Sometimes, Web Developers are surprised to find that the window.close() API doesn’t always close the browser window. When looking at the Developer Tools console, they’ll see a message like: Scripts may close only the windows that were opened by them. Why Do Browsers Limit close()? Before we dive into what factors govern what happens whenContinue reading “window.close() Restrictions”
Author Archives: ericlaw
Sandboxing vs. Elevated Browsing (As Administrator)
The Web Browser is the most security-critical application on most users’ systems– it accepts untrusted input from servers anywhere in the world, parses that input using dozens to hundreds of parsers, and renders the result locally as fast as it can. For performance reasons, almost all code in almost all browsers is written in memory-unsafeContinue reading “Sandboxing vs. Elevated Browsing (As Administrator)”
Objectively, the best cat
On March 15, 2009 we put my cat Jill (Jillian, Jilly, Jilly Bean, Jillkin) to sleep at an emergency vet. We didn’t know for sure why her kidneys failed, but it was sudden and unexpected. At times Jill could be grumpy and stubborn, but she was usually friendly, curious, and she was always very loved. IContinue reading “Objectively, the best cat”
Simply Making Simple Fixes Simple for Chromium
Google recently introduced a cool web-based editing tool for Chromium source code, a very stripped down version of the Willy Wonka tooling Googlers get to use for non-Chromium projects. I’ve used this tool to submit two trivial change lists (CLs, aka PRs) to Chromium, but I was curious about whether this new feature would workContinue reading “Simply Making Simple Fixes Simple for Chromium”
Client Certificates and Logout
Last Updated May 16, 2022 Back in May 2020, I wrote about Client Certificate Authentication, a mechanism that allows websites to strongly validate the identity of their visitors using certificates presented by the visitor’s browser. One significant limitation for client certificate authentication is that there is no standards-based mechanism for a user to “log out”Continue reading “Client Certificates and Logout”