- A site to test the interaction of web APIs and browser permissions.
- https://web.dev/new-patterns-for-amazing-apps
- https://blog.stackblitz.com/posts/introducing-webcontainers
- https://github.com/NOtherDev/whatwebcando
- https://github.com/samdutton/simpl
- How to Get Around Newspaper Paywalls in 2019
- Trying out and demonstrating different browser APIs
- https://github.com/deebloo/things-you-can-do-in-a-web-worker
- This repo contains a non exhaustive list of less-known features implemented in browsers today.
- new MutationObserver()
- https://github.com/AurelioDeRosa/HTML5-API-demos
- https://blog.greenroots.info/10-lesser-known-web-apis-you-may-want-to-use-ckejv75cr012y70s158n85yhn
- https://formidable.com/blog/2020/resize-observer
- https://webkit.org/blog/11312/meet-face-id-and-touch-id-for-the-web + https://twitter.com/webkit/status/1318256785447211009
- https://blog.redteam.pl/2020/08/stealing-local-files-using-safari-web.html
- https://iandunn.name/2019/11/29/minimal-cachestorage-cache-api-example
- https://stackoverflow.com/questions/16808486/explanation-of-window-performance-javascript
- https://www.smashingmagazine.com/2021/01/web-expose-hardware-capabilities
- https://engineering.q42.nl/passwordless-authentication
- Proposal for an API which would allow grabbing a screenshot.
- https://www.vector-logic.com/blog/posts/on-request-animation-frame-and-embedded-iframes
- https://wolfgangrittner.dev/how-to-use-clipboard-api-in-firefox
- https://github.com/azu/url-cheatsheet
- https://www.macarthur.me/posts/navigating-the-event-loop
- https://richiemccoll.com/javascript-scheduling
- Open in Gmail
javascript: (() =>
(window.location.href = `https://mail.google.com/mail/?view=cm&fs=1&tf=1&[email protected]&su=${document.title}&body=${window.location.href}`))();
- Speed controls
- https://github.com/Blumed/make-bookmarklets
- https://github.com/marcobiedermann/awesome-bookmarklets
- Find out which element is scrolling.
- Performance-Bookmarklet helps to analyze the current page through the Resource Timing API, Navigation Timing API and User-Timing - requests by type, domain, load times, marks and more. Sort of a light live WebPageTest.
- https://www.secjuice.com/make-your-own-custom-osint-bookmarklet-tools-part-ii
- https://emanuelduss.ch/2020/06/humble-book-bundle-download-bookmarklet
- world smallest office suite
- Bookmarklets for sending emails and adding todo items
- https://www.farai.xyz/notes/tech-tips/please-archive-content
- https://github.com/ThomasOrlita/awesome-bookmarklets
- Script Kit. Automate Anything
- https://ryangjchandler.co.uk/posts/bookmarklets-you-should-definitely-be-using
- Read premium articles for free
- https://knowler.dev/blog/open-in-codesandbox-bookmarklet
- https://github.com/t-mart/kill-sticky
- Linter for Responsive Images
- https://jojo.io/posts/bookmarklets-speed
- Get your Kindle highlights out of the cloud and onto your computer + https://alan.norbauer.com/articles/bookcision
- https://github.com/jakecreps/osint-bookmarklets
- https://eriksolsen.com/blog/dynamic-bookmarks-in-google-chrome
- https://gabrielsroka.github.io/webpages/bookmarklets.htm
- https://github.com/satisfice/web-testing-bookmarklets
- Common tasks of managing HTML DOM with vanilla JavaScript
- https://github.com/mikewest/deprecating-document-domain
- https://danlevy.net/you-may-not-need-axios
- Everything you (n)ever wanted to know about touch and pointer events
- https://labs.detectify.com/2016/12/08/the-pitfalls-of-postmessage
- https://chrisrng.svbtle.com/using-url-createobjecturl
- POST data to the server even inside onbeforeunload, etc where XHR/fetch isn't reliable.
- Async DOM listeners
- .dom is a tiny (512 byte) template engine that uses virtual DOM and some of react principles.
- https://www.malgol.com/how-to-reload-an-iframe-in-javascript
- Avoid appending to innerHTML
- https://github.com/Schepp/async-document.write
- https://hachibu.net/posts/2020/keyboard-events-tldr
- bypass document.write
- https://css-tricks.com/using-abortcontroller-as-an-alternative-for-removing-event-listeners
- https://benfrain.com/building-a-table-of-contents-with-active-indicator-using-javascript-intersection-observers
- What is document.domain?
- appending multiple elements to the DOM?
- Find out which element is scrolling + https://twitter.com/funkensturm/status/1222616188485799937
- is there a way to debug dom events in a timeline?
- A zero friction custom elements like primitive.
