Half of the line-up of speakers for Web Day Out is already on the site. One more is already confirmed. I’m ridiculously excited about the way the line-up is taking shape, and judging by the zippiness of ticket sales, so are lots of my peers. Seriously, don’t wait to get your ticket or you might end up missing out completely. I’ve already got a shortlist of other people I could imagine on the line-up, but I’m open to more suggestions. If you’d like to speak at Web Day Out—or you kn...| Adactio: Journal
A one-day event all about what you can in web browsers today: Brighton, March 12th, 2026. Tickets are just £225+VAT!| adactio.com
Most used browsers might send passwords and PII data to external services and put your app at risk.| CodeSmash
Making XML human-readable without XSLT In response to the recent discourse about XSLT support in browsers, Jake Archibald shares a new-to-me alternative trick for making an XML document readable in a browser: adding the following element near the top of the XML:<script xmlns="http://www.w3.org/1999/xhtml" src="script.js" defer="" /> That script.js will then be executed by the browser, and can swap out the XML with HTML by creating new elements using the correct namespace: const htmlEl = docum...| Simon Willison's Weblog
Even if you’ve been doing JavaScript for a while, you might be surprised to learn that setTimeout(0) is not really setTimeout(0). Instead, it could run 4 milliseconds later: Nearly a decade a…| Read the Tea Leaves
Malicious websites can embed invisible commands that AI agents will follow blindly.| Ars Technica
HAR files extracted from HTTP sessions include a lot of useful data that can be utilized for creating custom network and performance audits. Their format though, is not that compatible with analysis tools like Pandas or Tableau out of the box. In this post, I go over a super easy approach towards parsing and transforming them via Objectron in JS.| The Code Ship
Piloting Claude for Chrome Two days ago I said:I strongly expect that the entire concept of an agentic browser extension is fatally flawed and cannot be built safely. Today Anthropic announced their own take on this pattern, implemented as an invite-only preview Chrome extension. To their credit, the majority of the blog post and accompanying support article is information about the security risks. From their post: Just as people encounter phishing attempts in their inboxes, browser-using AIs...| Simon Willison's Weblog
Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet The security team from Brave took a look at Comet, the LLM-powered "agentic browser" extension from Perplexity, and unsurprisingly found security holes you can drive a truck through.The vulnerability we’re discussing in this post lies in how Comet processes webpage content: when users ask it to “Summarize this webpage,” Comet feeds a part of the webpage directly to its LLM without distinguishing between the user’s...| Simon Willison's Weblog
Looking at a few headers, can you decide if it is obviously fake? Some of the questions will show you a single string, the user agent. Some will show you more headers, clearly labeled.| ai.174070135.xyz
It can be disconcerting when a page with about blank popup appears. Is it a bad ❌ thing? Find out what you can do ✔️.| Learn Digital Marketing
The juggernaut is taking advantage of its dominant position to enclose and destroy the commons.| wok
There was a time when you needed to make a native app in order to take advantage of specific technologies. That time has passed. Now you can do all of these things on the web: push notifications, offline storage, camera access, and more. Take a look at the home screen on your phone. Looking at the apps you’ve downloaded from an app store, ask yourself how many of them could’ve been web apps. Social media apps, airline apps, shopping apps …none of them are using technologies that aren’...| Adactio: Journal
We're happy to share that Ed25519 is now supported in Chrome (version). Following Ed25519 support in Firefox 129 in August 2024 and Safari 17.0, Chrome finally following suit in 137 in May of this year. Ed25519 is now supported in every major browser engine, reaching 79% and counting of| IPFS Foundation
Cross-Site Request Forgery countermeasures can be greatly simplified using request metadata provided by modern browsers.| words.filippo.io
Highlights The Text Fragments creation UI was just activated in Firefox Nightly allowing you to share/reference a link anchor to any text snippet in a page https://mastodon.social/@firefoxnightly/114805708639661562 This ...| Firefox Nightly News
On the podcast today we have Adam Silverstein. He’s here to discuss how new browser APIs and web technologies are transforming the WordPress experience. Adam explains advancements like the Po…| WP Tavern
uBlock Origin Lite for Safari| Michael Tsai
This post explains our recent effort to improve JSON.stringify performance| v8.dev
Hello friends! July is done. We merged 319 pull requests from 47 contributors.| ladybird.org
Welcome to the Q2 2025 edition of the Firefox Security and Privacy newsletter!| Attack & Defense
Each year, Igalia comes together with the browser vendors to help organize and run the Interop project. While we’re exceptionally proud of our involvement in this effort and all that it accomplishes, we’re also very aware that there are more asks of the platform than browser vendors can complete. It’s helped to illustrate that choosing to prioitize a set of things together, by definition, leaves lots of things unprioritized: Interop 2024 received 104 proposals for work to be done but co...| Igalia
