要な機能をすべてクラウドサービスとして提供します。具体的にはデータベース(PostgreSQL)、ユーザー認証、リアルタイム通信、ストレージ、サーバーレス関数などを統合的に利用できるプラットフォームです。 プログラミング初心者や個人開発者・ソロプレナーでも、自前でサーバーやDBを構築することなく、Webやモバイルアプリの堅牢なバックエンドを素早く構築できます。 Supabaseのアーキテクチャ概要と主要コンポーネン
Easy CSRF bypass
Greetings to the reader, I hope you are doing well. Today I want to talk about one of my findings in a private program at Hacker-One platform, which refers to it as target.com. Firstly:Following some reconnaissance and effort, I found target.com, I create an account on it and tried to understand the application and its functionalities in it. I tried to test a lot of things, but I was unable to ide
Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling
This request triggered an extremely suspicious intermittent 400 Bad Request response from various websites that were running AWS Application Load Balancer (ALB) as their front-end. Investigation revealed that ALB was mysteriously adding a 'Transfer-Encoding: chunked' header while downgrading the request to HTTP/1.1 for forwarding to the back-end, without making any alterations to the message body:
#Tags | blog.jxck.io
1password 2025-11-13 1Password AC #10: SSH と Git コミット署名 2025-11-12 1Password AC #9: Travel Mode 2025-11-11 1Password AC #8: 1Password CLI 2025-11-10 1Password AC #7: Group と Vault の運用 2025-11-09 1Password AC #6: Business アカウント特典の無料 Family アカウント 2025-11-08 1Password AC #5: 1Password アカウントへの 2FA 2025-11-07 1Password AC #4: Secret Key の運用とアカウントリカバリ 2025-11-06 1Password AC #3: Master Password の作り方 202
Autifyでランダムなメールアドレスとユーザー名を都度生成してアプリへのサインアップをテストしてみた | DevelopersIO
こんにちは、CX事業本部 IoT事業部の若槻です。 今回は、テスト自動化プラットフォームAutifyで、ランダムなメールアドレスとユーザー名を都度生成してアプリへのサインアップを行うテストを作成してみました。 やってみた 例として、Cognito user poolでのユーザーの操作によるサインアップ時のテストをAutifyで作成してみます。 user poolの作成 テストに使用するCognito user poolを作成します。 # user pool作成 $ USER_POOL_NAME=autify-test-pool $ aws cognito-idp create-user-pool \ --pool-name ${USER_POOL_NAME} \ --alias-attributes "email" \ --schema Name=email,Required=true \
Amplify UI’s new Authenticator component makes it easy to add customizable login pages to your React, Angular, or Vue app | Amazon Web Services
Front-End Web & Mobile Amplify UI’s new Authenticator component makes it easy to add customizable login pages to your React, Angular, or Vue app June 27, 2024: This blog post covers Amplify Gen 1. For new Amplify apps, we recommend using Amplify Gen 2. You can learn more about Gen 2 in our launch blog post. This post is written by Nikhil Swaminathan and Eric Clemmons who work at AWS Amplify. AWS A
[Public] Passkeys Hackathon Tokyo event report Please send any inquiry about this event or document to Eiji Kitamura (agektmr[at]google.com). This article was authored in collaboration with the staff members of the hackathon from FIDO Alliance (kokukuma, Kosuke Koiwai, Kento Goro, Kotaro Oi, Yoshinori Matumoto, Naoyuki Shiraishi, Hideaki Furukawa, Vaibhav Kumar and Koichi Moriyama). In June 2024,
Using passkeys enhances security, simplifies logins, and replaces passwords. Unlike regular passwords, which users must remember and enter manually, passkeys use device's screen lock mechanisms like biometrics or PINs and reduce phishing risks and credential theft. Passkeys sync across devices using passkey providers like Google Password Manager and iCloud Keychain. A passkey must be created, stor
Summary An attacker could, through a link or website, take over the computer of a Visual Studio Code user and any computers they were connected to via the Visual Studio Code Remote Development feature. This issue affected at least GitHub Codespaces, github.dev, the web-based Visual Studio Code for Web and to a lesser extent Visual Studio Code desktop. Severity Critical - This vulnerability allows
Axios POST requests: Handling errors, authentication, and best practices - LogRocket Blog
Sending requests to a web server is one of the most commonly performed tasks in frontend development. Creating a Facebook post, uploading a new Instagram image, sending a post on X, or signing up on a website all send requests to a server. Axios is a free and open source promised-based HTTP library that runs both in the browser and Node.js. In this article, you’ll learn how to use the Axios POST m
Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself | Microsoft Security Blog
April 2023 update – Microsoft Threat Intelligence has shifted to a new threat actor naming taxonomy aligned around the theme of weather. To learn more about this evolution, how the new taxonomy represents the origin, unique traits, and impact of threat actors, and a complete mapping of threat actor names, read this blog: Microsoft shifts to a new threat actor naming taxonomy. September 2022 update
Full Stack Development with Next.js and Supabase – The Complete Guide
Supabase is an open source Firebase alternative that lets you create a real-time backend in less than two minutes. Supabase has continued to gain hype and adoption with developers in my network over the past few months. And a lot of the people I've talked to about it prefer the fact that it leverages a SQL-style database, and they like that it's open source, too. When you create a project Supabase
Amazon Aurora DSQL, the fastest serverless distributed SQL database is now generally available | Amazon Web Services
AWS News Blog Amazon Aurora DSQL, the fastest serverless distributed SQL database is now generally available Today, we’re announcing the general availability of Amazon Aurora DSQL, the fastest serverless distributed SQL database with virtually unlimited scale, the highest availability, and zero infrastructure management for always available applications. You can remove the operational burden of pa
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Claude Mythos Preview \ red.anthropic.com
オープンソース活動の振り返り/GitHub Sponsorsの収入まとめ @ 2025
Full Stack Java with React, Spring Boot, and JHipster
個人開発・ソロプレナーの強い味方。Supabase徹底入門で無料枠をありがたく使わせてもらう
[Public] Passkeys Hackathon Tokyo 2024 event report
Create a passkey for passwordless logins | Articles | web.dev
Visual Studio Code: Remote Code Execution