jonathanKingston

Explanation of: https://twitter.com/katyemoe/status/677122509645455360

function doubleSay (str) {
  return str + ", " + str;
}
function capitalize (str) {
  return str[0].toUpperCase() + str.substring(1);
}
function exclaim (str) {

jonathanKingston

Comparing the proposed loading order of <script type="module"> with the current script tag loading methods. Showing a comparison of HTML parsing, script loading and executing scripts.

• Classic (<script>) loading blocks the parser to fetch the code and then blocks again execute the code then goes back to parsing the HTML.
• Defer (<script defer>) will not block the parsing to trigger the fetch but it will happen at the same time, the execution of the script will happen after the parsing is complete.
• Async (<script async>) will not block the parsing to trigger the fetch but it will block to execute the script, after that has happened it will continue the parsing.
• Module (<script type="module">) will behave like defer in that it will fetch in parallel to parsing but also it's dependency tree is fetched at the same time in parallel. After the parsing has completed it will execute the scripts.
• Async module (`

jonathanKingston

  
.overlay {
  display: flex;
  height: 100vh;
  width: 100vw;
  position: absolute;
  top: 0;
  left: 0;
  background-color: rgba(0, 0, 0, 0.5);
  justify-content: space-around;

jonathanKingston

JSON CSP

CSP is the de facto way to filter a sites exploitable surface areas. The current problem that needs some thought is being able to share your policy for others to be able to consume.

The easiest way for this to be made possible is to provide a JSON representation of CSP so that libraries can publish their polices. Tools can be then made available to merge policies together easily and ultimately then allow a smoother transition to a secure internet.

This may for example look like:

{
 "default-src": ["'self'", "domain.com"],