- DOM event data scraped from MDN
- https://workspaceupdates.googleblog.com/2021/05/Google-Docs-Canvas-Based-Rendering-Update.html + https://news.ycombinator.com/item?id=27129858
- https://whistlr.info/2020/understanding-load
- DOM Traversing and Scraping using GraphQL
- Collection of functions used for DOM manipulations
- Fire mouse events when a user intends it
- https://github.com/0xGodson/blogs/blob/master/_posts/2022-07-21-art-of-dom-clobbering.md
- https://github.com/cms/domready
- https://github.com/mgp/book-notes/blob/master/advanced-dom-scripting.markdown
- https://frontendmasters.com/blog/vanilla-javascript-todomvc
- A simple method to invoke a function after the browser has rendered & painted a frame
- https://www.macarthur.me/posts/options-for-removing-event-listeners
- https://www.macarthur.me/posts/when-dom-updates-appear-to-be-asynchronous
- random overflowing element
- https://blog.andri.co/022-should-i-use-ecode-or-ekey-when-handling-keyboard-events
- https://noncombatant.org/2017/11/07/problems-of-urls
- Using the Intersection Observer web API to improve performance.
- Intersection Observer by Kevin Powell
- https://github.com/snewcomer/intersection-observer-admin
- https://ryanmulligan.dev/blog/sticky-header-scroll-shadow
- ? vs #
- https://www.mandiant.com/resources/blog/url-obfuscation-schema-abuse + https://twitter.com/ankit_anubhav/status/1592109955641126912
- Why don't we just move all JS to a web worker? + https://docs.google.com/document/d/1nu0EcVNC3jtmUVWL8Gs5eCj2p_984kamNhG2nS9gOC0/edit#heading=h.e6n21l1n04rc
- Is ServiceWorker intended to be a SharedWorker that works offline?
- https://github.com/delapuente/service-workers-101
- Tips for working with ServiceWorker
- ServiceWorker Testing made easy
- https://dev.to/thepassle/the-mental-gymnastics-of-service-worker-257g
- https://github.com/dominiccooney/Service-Worker-Performance
- https://jychp.medium.com/how-to-bypass-cloudflare-bot-protection-1f2c6c0c36fb + https://twitter.com/XssPayloads/status/1376382674173112320
- https://github.com/offlinefirst/research
- https://souporserious.com/bundling-workers-for-npm
- Measure cpu cache size client side in Javascript
- https://dagster.io/blog/web-workers-performance-issue
- https://github.com/astoilkov/main-thread-scheduling
- Stuff I wish I'd known sooner about service workers
- https://philipwalton.com/articles/smaller-html-payloads-with-service-workers
- https://blog.persistent.info/2021/08/worker-loop.html
- load modules into web workers, access them asynchronously
- monitoring tool to implement client-side caching
- https://dev.to/lydiahallie/javascript-visualized-the-javascript-engine-4cdf
- https://github.com/a0viedo/demystifying-js-engines
- https://zon8.re/posts/v8-chrome-architecture-reading-list-for-vulnerability-researchers
- https://zon8.re/posts/jsc-architecture-reading-list-for-vulnerability-researchers + https://zon8.re/posts/jsc-internals-part1-tracing-js-source-to-bytecode
- Notes and resources related to V8 and thus Node.js performance.
- https://github.com/hex13/javascript-visual-explanations#javascript-engines
- https://deepu.tech/memory-management-in-v8
- https://twitter.com/awesomekling/status/1314552767021813760
- https://github.com/danbev/learning-v8
- https://github.com/danbev/learning-libuv
- https://www.cyberark.com/resources/threat-research-blog/the-mysterious-realm-of-javascriptcore
- a very small v8 javascript runtime for linux only
- https://mrale.ph/v8/resources.html
- V8 sandbox
- https://docs.google.com/presentation/d/1NVyRgitg-2CyN3BuoZZF6F-Dw8PuDybFjkFICAyYPHo
- Part 1 covers V8 internals such as objects, properties, and memory optimizations
- Building Chrome V8 on Windows
- Bun? Deno? Node.js? Creating your own JavaScript Runtime using V8, Libuv and more
- https://github.com/eatonphil/one-pass-code-generation-in-v8
- https://github.com/wdv4758h/awesome-jit
- https://github.com/mgaudet/SpiderMonkeyBibliography
- Awesome list of browser exploitation tutorials
- Browser Exploitation - LiveOverflow
- Browser logic vulnerabilities DB
- Microsoft Edge (Chromium) - EoP via XSS to Potential RCE
- Software-based Side-Channel Attacks and Defenses in Restricted Environments (PhD thesis)
- https://www.ryanpickren.com/webcam-hacking + https://twitter.com/domenic/status/1245871443729985536
- Building a 1-day Exploit for Google Chrome
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/allpaca/chrome-sbx-db
- https://googleprojectzero.blogspot.com/p/0day.html
- https://github.com/SpiralBL0CK/Browser-Pwning-
- https://github.com/StarCrossPortal/bug-hunting-101
- https://github.com/nccgroup/exploit_mitigations
- https://github.com/cezary-sec/awesome-browser-security + https://m.youtube.com/playlist?list=PLuHcjpINS_OJntoGxRu0FEju5ak0yE_46
- Practical Exploitation of Math.random on V8
- Extension source viewer
- https://github.com/jxnl/youtube-summary-chrome
- A new tab page extension with material design and useful features
- https://github.com/OsaSoft/youtube-better-subscriptions
- Uncovering a crazy privilege escalation from Chrome extensions + https://twitter.com/deryilz/status/1724506569973416282
- https://github.com/msfrisbie/spy-extension + https://mattfrisbie.substack.com/p/spy-chrome-extension
- Encrypt Gmail with PGP
- Check how trackable you are based on your browser extensions
- https://ninoseki.github.io/2020/05/16/browser-extension.html
- decide which cookies you want and don’t want, auto-accepts cookie pop-ups for you, and warns you whenever it finds a website not respecting your preferences
- https://github.com/ryanckulp/twitter_ad_blocker
- The browser extension framework
- Skip youtube video sponsors
- Chrome Extension for one click downloading all resources files and keeping folder structures
- A Chrome extension that adds a 3d photo effect to instagram pages
- Firefox addon for passively detecting GPS Exif information in JPEGs
- Whisper & GPT-based app for passing remote SWE interviews
- adds back "View Image" button to Google Image Search results
- https://github.com/Pondorasti/nextjs-chrome-extension
- JShelter controls the APIs provided by the browser, restricting the data that they gather and send out to websites
- https://github.com/Correia-jpv/ChatGPT-Enhanced-Conversation-History
- Identify technology on websites.