In our home hemisphere, it’s fully summer. Though the days are long and hot, we’re keeping active with a trio of events this month, including one we hosted last year. Display Next Hackfest, July 8–10 — Our own Melissa Wen will deliver a first-day talk on “Async pageflip failures” as well as co-present a talk about “CI, DRM CI, IGT” on the second day. DebConf 2025, July 14–19 — New Igalian Helen Koike will be presenting a talk about “virtme-ng: quickly test a kernel fro...| Igalia
June is usually a big month for events here at Igalia, because that’s when we put on the Web Engines Hackfest. This year will be bigger than ever, because this year’s Hackfest is the biggest ever! Over 150 attendees will descend on our home town of A Coruña to share insights and hack new features, ideas, and paths forward. The talks will also be livestreamed, so subscribe to the Web Engines Hackfest channel if you want to catch them live or catch up when the individual sessions are poste...| Igalia
It’s May, and as is common for this time of year, Igalians will be present for a few conferences and talks, both at home and abroad. Be sure to say hello if you spot us at any of the following events! The lead story this month is that Igalia will be hosting the 108th plenary meeting of TC39 in A Coruña, Galicia, Spain, at the end of the month (May 28–30). Topics to be discussed will include an open discussion of ECMA’s framework for Technical Committees (TCs) and a normative change to ...| Igalia
As weather warms in the Northern hemisphere, so too does the conference landscape. Igalia will have representatives at six events this month, including: Node.js Collaborator Summit 2025 (April 1–2) – featuring a talk by Joyee Cheung, “module customization hooks” covering evaluate, module.register improvements, and more BlinkOn 20 (April 7–8) — the 20th edition of this gathering of Blink developers will feature six talks from Igalians: “DevTools mobile device emulation improveme...| Igalia
Next week, we’re heading to Nuremberg, Germany, for Embedded World 2025 (March 11-13)! As always, we’re excited to showcase our latest work in open-source graphics, web technologies, and embedded systems. If you’re attending, be sure to visit us at Booth 4-636. Whether you’re passionate about graphics drivers, web engines, gaming performance, or VR, we have something exciting to show you. What You’ll See at Our Booth 🖥️ Raspberry Pi: Unleashing the power of 3D graphics We’ve ...| Igalia
The 2025 conference scene is heating up, and this month, Igalia will be on site at no fewer than nine events this month. MWC25 Barcelona (March 3–6) — We’ll be set up in Hall 4 at booth stand 4C30, and Lorenzo Tilve Álvaro will deliver a brief presentation on who we are and what we do. Embedded World (March 11–13) — In addition to our presence at Booth 4-636, Samuel Iglesias will present “Open-source GPU Drivers: Why you need them for your Embedded Products” at 2:45pm on Tuesda...| Igalia
After years in development, we will be releasing WebGPU on Windows in Firefox 141! WebGPU gives web content a modern interface to the user’s graphics processor, enabling high-performance comp…| Mozilla Gfx Team Blog
Be very alert — if you're one of the millions of people who use Google Chrome daily, a serious vulnerability has just been discovered, and cybercriminals| Techoreon
Netscape Navigator 1994, Cyberdog and Internet Explorer in 1996, Chimera/Camino in 2002, OmniWeb in 2000, and finally Safari in 2003, and more besides.| The Eclectic Light Company
Stumbling into a (slightly) better HTML named character reference tokenization implementation| www.ryanliptak.com
Junji Watanabe| groups.google.com
Microsoft Family Safety is a feature of Windows that allows parents to control their children’s access to apps and content in Windows. The feature is tied to the user accounts of the parent(s) and child(ren). When I visit https://family.microsoft.com and log in with my personal Microsoft Account, I’m presented with the following view: The “Nate”Continue reading "Family Safety Content Filtering"| text/plain
Browser maker shifts resources to “new Firefox features that people need most.”…| Ars Technica
One-time camera and microphone permissions are now in Chrome (since M116), joining Firefox and Safari. This means that per-session permissions are now available to use cross-browser. Chrome calls the option “Allow this time”, where “this time” (as in “one-time”) refers to the scope of the grant, which the browser forgets once the user closes the […]| Advancing WebRTC
I clearly remember, but can't date it. I was working for Mozilla messaging at the time (momo), being the QA lead for Thunderbird. It was at the end of one of the Mozilla All-hands, maybe in 2011 or 2012. At one of the ending keynotes, we were introduced to Boot 2 Gecko. A hack that would let US - Mozilla own the platform to run a mobile browser on. At the time, the iPhone was going strong and Google was trying to catch up with Android. MeeGo had been in development at Nokia for a while but wa...| ludovic.hirlimann.net
Igalia is an open source consultancy specialised in the development of innovative projects and solutions. Our engineers have expertise in a wide range of technological areas, including browsers and client-side web technologies, graphics pipeline, compilers and virtual machines. We have the most WPE, WebKit, Chromium/Blink and Firefox expertise found in the consulting business, including many reviewers and committers. Igalia designs, develops, customises and optimises GNU/Linux-based solutions...| Igalia
