I accidentally discovered a huge browser security bug. Here's what it does, and how I discovered it…

A few days ago there was a lot of chatter about a 'keylogger' built in CSS, but the real problem is thinking that third party content is 'safe'.

How Array.isArray works, and how we can use symbols to create our own type-matching functions.

When writing async functions, there are differences between await vs return vs return await, and picking the right one is important.

A few days ago Netflix tweeted that they'd removed client-side React.js from their landing page and they saw a 50% performance improvement. It caused a bit of a stir.

Using createImageBitmap to make SVG render off the main thread.

"HTTP/2 push will solve that" is something I've heard a lot when it comes to page load performance problems, but I didn't know much about it, so I decided to dig in.

HTTP/2 push is more complicated and low-level than I initially thought, but what really caught me off-guard is how inconsistent it is between browsers – I'd assumed it was a done deal & totally ready for production.

ES modules are starting to land in browsers! Modules in general are pretty well documented, but here are some browser-specific differences…

I love the font Just Another Hand, but I don't like the positioning of the hyphen & equals glyphs. Thankfully I can use CSS fonts to fix it!