- https://github.com/aeksco/react-typescript-chrome-extension-starter
- https://robertheaton.com/2018/05/07/making-youtube-less-bad-for-you-using-css
- https://mmazzarolo.com/blog/2019-01-13-another-tab
- https://github.com/olsh/Feedly-Notifier
- https://github.com/emragins/chrome-azure-devops
- A keyboard interface to the web, inspired by Kakoune
- https://github.com/acorn/twitter-bookmarks-search
- https://github.com/Kiwka/urban-dictionary-chrome-extension
- Generate a .sketchpalette file from any dribbble shot's color palette to be loaded in Sketch-Palette plugin.
- Puts an RSS/Atom subscribe button back in URL bar
- https://www.amie-chen.com/blog/making-paid-extension
- https://www.notion.so/Day-4-The-Danger-of-Chrome-Extensions-af93b84006ed48c18b807f512b6c0a07
- Reader Mode
- https://www.onaralili.com/posts/maliciousbrowserextension + https://www.onaralili.com/posts/browser-extension-threat-modeling
- SplitUp! is a browser extension allows a user to split tabs into a different window, save session, export tabs, supports multiple screens, dark mode etc.
- https://github.com/learn-anything/firefox-extensions
- https://github.com/learn-anything/chrome-extensions
- https://github.com/stefanbuck/awesome-browser-extensions-for-github
- https://chrome.google.com/webstore/detail/advanced-rest-client/hgmloofddffdnphfgcellkdfbfbjeloo
- An HTTP Web Server for Chrome (chrome.sockets API)
- https://github.com/janodvarko/webext-websocket-monitor
- Chromebook app for forwarding connections from/to different ports and interfaces (or to internal android IP)
- Custom keyboard shortcuts
- Discover hidden debugging parameters and uncover web application secrets
- augments your ChatGPT prompts with web results
- https://github.com/pandawing/node-chrome-web-store-item-property
- https://github.com/infokiller/web-search-navigator
- Browser Extension to full-text search your browsing history & bookmarks.
- Open Graph Preview - How people will see your site in the most popular social networks
- Open New Tab, and write down every piece of your thought!
- https://shubhapradha.github.io/30daybookmarks
- https://chrome.google.com/webstore/detail/seo-search-simulator-by-n/edfjfgjklednkencfhnokmkajbgfhpon
- Browser extension to find SVGs on a webpage and download or copy to clipboard
- https://chrome.google.com/webstore/detail/earth-view-from-google-ea/bhloflhklmhfpedakmangadcdofhnnoh
- A browser extension to quickly fill shopping carts with electronic components
- https://github.com/joachimesque/humanstxt-webextension
- Image to text chrome extension + https://youtu.be/27vNfF-K52c
- Chrome extension to minimize the UI of YouTube.
- I am wondering why es modules are not well supported when building @ChromiumDev extensions?
- 😷 A browser extension that puts masks on faces on the internet.
- An extension to check if .git is exposed in visited websites.
- SourceKit for Safari is a browser extension for GitHub, that enables IDE features on your browser such as symbol navigator, go to definition and documentation on hover.
- Zoom Redirector is a browser extension that transparently redirects any meeting links to use Zoom's browser based web client.
- A Chrome extension static analysis tool to help aide in security reviews: repo + blog post
- https://thehackerblog.com/kicking-the-rims-a-guide-for-securely-writing-and-auditing-chrome-extensions/index.html
- https://github.com/theajack/disable-devtool
- Be able to use developer tools again
- IE Tab exactly emulates IE by using the IE rendering engine directly within Chrome.
- Browser extension that replaces the new tab page with Anki flashcards
- A tool that transforms Firefox browsers into a penetration testing suite
- https://github.com/aaronjanse/dns-over-wikipedia
- https://github.com/makaroni4/youtube_time_tracker
- VoiceFiller Speech To Text for Website Forms
- Google Chrome Extension. Record All Browsing in Screenshots & Full Text.
- A Chrome extension to provide a QR code of the current Page Url.
- Core Web Vitals Chrome extension measures: Largest ContentFull Paint, First Input Delay, Cumulative Layout Shift
- https://github.com/vinothsparrow/iframe-broker + https://github.com/Sjord/messpostage
- WorldBrain's Memex: Bookmarking for the power users of the web
- A Firefox add-on to strip Google search results of 'blacklisted' URLs
- Follow blogs, wikis, YouTube channels, as well as accounts on Twitter, Instagram, etc. from a single page.