In the recent past, there were a lot of cyber attacks that affected a lot of people and organizations. Most of these attacks used the internet as a medium to| IPBurger.com
Since the first days of the web, users and administrators have sought to control the flow of information from the Internet to the local device. There are many different ways to implement internet f…| text/plain
I guess I write stuff.| Pomdtr's blog
I guess I write stuff.| Pomdtr's blog
With Carrots & Sticks - Can the browser handle web security?| Frederik Braun
Browsers are starting to roll out changes in default UA styles for nested section headings. This post describes the incoming changes, how to identify if it's an issue on your websites, and hints for conformant and better-structured pages.| MDN Web Docs
Most of the Firefox User Interface (UI), including the address bar and the tab strip, are implemented using standard web technologies like HTML, CSS and JavaScript plus some additional custom components like XUL. One of the advantages of using web technologies for the front end is that it allows rendering the frontend using the browser engine on all desktop operating systems. However, just like many web applications are susceptible to some form of injection attack (OWASP Top Ten), Firefox’s...| Attack & Defense
I believe that Ladybird has more funding and better support for the web, but Servo wins in performance. Though, they're hard to compare directly!| LibreNews
This is a response to Miriam Suzanne’s excellent post on Reimagining Fluid Typography. She poses lots of really interesting questions, some of which I disagree with, but most of all they got me thinking… and writing. Read more.| Clagnut summaries
Atom vs. RSS| nullprogram.com
| Thomas Hunter II
| Thomas Hunter II
| Thomas Hunter II
Normally I see nothing wrong with skeuomorphism in computer interfaces but even I will admit this is deeply silly even by my standards. The project was born in the depths...| sheep.horse
In this post, we introduce Web-based Code Assurance and Transparency, a project that supports verifiable in-browser code for single-page browser applications. Along with this post, we are publishing the WEBCAT project repository; follow-up posts will provide more detailed information.| SecureDrop
Since the effective demise of the Conkeror web browser, I’ve mainly been using Firefox (with some experimentation with Nyxt browser). I’ve missed the ability to quickly browse with the keyboard and customise keybindings. I’ve played with the Tridactyl extension for a few years, but Firefox limitations in part have kept me from using it more extensively. But I stumbled across a relatively easy way of “unreserving” reserved Firefox keys (like <C-p>, <C-f> etc.) via an offhand comment ...| The Neo-Babbage Files
I have used React for a long time. Trust me when I tell you: There is no reason to use it and a lot of reasons against it. This is going to be a long explanation, but bear with me!| Lusitos Tech Blog
HTTP/3 has been in development since at least 2016, while QUIC (the protocol beneath it) was first introduced by Google way back in 2013. Both are now...| httptoolkit.com
On programming and personal projects| Alexandru Nedelcu
Discover key updates in Mozilla Root Store Policy v3.0, including enhanced CA revocation practices, automation requirements, and strengthened security measures. Learn how these changes improve Web PKI security and compliance.| Mozilla Security Blog
If I asked you to think about a web browser, how would you visualize it? For most people, the answer would be simple: you would imagine a window with a stacked layout composed of an array of tabs, a text box to search the web or input a URL, a| LibreNews
Apple is about to release two new OS upgrades in the form of iOS 14 and macOS 11 (whoa, that's weird to say) this fall. With new OS versions is always going to come a lot of new artifact testing. I've always been fascinated with tracking browser preferences and due to the nature of how Safari operates, I feel that it's one of the most important browsers to track and understand the preferences of. | D20 Forensics
After listing files and setting up per directory accesses,| blog.izissise.net
Discover the features included in Interop 2025.| web.dev
In Jeremy’s recent post, “The web on mobile”, he bemoans the mobile web experience. I had some further thoughts, including: if web apps are to compete with native apps in the affections of users, then they need to be equivalent. Read more.| Clagnut summaries
Hey there! I’m glad to finally start paying my blogging debt :) as this is something I’ve been planning to do for quite some time now. To get the ball rolling, I’ve shared some bits about me in my very first blog post Olá Mundo. In this article, I’m going to walk through what we’ve been working on since last year in the Chromium Ozone/Wayland project, on which I’ve been involved (directly or indirectly) since I’ve joined Igalia back in 2018.| nickdiego.dev
Interop 2025 continues the mission to make the web more consistent across browsers, building on 2024’s 95% interoperability score.| Mozilla Hacks – the Web developer blog
AndreGarzia.com website| andregarzia.com
