Thomas Broyer
@tbroyer.ltgt.net
Web development (frontend, Web APIs), Web app security, build tools, Java, Kotlin, Gradle, etc.
Blog: https://blog.ltgt.net
Fediverse: https://piaille.fr/@tbroyer
GitHub: https://github.com/tbroyer
Blog: https://blog.ltgt.net
Fediverse: https://piaille.fr/@tbroyer
GitHub: https://github.com/tbroyer
Pinned
Thomas Broyer
@tbroyer.ltgt.net
· Nov 11
How do HTML event handlers work?
blog.ltgt.net
HTML event handlers are those onxxx attributes and properties many of us are used to, but do you know how they actually work?
If you're writing custom elements and would like them to have such event handlers, what would you have to do?
#webdev #html #javascript #webcomponents
If you're writing custom elements and would like them to have such event handlers, what would you have to do?
#webdev #html #javascript #webcomponents
Reposted by Thomas Broyer
NEWS: The UK is no longer sharing intelligence with the US about suspected drug trafficking vessels in the Caribbean because it does not want to be complicit in US military strikes and believes the attacks are illegal, sources familiar with the matter told CNN. edition.cnn.com/2025/11/11/p...
Exclusive: UK suspends some intelligence sharing with US over boat strike concerns in major break | CNN Politics
The United Kingdom is no longer sharing intelligence with the US about suspected drug trafficking vessels in the Caribbean because it does not want to be complicit in US military strikes and believes ...
edition.cnn.com
November 11, 2025 at 3:06 PM
NEWS: The UK is no longer sharing intelligence with the US about suspected drug trafficking vessels in the Caribbean because it does not want to be complicit in US military strikes and believes the attacks are illegal, sources familiar with the matter told CNN. edition.cnn.com/2025/11/11/p...
Reposted by Thomas Broyer
FYI: I (and others before me) found a bug in Chromium where elements in ShadowDOM inside a popover can't be focused.
codepen.io/matuzo/pen/R...
issues.chromium.org/issues/40228...
codepen.io/matuzo/pen/R...
issues.chromium.org/issues/40228...
ShadowDOM popover bug
...
codepen.io
November 12, 2025 at 1:37 PM
FYI: I (and others before me) found a bug in Chromium where elements in ShadowDOM inside a popover can't be focused.
codepen.io/matuzo/pen/R...
issues.chromium.org/issues/40228...
codepen.io/matuzo/pen/R...
issues.chromium.org/issues/40228...
Reposted by Thomas Broyer
I’ve seen one-time passcode (“OTP”) interfaces cause undue stress in otherwise level-headed #WebDev teams.
Thankfully, it doesn’t have to be complicated: cloudfour.com/thinks/simpl...
#HTML #CSS #JavaScript
Thankfully, it doesn’t have to be complicated: cloudfour.com/thinks/simpl...
#HTML #CSS #JavaScript
Simple One-Time Passcode Inputs
Fully functional OTP entry may be easier than you think.
cloudfour.com
November 11, 2025 at 4:46 PM
I’ve seen one-time passcode (“OTP”) interfaces cause undue stress in otherwise level-headed #WebDev teams.
Thankfully, it doesn’t have to be complicated: cloudfour.com/thinks/simpl...
#HTML #CSS #JavaScript
Thankfully, it doesn’t have to be complicated: cloudfour.com/thinks/simpl...
#HTML #CSS #JavaScript
Reposted by Thomas Broyer
🎂 16yrs ago today, @developers.google.com introduce the SPDY protocol (which would eventually become HTTP2). It promised greater speeds, with multiplexing, resource prioritization and header compressions among things... SPDY walked so HTTP2 and 3 could fly.
November 11, 2025 at 6:32 PM
🎂 16yrs ago today, @developers.google.com introduce the SPDY protocol (which would eventually become HTTP2). It promised greater speeds, with multiplexing, resource prioritization and header compressions among things... SPDY walked so HTTP2 and 3 could fly.