- Puppeteer recorder is a Chrome extension that records your browser interactions and generates a Puppeteer script.
- Keyboard glee for your web.
- Hunt the most starred projects on any date on GitHub.
- Google Chrome translation extension.
- Awesome Screenshot Minus
- https://zonksec.com/blog/chrome-extension-to-detect-fake-tweets
- Instant Data Scraper extracts data from web pages and exports it as Excel or CSV files
- https://chrome.google.com/webstore/detail/mercury-reader/oknpjjbmpnndlpmnhmekjpocelpnlfdi
- https://www.i-dont-care-about-cookies.eu
- Search the information available on a webpage using natural language instead of an exact string match
- https://chromeextensionkit.com + https://news.ycombinator.com/item?id=24423023
- Chrome extension that helps you learn a language without even trying.
- Really simple and secure ads blocking for Chrome
- https://mmazzarolo.com/blog/2020-08-29-jira-express
- Chrome extension to track the activities of your favorite web novels + https://github.com/l-lin/wn-tracker-api
- https://github.com/jiripospisil/chrome-ext-downloader
- Create modern cross-browser extensions with no build configuration
- Posta is a tool for researching Cross-document Messaging communication. It allows you to track, explore and exploit postMessage vulnerabilities, and includes features such as replaying messages sent between windows within any attached browser.
- A boilerplate project to quickly build a Chrome extension using TypeScript and React (built using webpack).
- Screenity is a feature-packed screen and camera recorder for Chrome
- Manage tabs, bookmarks, your browser history
- Transform all your mailto and tel link in a beautiful modal with more possibilities! Open directly Gmail, Outlook and Yahoo for emails; Telegram, WhatsApp or Skype for phone numbers.
- https://github.com/iamadamdev/bypass-paywalls-chrome + https://github.com/iamadamdev/bypass-paywalls-firefox
- The missing star history graph of github repos
- Extension to block Service Workers registration in Chrome
- Chrome Extension to export all accessible cookies of the current Tab
- Spectroscope, identifies resources which are exempt from default protections enabled in Google Chrome (Cross-Origin Read Blocking, SameSite cookies) and which can be embedded cross-site.
- https://github.com/juanlizarazo/a-better-linkedin-chrome-extension
- Firefox Voice is a browser extension that allows you to give voice commands to your browser + https://news.ycombinator.com/item?id=24040539
- ArchiveFox is a Firefox extension developed to use ArchiveBox without leaving the browser.
- https://github.com/dkthehuman/extension-starter-kit
- Between Simplified Chinese (ZH-CN or GB2312) and Traditional Chinese (ZH-TW or BIG5)
- https://github.com/giuseppeg/is-nextjs-site-extension
- Track changes in a specific tab and get a notification when something happens
- A Chrome Extension to export all words from a Memrise course to a CSV file.
- Chrome extension that allows you to monitor, browse and filter all DOM changes.
- Chrome extension for easily manipulating URL query parameters, written in Elm.
- WebExtension that adds ability search all your bookmarked tweets!
- DuckDuckGo Privacy Essentials
- https://charliegerard.dev/project/dark-mode-clap-extension
- https://parsiya.net/blog/2021-04-30-testing-extensions-in-chromium-browsers-nordpass + https://twitter.com/CryptoGangsta/status/1388253367395225602
- Chrome extension recommends local businesses while shopping on Amazon or eBay + https://news.ycombinator.com/item?id=27086582
- Firefox extension for a button that temporarily disables your proxy settings (Quick Proxy Toggle)
- Chrome extension that will help Romanian driving license learners to pass their exam.
- https://news.ycombinator.com/item?id=27327892 + Many temptations of an open-source chrome extension developer
- https://github.com/raxod502/github-email-backlog
- Find secrets that leak into JavaScript, as well as sensitive files exposed like like .git or .env + https://trufflesecurity.com/blog/trufflehog-the-chrome-extension
- Kanban style New Tab Page extension with your bookmarks and powerful search
- https://github.com/NekitCorp/chrome-extension-svelte-typescript-boilerplate
- I wanted to see how much time I was spending on each website and set limits for certain ones.