Browsers’ visual display of headings nested inside `` elements makes it look as if they are assigning a logical hierarchy to those headings. However, this is purely visual and is not communicated to assistive technologies. In this article, Bruce Lawson explains what use we have of `` and how authors should mark up headings that are hugely important to AT users.| Smashing Magazine
Photo by Jeremy Bishop on Unsplash I recently wrote about the future of the browser and Surf, a new app from the creators of Flipboard. Both stories explore the c…| On my Om
Browser-based cryptography has struggled with a longstanding chicken-and-egg problem that predates many features of the modern web, and while some of those features have reduced the problem’s severity, the issue remains: What is the basis for trusting the code that performs browser-based encryption?| SecureDrop
Following the success of Interop 2023, we are pleased to confirm that the project will continue in 2024 with a new selection of focus areas, representing areas of the web platform where we think we can have the biggest positive impact on users and web developers. The post Announcing Interop 2024 appeared first on Mozilla Hacks - the Web developer blog.| Mozilla Hacks – the Web developer blog
It’s important to make sure you configure your web browsers to protect your privacy, protect yourself from identity theft and make it harder for worms and viruses to infect your computer. Configuring your web browser won’t on its own provide you with full security. But it’s the first step to creating a more secure home […]| spamlaws.com
Tabjacking is a new form of malware that can enter your PC through vulnerabilities in your Web browser that allow hackers to insert malicious code into the tabs of your Web browser. The code is capable of hijacking the tab to a new Web page and inserting advertising pop-ups, worms, trojans, or other malware into […]| spamlaws.com
Mistakes by CAs undermine HTTPS and safety on the internet| azeemba.com
Printing pages directly from the browser is an experience that can lead to frustration with enormous images being printed out. We have covered print stylesheets in the past here on Smashing Magazine, but in this article, Rachel Andrew takes a look at the state of printing from the browser today. She will show you how you should include print styles in your web pages, and look at the specifications that really come into their own once printing.| Smashing Magazine
ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit.| www.welivesecurity.com
Want to learn about using a static analysis tool called CodeQL to search for vulnerabilities in Google Chrome? Then this blog post is for you!| bughunters.google.com
wrestling the web from corporate control requires making it boring again| washbear.neocities.org
OCSP, including OCSP Stapling, is leaving the Web PKI. Here's a complete look at revocation beyond OCSP: its past, present, and possible futures.| Seirdy’s Home
In the open source community, there is perhaps no greater gift than code. This is about that time 135,000 lines of gifted code created a new era of JavaScript| The History of the Web
Explore the top web browsers of 2024, including Firefox, Edge, Chrome, Opera, Safari, Brave, and more. Learn about their features, pros and cons, performance, and security.| cloudmention.com
The 0.0.0.0 IP address can be exploited in Safari, Chrome, Firefox, Edge, and Opera.| PCMag UK
For busy web users, the humble Find-in-Page feature in the browser is one of the most important features available. While Google or Bing can get you to the page you’re looking for faster than…| text/plain
I created manifest v3 Chrome/Chromium extension with `| Askar Safin
Firefox 128 introduces privacy-preserving attribution, allowing advertisers to measure campaign performance while protecting user privacy.| support.mozilla.org
Just append #page=X to your URL, where X is a placeholder for| technicalwriting.dev
Posted by Chrome Root Program, Chrome Security Team Update (09/10/2024): In support of more closely aligning Chrome’s planned compliance ...| Google Online Security Blog
Most modern browsers have a huge address bar that makes up a huge chunk of the browser chrome:| Anže’s Blog
You might be scrolling through your morning news, checking email, or any other routine online moment when suddenly you notice a small winged beast slowly glide across your screen. It’s ...| Mozilla Add-ons Community Blog
This blog post is an expanded version of a Twitter thread I posted several years ago about why every website should use HTTPS. Twitter seems less… readily citable these days, so I thought it would be good to have a blog post version of it.| Emily M. Stark
May 17, 2024 . 3 min | blog.meain.io
Anyone on an older laptop or machine knows the pain of browsers eating all the available RAM but that soon will change. On Edge, that is. Microsoft is working on a feature that will let you set how much memory your browser uses in Edge. I don’t know about you, but for me this is […]| TechTheLead
Privacy-preserving browsers are one of the first upgrades you should make to reclaim control of your data.| Freedom.Tech
A fairly common security bug report is of the form: “I can put JavaScript inside a PDF file and it runs!” For example, open this PDF file with Chrome, and you can see the alert(1) messa…| text/plain
V8 features a lightweight, in-process sandbox to limit the impact of memory corruption bugs| v8.dev
In-App Browsers subvert user choice, stifle innovation, trap users into apps, break websites and enable applications to severely undermine user privacy. In-App Browsers hurt consumers, developers and damage the entire web ecosystem.| Open Web Advocacy