Reposted by Thomas Broyer
🎂 32yrs today, the reason you're able to view his tweet is in part because NCSA (NATIONAL CENTER FOR
SUPERCOMPUTING APPLICATIONS) released MOSAIC browser v1.0 Nov 11, 1993 -- providing access to web browsing (as much as it could). It was the beta to what became Netscape (long story).🫡
SUPERCOMPUTING APPLICATIONS) released MOSAIC browser v1.0 Nov 11, 1993 -- providing access to web browsing (as much as it could). It was the beta to what became Netscape (long story).🫡
November 11, 2025 at 7:03 PM
🎂 32yrs today, the reason you're able to view his tweet is in part because NCSA (NATIONAL CENTER FOR
SUPERCOMPUTING APPLICATIONS) released MOSAIC browser v1.0 Nov 11, 1993 -- providing access to web browsing (as much as it could). It was the beta to what became Netscape (long story).🫡
SUPERCOMPUTING APPLICATIONS) released MOSAIC browser v1.0 Nov 11, 1993 -- providing access to web browsing (as much as it could). It was the beta to what became Netscape (long story).🫡
Reposted by Thomas Broyer
German court sides with plaintiff in copyright case against OpenAI reut.rs/47FP9D6
German court sides with plaintiff in copyright case against OpenAI
A German court on Tuesday sided with the country's music rights society GEMA in a closely watched copyright case against U.S.-based artificial intelligence firm OpenAI.
reut.rs
November 11, 2025 at 9:35 AM
German court sides with plaintiff in copyright case against OpenAI reut.rs/47FP9D6
Hi @haveibeenpwned.com @troyhunt.com, is some Unicode Normalization (and utf-8 encoding?) applied to passwords before they're hashed and added to Pwned Passwords? or are they all us-ascii anyway? or am I just overthinking this?
November 10, 2025 at 3:46 PM
Hi @haveibeenpwned.com @troyhunt.com, is some Unicode Normalization (and utf-8 encoding?) applied to passwords before they're hashed and added to Pwned Passwords? or are they all us-ascii anyway? or am I just overthinking this?
Reposted by Thomas Broyer
Someone put this "blue plaque" on a London Tesla showroom to mark his becoming the world's first trillionaire. “World’s first trillionaire Elon Musk. Could have solved world hunger but funded fascists instead. Bellend.” www.thelondoneconomic.com/news/everyon...
Special Musk 'blue plaque' put up at Tesla's flagship London dealership after $1tn pay deal
Activists decided to put up a special 'blue plaque' for Elon Musk at Tesla flagship London dealership to honour his $1 trillion pay packet.
www.thelondoneconomic.com
November 8, 2025 at 2:10 PM
Someone put this "blue plaque" on a London Tesla showroom to mark his becoming the world's first trillionaire. “World’s first trillionaire Elon Musk. Could have solved world hunger but funded fascists instead. Bellend.” www.thelondoneconomic.com/news/everyon...
Reposted by Thomas Broyer
Situations like this really highlight how so many tech companies and tech we take for granted have flourished on the backs of thousands of hours of free labour, which is bad enough, but they also have absolute contempt for that free labour and those that gave it.
Mozilla deployed an AI bot that overwrote 20 years of volunteer Japanese translations, without consultation. JP community leader resigned, and the offer from Mozilla is to "hop on a quick call to understand why they're struggling". FFS.
HN discussion: news.ycombinator.com/item?id=4583...
HN discussion: news.ycombinator.com/item?id=4583...
End of Japanese community | Hacker News
news.ycombinator.com
November 7, 2025 at 9:54 PM
Situations like this really highlight how so many tech companies and tech we take for granted have flourished on the backs of thousands of hours of free labour, which is bad enough, but they also have absolute contempt for that free labour and those that gave it.
Reposted by Thomas Broyer
Breakthrough 🤯 You're seeing
- ALL my @leaflet.pub articles 📄
- from ALL my Leaflet publications 📚
on my 🚧 new site (in dev) 🙀 that's
- version-controlled w/ @tangled.org 😳
- (soon) hosted w/ @nekomimi.pet's wisp.place 😱
EVERY PART is stored in my #PDS 🫠
#ATproto is the future!!! WTF 💙
- ALL my @leaflet.pub articles 📄
- from ALL my Leaflet publications 📚
on my 🚧 new site (in dev) 🙀 that's
- version-controlled w/ @tangled.org 😳
- (soon) hosted w/ @nekomimi.pet's wisp.place 😱
EVERY PART is stored in my #PDS 🫠
#ATproto is the future!!! WTF 💙
November 7, 2025 at 5:19 PM
Breakthrough 🤯 You're seeing
- ALL my @leaflet.pub articles 📄
- from ALL my Leaflet publications 📚
on my 🚧 new site (in dev) 🙀 that's
- version-controlled w/ @tangled.org 😳
- (soon) hosted w/ @nekomimi.pet's wisp.place 😱
EVERY PART is stored in my #PDS 🫠
#ATproto is the future!!! WTF 💙
- ALL my @leaflet.pub articles 📄
- from ALL my Leaflet publications 📚
on my 🚧 new site (in dev) 🙀 that's
- version-controlled w/ @tangled.org 😳
- (soon) hosted w/ @nekomimi.pet's wisp.place 😱
EVERY PART is stored in my #PDS 🫠
#ATproto is the future!!! WTF 💙
Reposted by Thomas Broyer
shellcheck
permalink: wizardzines.com/comics/shell...
from our zine "Bite Size Bash": wizardzines.com/zines/bite-s...
permalink: wizardzines.com/comics/shell...
from our zine "Bite Size Bash": wizardzines.com/zines/bite-s...