- Forces Apple docs to open in Objective-C + https://twitter.com/dimitarnestorov/status/1280734520891912192
- A tweak that enables iOS safari to load chrome extensions
- https://github.com/mhadidg/refined-linkedin-feed
- This extension attempts to make Google Images look and feel like it did before they changed everything on August 6th, 2019
- ClearURLs is an add-on based on the new WebExtensions technology and will automatically remove tracking elements from URLs to help protect your privacy
- web surfing copilot by enhancing your browsing history, improving your web exploration experience, and integrating with your knowledge base
- A High-Fidelity Web Archiving Extension for Chrome and Chromium based browsers
- https://github.com/albertz/chrome-ext-google-takeout-downloader
- https://github.com/eloquence/freeyourstuff.cc
- https://github.com/felladrin/linkedin-autoconnect-chrome-extension
- A blazing fast & offline frontend playground
- https://github.com/ffmpegwasm/chrome-extension-app
- https://github.com/gordalina/gmail-unsubscribe
- Add support for a StreamDeck to Google Meet using WebHID
- https://github.com/mattchep/bofa-allow-paste-extension
- https://github.com/jsjoeio/timezoner-extension
- Fill in login forms using an OpenPGP-enabled smart card
- Import .ics files into Google Calendar with only two clicks
- https://github.com/Anarios/return-youtube-dislike
- https://github.com/tombaranowicz/BetterNewTab
- Export Google Chrome bookmarks into markdown files
- Sign transactions with your private keys securely from within the browser without ever exposing them
- https://github.com/zach-adams/downloads-overwrite-already-existing-files
- https://dexonline.ro/static/download/dex-ff.xpi + https://addons.mozilla.org/ro/firefox/addon/dexonline
- https://github.com/jemmaissroff/natgeo-chrome-extension
- Test your fonts across the web by easily overriding fonts on any webpage
- https://github.com/ansh/bionic-reading
- https://github.com/elight/slack_emoticon_inhaler
- Browser extension that adds a table of contents to GitHub repos, wikis and gists
- Translate Japanese by hovering over words
- Remove the algorithmic content from Twitter, hide news & trends, lets you control which shared tweets appear on your timeline
- Automatically fill out cookie popups based on your preferences
- Search the textual content of any YouTube video
- Chrome extension to detect possible xsleaks
- https://addons.mozilla.org/en-US/firefox/addon/firefox-translations + https://blog.mozilla.org/en/mozilla/local-translation-add-on-project-bergamot
- A browser extension to display ChatGPT response alongside Google Search results + https://news.ycombinator.com/item?id=33853773
- https://github.com/0xdevalias/chrome-NewWindowWithTabsToRight
- https://github.com/Norfeldt/github-issue-reactions-browser-extension
- Firefox extension to highlight and save text from the web
- A browser extension to detect website censorship methods as you surf
- removes ads and unwanted content from your LinkedIn feed
- https://github.com/lapcat/SafariExtensions
- Ensure paste isn’t blocked on any textbox: https://github.com/jswanner/DontF-WithPaste, https://underpassapp.com/StopTheMadness
- Firefox 115 can silently remotely disable my extension on any site
- Changes your User-Agent header to throw off tracking
- A browser extension that redirects popular sites to alternative privacy friendly frontends
- https://cascaspace.substack.com/p/optimizing-performance-how-our-extension
- https://github.com/da2x/amp2html
- https://github.com/Eloston/ungoogled-chromium
- https://kayce.basqu.es/portfolio
- When testing your redirects with Chrome, always test a 302 before a 301
- https://github.com/jbranchaud/til#chrome
- Create HAR files from Chrome Debugging Protocol data.
- Output a video file from screenshot frames within a Chrome DevTools JSON trace file.
- This tool downloads, installs, and configures a shiny new copy of Chromium.
- Harden your Chrome browser via enterprise policy.
- https://blittle.github.io/chrome-dev-tools + https://github.com/blittle/chrome-dev-tools
- Extract relative urls from a heap snapshot
- A tool to capture communication between Chromium processes on Windows in real-time using Wireshark, by capturing data sent over named pipes.
- Hidden Features of Chrome DevTools
- https://www.mattzeunert.com/2016/03/17/devtools-never-pause-here.html
- The feature was launched as AMP Stories, which has now been rebranded to Web Stories.
- https://github.com/IAIK/ChromeZero
- Web Captioner makes your event, speech, classroom lecture, or church service accessible with real-time captioning.
- How to get sites you use daily out of your browser
- Getting Started With Chrome DevTools Protocol
- https://github.com/ip2k/I-Dont-Care-About-HSTS-For-Localhost
- https://rudism.com/the-brave-browser-is-brilliant
- https://github.com/iharh/notes/tree/master/security/tracking
- https://madaidans-insecurities.github.io/firefox-chromium.html
- making Firefox stop polluting your Burp session with superfluous requests + https://twitter.com/egyp7/status/1196497265743056898
- An ongoing comprehensive user.js template for configuring and hardening Firefox privacy, security and anti-fingerprinting.
- Listing changes in Firefox default preferences. The diffs are created using 64-bit Firefoxes (en-US) on Windows.
- https://blog.mozilla.org/data/2020/03/16/understanding-default-browser-trends
- https://honzajavorek.cz/blog/how-i-consume-content
- https://timvisee.com/blog/firefox-tricks-quantumbar
- https://nelsonslog.wordpress.com/2021/12/07/firefox-compat-hacks
- https://nelsonslog.wordpress.com/2021/12/22/faking-geolocation-in-firefox
- Separate Firefox Dark UI theme from website dark mode
- https://github.com/MrOtherGuy/firefox-csshacks
- https://webinista.com/updates/flash-end-of-life + https://twitter.com/mattmay/status/1344728355912880129 + http://blog.archive.org/2020/11/19/flash-animations-live-forever-at-the-internet-archive
- Last publicly available revision of the world's first web browser
- https://brucelawson.co.uk/2022/ie-rip-or-brb
- Comparison of Web Browsers
- History of Web Browser Engines from 1990 until today
- In my app when a user clicks play, I remove all audio elements, swap them with fresh ones, and attempt to autoplay for the user. + https://github.com/cableready/audio_operations
- https://predr.ag/blog/debugging-safari-if-at-first-you-succeed
- Safari releases are development hell
- Standalone client for proxies of Opera VPN
- https://medium.com/@renwa/opera-browser-vpn-bypass-20877aaf08c0
- SameSite=Lax
- https://www.troyhunt.com/promiscuous-cookies-and-their-impending-death-via-the-samesite-policy
- https://blog.reconless.com/samesite-by-default
- Stealing Session Cookies with Tcpdump
- How to Store Session Tokens in a Browser (and the impacts of each)
- https://rudism.com/cookie-monster
- Browser fingerprinting via favicon!
