Recent searches

No recent searches

Search options

Only available when logged in.
mastodon.world is one of the many independent Mastodon servers you can use to participate in the fediverse.
Generic Mastodon server for anyone to use.

Administered by:

Server stats:

8.5K
active users

mastodon.world: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.0

#webcomponent

1 post1 participant0 posts today
xoron :verified:

Are Web Components & Cybersecurity A Better Combo?

I'm not trying to dunk on popular #UI #frameworks – I'm sure they're totally fine for #cybersecurity stuff, probably get loads of reviews and #audits.

But from my angle: Web Components are *native* to the #browser. Doesn't that just inherently reduce the risk of **#SupplyChainAttacks** (you know, like a rogue `npm install` on a bad network) for your #AppSecurity?

Or am I overthinking it, and the #framework choice is less important than the #browser, #OS, or #device running it? What are your thoughts, #DevCommunity?

---

Quick context: I've got a #ReactJS #messagingApp (repo here: github.com/positive-intentions) and a separate #UIFramework (repo here: github.com/positive-intentions) built with #Lit (which uses Web Components). I'm genuinely wondering if there's a compelling #cybersecurity reason to refactor the chat app to use my #WebComponent UI framework. Might be a whole new level of #SecurityByDesign for #FrontEndDev.

FYI, same question's on Reddit here: reddit.com/r/ExperiencedDevs/c, got some good #insights, but want to make sure nothing's getting overlooked! Let's discuss #InfoSec #WebDev #JavaScript #OpenSource #TechQuestion.

Decentralized chat. Contribute to positive-intentions/chat development by creating an account on GitHub.
GitHubGitHub - positive-intentions/chat: Decentralized chatDecentralized chat. Contribute to positive-intentions/chat development by creating an account on GitHub.
Wolfram wants peace

thanks to a discussion on reddit [1] and some links [2] I came across a different view on #webcomponents.
In short, just wrap content in a #webcomponent instead of trying to "upgrade" it. Like so:

<user-avatar>
<img src>
</user-avatar>

I always thought until now that it should rather be

<img src is=user-avatar>

but `is` is not widely usable.
I still need to digest it. I see the use cases, but somehow feels still strange

[1] reddit.com/r/HTML/comments/1ld
[2] adactio.com/journal/20618

*
Tane Piper ⁂

I think I've accidentally built quite a cool '#webComponent-as-a-plugin' system for the @teskooano UI - essentially two functions - one to register base components, and one to register full plugins, that are made up of one or more web components, functions and a controller. These components can self-register things like buttons in certain toolbars, or you can just add them as functions (like opening a new external URL). I'll post a bit more on it later

James Nash

Been building a Card component for our #DesignSystem. Trickier than you might think.

To make the card surface clickable, it uses an approach from @heydon 's excellent inclusive-components.design/ca post, albeit wrapped up as a #WebComponent that progressively enhances a link/button in the card's content.

Also taking cues from @nathanacurtis sub components post medium.com/eightshapes-llc/sub and giving our consumers a suite of building blocks to assemble whatever specialsed card variations they need.

Inclusive Components · CardsSome of the components I've explored here have specific standardized requirements in order to work as expected. Tab interfaces, for example, have a prescribed structure and a set of interaction behaviors as mandated by the WAI-ARIA specification. It's at your discretion how closely you follow these requirements. Research may show
Heribert Schütz

My #webcomponent for embedding #mastodon feeds and its demo page hcschuetz.github.io/mastodon-t got a few enhancements, for example:

1. CSS fixes. (The old styling worked in Firefox but had problems in Edge and probably also Chrome.)
2. Hide sensitive content.
3. Added a list of similar projects to the demo page.
4. And perhaps most importantly: The component configuration became both simpler and more powerful.

#webdev

1/2

hcschuetz.github.ioEmbedding Mastodon Feeds
Noah Liebman

If you have a #WebComponent with

```js
constructor() {
this.mq = matchMedia(…)
}
```

do you need to clean up any change listeners in `disconnectedCallback()`?

This was not intuitive to me, and I could imagine it going both ways.

1/2 (answer in next post)

TrendingLive feeds
About