HTTPS only with HTTP Strict Transport Security (HTST) header

published on
The HTTP Strict Transport Security header (Strict-Transport-Security) allows you to tell the brower to only communicate with a site using HTTPS. Once the browser has successfully connected using HTTPS and seen the header, it will only communicate with the site using HTTPS from that point forward, changing the protocol if needed. By enabling this header you can prevent man-in-the-middle attacks via SSL stripping. There is a good overview @ Mozilla on the header and its benefits. Read More...

Turn any webpage into a WYSIWYG editor with HTML5

published on
There is a little known feature in the HTML5 spec that enables you to turn an entire page or a single element into a WYSIWYG editor with a single line of JavaScript and its supported by every major browser out there. To enable you simply set the contentEditable attribute of an element to true: // make the entire website editable document.body.contentEditable = true; // make an element editable document.getElementById('myDiv').contentEditable = true; To check if an element is editable you check the isContentEditable attribute: if (document.getElementById('myDiv').isContentEditable){ // yes its editable } Both contentEditable and isContentEditable are described in the HTML5 Editing spec.