- Exploring the SameSite cookie attribute for preventing CSRF
- https://github.com/defaultnamehere/cookie_crimes
- https://jub0bs.com/posts/2021-01-29-great-samesite-confusion
- https://github.com/iangcarroll/cookiemonster
- https://github.com/SoheilKhodayari/same-site-wiki + https://twitter.com/Soheil__K/status/1526970587083681792
- https://blog.daviddworken.com/posts/same-site-cross-origin
- cookie tossing leading to session fixation
- https://patrickbrosset.com/articles/2023-01-17-web-storage
- https://twitter.com/tgroshon/status/1332499610192015362
- https://just-be.dev/posts/export-import-indexeddb
- https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15
- Why IndexedDB is slow and what to use instead
- Offline storage, improved. Wraps IndexedDB, WebSQL, or localStorage using a simple but powerful API.
- Parses Indexeddb files - used to extract devtools console history
- https://tantaman.com/2022-05-13-large-local-storage.html
- https://github.com/stars/jnv/lists/storage
- https://seirdy.one/2021/04/16/permissions-policy-floc-misinfo.html
- https://brave.com/why-brave-disables-floc + brave/brave-core#8468
- https://dev.to/sgolovine/opt-your-netlify-vercel-or-github-pages-site-out-of-google-s-floc-network-3nhl
- https://amifloced.org
- https://make.wordpress.org/core/2021/04/18/proposal-treat-floc-as-a-security-concern
- https://plausible.io/blog/google-floc
- https://vivaldi.com/blog/no-google-vivaldi-users-will-not-get-floced
- https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network + https://twitter.com/tomayac/status/1383337100041359365
- https://spreadprivacy.com/block-floc-with-duckduckgo
- https://twitter.com/manicode/status/1371849647468208130
- https://twitter.com/mikewest/status/1370394397267869699
- Next level anti-debugging technique using SourceMappingURL feature
- https://github.com/nico3333fr/CSP-useful
- https://csper.io/blog/other-csp-security
- https://www.secjuice.com/hiding-javascript-in-png-csp-bypass + https://twitter.com/Menin_TheMiddle/status/1244325611440615426
- https://tldrsec.com/blog/content-security-policy-going-from-idea-to-afterthought
- https://sensepost.com/blog/2021/from-500-to-account-takeover + https://twitter.com/XssPayloads/status/1376389308207226881
- https://twitter.com/blipsofadoug/status/1125223582974533633
- https://threatnix.io/blog/exploiting-csp-in-webkit-to-break-authentication-authorization
- https://www.bryanbraun.com/2021/08/10/allowing-inline-scripts-in-your-content-security-policy-using-a-hash
- https://octagon.net/blog/2022/05/29/bypass-csp-using-wordpress-by-abusing-same-origin-method-execution
- Discover new target domains using Content Security Policy
- https://github.com/naugtur/CSP-exercise
- Monorepo for CSP-related packages
- XSS with CSP bypass leads to diagrams backdoor in jgraph/drawio + https://huntr.dev/bounties/4c1c5db5-210f-4d7e-8380-b95f88fdb78d
- https://engineering.linkedin.com/blog/2023/enhancing-security-and-developer-productivity--linkedin-s-journe
- https://github.com/monsur/enable-cors.org
- https://www.kitploit.com/2019/12/corstest-simple-cors-misconfiguration.html
- Authenticated CORS with Access-Control-Allow-Origin: *
- https://github.com/RUB-NDS/CORStest
- https://ieftimov.com/post/deep-dive-cors-history-how-it-works-best-practices
- https://github.com/onsecru/cors_playground
- Cache your CORS, for performance & profit
- https://jeffy.info/2019/07/22/exposing-cors-headers.html
- https://medium.com/@mashoud1122/cors-misconfiguration-account-takeover-out-of-scope-to-grab-items-in-scope-66d9d18c7a46
- https://github.com/mscoutermarsh/cors-test
- https://w3c.github.io/webappsec-cors-for-developers
- COOP and COEP explained
- https://blog.daviddworken.com/posts/stopping-xs-leaks-at-scale + https://github.com/mjz3/LeakuidatorPlus + https://twitter.com/ndevtk/status/1549894289865560065
- Cross-origin isolation (COOP and COEP) through a service worker for situations in which you can't control the headers (e.g. GH pages)
- https://parsiya.net/blog/2020-11-01-the-same-origin-policy-gone-wild
- https://github.com/rafaybaloch/SOP-Bypass-Mini-Test-Suite
- https://www.smashingmagazine.com/smashing-guide-search-engine-optimization
- https://developers.google.com/search/docs/guides/intro-structured-data
- Find broken links, missing images, etc within your HTML.