November 7, 2025 at 2:43 PM
shellcheck
permalink: wizardzines.com/comics/shell...
from our zine "Bite Size Bash": wizardzines.com/zines/bite-s...
permalink: wizardzines.com/comics/shell...
from our zine "Bite Size Bash": wizardzines.com/zines/bite-s...
Reposted by Thomas Broyer
Gecko: Intent to prototype and ship: Navigation API
Gecko: Intent to prototype and ship: Navigation API
Gecko: Intent to prototype and ship: Navigation API
groups.google.com
November 7, 2025 at 7:17 AM
Gecko: Intent to prototype and ship: Navigation API
Reposted by Thomas Broyer
“When you use a JavaScript framework, that isn’t the end of your work, it’s just the beginning. You still have to write your own code that makes use of that framework. Except now your code is restricted to only what the framework can do.”
I’d even drop “JavaScript” from that sentence 😉
I’d even drop “JavaScript” from that sentence 😉
Journal: Providers
Web browsers provide you with great features for free. Why would you choose to use tools that stop you taking advantage of that?
🔗https://adactio.com/journal/22235
Web browsers provide you with great features for free. Why would you choose to use tools that stop you taking advantage of that?
🔗https://adactio.com/journal/22235
November 6, 2025 at 7:44 PM
“When you use a JavaScript framework, that isn’t the end of your work, it’s just the beginning. You still have to write your own code that makes use of that framework. Except now your code is restricted to only what the framework can do.”
I’d even drop “JavaScript” from that sentence 😉
I’d even drop “JavaScript” from that sentence 😉
Reposted by Thomas Broyer
Scoop: We obtained vast amounts of European mobile phone location data from data brokers. It was allegedly collected for advertising purposes only, but can be used to spy on high-ranking EU officials & NATO staff in Brussels. The Commission is 'concerned' & issued new security guidance to its staff.
Databroker Files: Targeting the EU
Precise locations and revealing movement patterns: the mobile phone location data of millions of people in the EU is up for sale. Collected supposedly only for advertising purposes, this data can also...
netzpolitik.org
November 4, 2025 at 9:57 AM
Scoop: We obtained vast amounts of European mobile phone location data from data brokers. It was allegedly collected for advertising purposes only, but can be used to spy on high-ranking EU officials & NATO staff in Brussels. The Commission is 'concerned' & issued new security guidance to its staff.
Reposted by Thomas Broyer
setHTML(), Trusted Types and the Sanitizer API. Ollie Williams shows how these APIs protect against XSS by sanitizing HTML safely and enforcing trusted types. Supported in Firefox Nightly and Chrome Canary, with wider adoption coming. #security #html
olliewilliams.xyz/blog/sanitiz...
olliewilliams.xyz/blog/sanitiz...
November 3, 2025 at 1:03 PM
setHTML(), Trusted Types and the Sanitizer API. Ollie Williams shows how these APIs protect against XSS by sanitizing HTML safely and enforcing trusted types. Supported in Firefox Nightly and Chrome Canary, with wider adoption coming. #security #html
olliewilliams.xyz/blog/sanitiz...
olliewilliams.xyz/blog/sanitiz...
Reposted by Thomas Broyer
Some guy got in an argument with me about the impact of AI malware. He cited a MIT paper claiming "80% of ransomware attacks are AI powered". I glanced over it and burst out laughing, but couldn't be bothered to debunk it. My friend on the other hand, could. He roasted it so hard that MIT deleted it
Security Community Slams MIT-linked Report Claiming AI Power...
Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.
socket.dev
October 31, 2025 at 10:10 PM
Some guy got in an argument with me about the impact of AI malware. He cited a MIT paper claiming "80% of ransomware attacks are AI powered". I glanced over it and burst out laughing, but couldn't be bothered to debunk it. My friend on the other hand, could. He roasted it so hard that MIT deleted it
Reposted by Thomas Broyer
👻 October is Cybersecurity Awareness Month
🔒 Passkeys are phishing-resistant providing an improved security model over traditional authn and MFA
⏳ It's time to make the switch and ditch your passwords and start using passkeys
Visit Passkey Central today:
www.passkeycentral.org/introduction...
🔒 Passkeys are phishing-resistant providing an improved security model over traditional authn and MFA
⏳ It's time to make the switch and ditch your passwords and start using passkeys
Visit Passkey Central today:
www.passkeycentral.org/introduction...