- Scurry around your site and find all those broken links
- https://vasco3.gitbooks.io/hacks-n-notes/content/internet_marketing/seo.html
- https://github.com/darekkay/best-practices#seo
- Curs Super SEO pentru eCommerce
- https://www.linkedin.com/pulse/200-unsolicited-seo-tips-mark-williams-cook
- The Open Source A/B Testing Platform
- https://ahrefs.com/blog/seo-glossary
- SEO | knowthen
- Today I set up SEO for rubyandrails.info
- https://github.com/sw-yx/company-youtubes#business-oriented
- High signal information security sources Goggle
- https://github.com/marcobiedermann/search-engine-optimization
- https://github.com/thospfuller/awesome-search-engine-optimization
- https://github.com/idevelop/google-cloud-speech-webaudio
- iOS Safari is like IE6 when it comes to WebAudio
- Detecting pitch with the Web Audio API and autocorrelation
- https://github.com/adalkiran/webrtc-nuts-and-bolts
- https://github.com/webrtc-for-the-curious/webrtc-for-the-curious
- https://m.youtube.com/playlist?list=PLWIcRrPLCdUeu5vBImsX2mMBacbomDrig
- WebRTC Boston
- Anyone do much with WebRTC?
- Turns a Web Browser into a Web Server with WebRTC
- https://github.com/whatismyinternalip/whatismyinternalip.github.io
- The various ways your RTC may be crushed; a presentation on RTC DoS attacks - Enable Security
- https://twitter.com/iggredible/status/1300240215789821954
- browser-based internal network scanner that detects victim's LAN IP (loops back via WebRTC) + https://twitter.com/samykamkar/status/1329124348779667456
- A self contained OBS -> FTL -> WebRTC live streaming server.
- Share a terminal session over WebRTC
- https://github.com/webrtc-for-the-curious/webrtc-for-the-curious
- https://github.com/delapuente/presentations#webrtc--web-components
- https://github.com/kgryte/awesome-peer-to-peer#resources
- https://github.com/EnableSecurity/awesome-rtc-hacking
- Easy P2P file transfer powered by WebRTC - inspired by Apple AirDrop
- https://github.com/muaz-khan/WebRTC-Experiment
- https://github.com/adamavenir/talkto
- https://github.com/diafygi/webrtc-ips
- A tool to test and exploit STUN, TURN and TURN over TCP servers + https://firefart.at/post/multiple_vulnerabilities_cisco_expressway + https://www.rtcsec.com/article/slack-webrtc-turn-compromise-and-bug-bounty
- https://piranna.github.io/2021/04/23/How-to-build-WebRTC-for-Android-in-Ubuntu-21.04
- https://piranna.github.io/2020/12/30/Types-of-WebRTC-networks
- Blender session in the browser over WebRTC
- Karl Stolley, author of Programming WebRTC
- Polyfill for WebRTC in Workers
- https://pqina.nl/blog/cropping-images-to-an-aspect-ratio-with-javascript
- A simple Christmas tree.
- Screenshots with JavaScript
- https://github.com/raphamorim/awesome-canvas
- https://github.com/Rich-Harris/yootils/blob/master/src/canvas/sprite.ts
- HTML5 Canvas implementation for NodeJS backed by Puppeteer.
- https://github.com/tsayen/dom-to-image
- The better way to render text on HTML5 Canvas
- https://github.com/sunify/canvas-playground
- https://github.com/desandro/practical-ui-physics
- Canvas + JSX + Hooks
- Visual Web Development (2021) | Radu Mariescu-Istodor
- A library for capturing web page self screenshots
- https://bkardell.com/blog/OffscreenCanvas.html
- https://github.com/mattdesl/workshop-generative-art
- An Underrated Way To Learn Programming: Generative Art
- https://github.com/psenough/teach_yourself_demoscene_in_14_days
- procedurally generated fish drawings
- https://github.com/bubkoo/html-to-image
- https://developer.mozilla.org/en-US/blog/javascript-shape-drawing-function
- https://goteleport.com/blog/how-passwordless-works
- https://betterappsec.com/a-medium-dive-into-web-application-authentication-342d1d002a61
- https://denhoff.ca/posts/webauthn-by-id-android
- https://duo.com/blog/webauthn-passwordless-fido2-explained-componens-passwordless-architecture
- https://fidoalliance.org/fido2-2/fido2-web-authentication-webauthn
- https://secfense.com/blog/fido2-authentication-explained
- https://www.youtube.com/watch?v=SWocv4BhCNg + https://fidoalliance.org/passkeys
- https://nelsonslog.wordpress.com/2024/03/22/passkeys-still-awkward-in-mar-2024-android-chrome-windows-1password + https://nelsonslog.wordpress.com/2024/03/23/passkeys-try-two
- https://github.com/davidwparker/programmingtil-webgl + https://m.youtube.com/playlist?list=PLPqKsyEGhUnaOdIFLKvdkXAQWD4DoXnFl
- https://tchayen.com/brief-explanation-of-webgl
- https://www.pheelicks.com/speaking
- https://github.com/luruke/awesome-casestudy
- https://github.blog/2020-12-21-how-we-built-the-github-globe
- https://formidable.com/blog/2021/future-ui
- https://techblog.geekyants.com/recreating-real-world-terrain-with-react-threejs-and-webgl-shaders-1
- https://webglfundamentals.org + https://twitter.com/redblobgames/status/1369123816719360000
- https://alain.xyz/blog/raw-webgl
- Minimal WebGL Library
- https://github.com/brunoimbrizi/interactive-particles
- https://github.com/lesnitsky/webgl-month
- https://github.com/rezaali/webgl-tutorial
- https://github.com/rezaali/webgl-sketches
- https://github.com/stackgl/webgl-workshop
- Javascript and the next decade of data programming + https://github.com/rofrol/awesome-wgpu + https://github.com/danbev/learning-gpgpu
- https://www.amazon.com/Learning-Three-js-JavaScript-Library-Second/dp/1784392219
- https://www.davrous.com/2020/03/22/understanding-shaders-the-secret-sauce-of-3d-engines
- an experiment to make something like "vvvv" in javascript, html and webgl.
- https://xem.github.io/articles/webgl-guide.html + https://twitter.com/MaximeEuziere/status/1261643172582653954
- https://github.com/spite/virtual-webcam
- https://github.com/caged/regl-learn
- https://github.com/erich666/RealTimeRendering
- https://github.com/jsulpis/realtime-planet-shader
- https://hackaday.com/2022/03/09/webgpu-better-than-webgl
- How Does a GPU Shader Core Work? | Aras Pranckevičius
- https://cohost.org/mcc/post/1406157-i-want-to-talk-about
- https://github.com/gfxfundamentals/webgpufundamentals
- https://github.com/obensource/web-midi-api-docs
- https://obensource.com/blogs/high-fidelity-event-sampling-and-playback-with-vanilla-javascript
- https://github.com/webusb/awesome
- https://charliegerard.dev/blog/aircraft-radar-system-rtl-sdr-web-usb
- Node library to automate Chromium, Firefox and WebKit browsers + opinion + https://medium.com/@woff/arbitrary-file-read-tricks-with-headless-browsers-eeebc2d9e5c8
- Comparing Cypress and Puppeteer
- Capture screenshots in multiple browsers!
- Puppeteer example scripts for running Headless Chrome from Node.
- https://blog.checklyhq.com/cypress-vs-selenium-vs-playwright-vs-puppeteer-speed-comparison
- A Headless Chrome rendering solution
- https://github.com/humanwhocodes/puppeteer-data-extractor
- http://blog.ezyang.com/2021/11/interactive-scraping-with-jupyter-and-puppeteer
- https://github.com/leandrotk/web-performance-studies
- interactive flamegraph visualizer
- https://www.speedcurve.com/blog/element-timing-one-true-metric
- https://www.webpagetest.org/learn/lightning-fast-web-performance/#toc
- https://www.davrous.com/2020/03/20/frame-variable-refresh-rates-or-why-tesla-is-responsible-for-the-60-fps-war
- https://ethanmarcotte.com/wrote/au-revoir-mon-ampmour
- A Node.js command line tool that crawls a domain and gathers lighthouse performance data for every page.
- The Almost-Complete Guide to Cumulative Layout Shift
- https://webvitals.dev/cls
- Web Performance Recipes With Puppeteer
- https://calibreapp.com/tools/core-web-vitals-checker
- A curated list of Web Performance Optimization
- https://3perf.com/talks/web-perf-101
- https://blog.webpagetest.org/posts/test-your-spa
- https://www.stefanjudis.com/blog/how-to-find-all-render-blocking-resources-with-javascript
- SingleFile was really slow on pages with large stylesheets, especially in Firefox
- effective ways to improve Core Web Vitals performance in 2023
- Cumulative Layout Shift Differences
- https://dev.to/noamr/when-a-millisecond-is-not-a-millisecond-3h6
- https://web.dev/shopping-for-speed-on-ebay
- https://www.jovidecroock.com/blog/browser-timings
- Interaction to Next Paint (INP)
- Web Browser Engineering + https://courses.cs.washington.edu/courses/cse490x/22sp/lecture +
- https://wiki.systemcrafters.net/guix/browsers
- https://github.com/vasanthk/how-web-works
- The End of Indie Web Browsers: You Can (Not) Compete.
- Shareable bookmarks.
- https://textslashplain.com/2020/02/09/demystifying-browsers + https://textslashplain.com/2020/09/29/debugging-browsers-tools-and-techniques
- https://github.com/trimstray/the-book-of-secret-knowledge#black_small_square-browsers-1
- https://alan.norbauer.com/articles/browser-debugging-tricks
- https://textslashplain.com/2020/09/25/web-debugging-watching-element-changes
- https://github.com/styfle/breaking-changes-web
- QR codes art
- https://github.com/dongri/emv-qrcode-doc
- https://github.com/azu/browser-resources
- rrweb is an open source web session replay library, which provides easy-to-use APIs to record user's interactions and replay it remotely.
- https://github.com/captainbrosset/devtools-tips
- estimating the % of web users that have certain web features natively supported
- From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers
- https://github.com/iipc/awesome-web-archiving
- using ForensiX to extract information about a Chrome dump
- https://docs.google.com/presentation/d/1LbJcPulQ_a4utqNCUoGCk8GTQbchN2BL_kAF3DNJQbo
- https://blog.intothesymmetry.com/2020/01/the-curious-case-of-webcrypto-diffie.html
- https://github.com/diafygi/webcrypto-examples
- Bring your own filesystem, a javascript library that allows users to connect their own data storage backend to your webapp
- Embed any file into an encrypted, self-decrypting HTML file
- https://github.com/mprimi/portable-secret
- https://github.com/Metalnem/javascript-crypto
- https://github.com/robinmoisson/staticrypt/pull/111/files