October 31, 2025 at 2:01 PM
👻 October is Cybersecurity Awareness Month
🔒 Passkeys are phishing-resistant providing an improved security model over traditional authn and MFA
⏳ It's time to make the switch and ditch your passwords and start using passkeys
Visit Passkey Central today:
www.passkeycentral.org/introduction...
🔒 Passkeys are phishing-resistant providing an improved security model over traditional authn and MFA
⏳ It's time to make the switch and ditch your passwords and start using passkeys
Visit Passkey Central today:
www.passkeycentral.org/introduction...
Reposted by Thomas Broyer
📌 A few year ago, I dared to say that React was the new WordPress. What did I mean?? Devs have for the most part adopted the platform just because. That show of hands during this Nadia Makarevich's talk is proof of it. Orgs hire for React devs often. Wild times.
#perfNow
#perfNow
October 31, 2025 at 11:33 AM
📌 A few year ago, I dared to say that React was the new WordPress. What did I mean?? Devs have for the most part adopted the platform just because. That show of hands during this Nadia Makarevich's talk is proof of it. Orgs hire for React devs often. Wild times.
#perfNow
#perfNow
Reposted by Thomas Broyer
Still running on an old version of Node.js? We’ve got new guides and tools to help you migrate your code smoothly.
Start here: nodejs.org/en/learn/get...
Thank you @augustin-mauroy.bsky.social for the work here 🙏
Start here: nodejs.org/en/learn/get...
Thank you @augustin-mauroy.bsky.social for the work here 🙏
Node.js — Userland Migrations
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
October 30, 2025 at 4:33 PM
Still running on an old version of Node.js? We’ve got new guides and tools to help you migrate your code smoothly.
Start here: nodejs.org/en/learn/get...
Thank you @augustin-mauroy.bsky.social for the work here 🙏
Start here: nodejs.org/en/learn/get...
Thank you @augustin-mauroy.bsky.social for the work here 🙏
Reposted by Thomas Broyer
HEY HEY, the Design Tokens Specification is stable! This is absolutely phenomenal news for the design system community and the technology industry in general. www.w3.org/community/de...
Design Tokens specification reaches first stable version | Design Tokens Community Group
www.w3.org
October 29, 2025 at 2:25 PM
HEY HEY, the Design Tokens Specification is stable! This is absolutely phenomenal news for the design system community and the technology industry in general. www.w3.org/community/de...
Reposted by Thomas Broyer
New @nodejs.org 24.11.0 release.
nodejs.org/en/blog/rele...
This release marks the transition of Node.js 24.x into Long Term Support (LTS). It will continue to receive updates through to the end of April 2028.
nodejs.org/en/blog/rele...
This release marks the transition of Node.js 24.x into Long Term Support (LTS). It will continue to receive updates through to the end of April 2028.
Node.js — Node.js v24.11.0 (LTS)
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
nodejs.org
October 28, 2025 at 5:57 PM
New @nodejs.org 24.11.0 release.
nodejs.org/en/blog/rele...
This release marks the transition of Node.js 24.x into Long Term Support (LTS). It will continue to receive updates through to the end of April 2028.
nodejs.org/en/blog/rele...
This release marks the transition of Node.js 24.x into Long Term Support (LTS). It will continue to receive updates through to the end of April 2028.
Reposted by Thomas Broyer
One year from now, Chrome will enable "Always Use Secure Connections" and warn users before plaintext HTTP by default.
HTTPS by default
One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable “Always Use Secu...
security.googleblog.com
October 28, 2025 at 5:27 PM
One year from now, Chrome will enable "Always Use Secure Connections" and warn users before plaintext HTTP by default.
Reposted by Thomas Broyer
Last week I posted about a secret config in Firefox that made view transitions easier to debug.
Folks said we should make it less secret.
So we did.
Folks said we should make it less secret.
So we did.
October 27, 2025 at 10:29 AM
Last week I posted about a secret config in Firefox that made view transitions easier to debug.
Folks said we should make it less secret.
So we did.
Folks said we should make it less secret.
So we did.
Reposted by Thomas Broyer
Politics and journalism under social media reaction economies have become increasingly indistinguishable from trolling: They feed on online outrage, and every shitpost or snarky comment from your opponents becomes a trophy to be shared online, as evidence that you‘ve always been right about them
October 27, 2025 at 7:41 AM
Politics and journalism under social media reaction economies have become increasingly indistinguishable from trolling: They feed on online outrage, and every shitpost or snarky comment from your opponents becomes a trophy to be shared online, as evidence that you‘ve always been right about them