Mathias Bynens

About me

My name’s Mathias Bynens, and I’m a freelance web developer from Belgium. I collaborate on open-source projects such as jsPerf and HTML5 Boilerplate. If that sounds like fun to you, you should follow me on Twitter and GitHub.

Latest notes

PBKDF2+HMAC hash collisions explained

· tagged with Bash, cryptography, JavaScript, Python

It’s trivial to find colliding passwords when hashing with PBKDF2-HMAC-anything. This post explains why that is.

Continue reading “PBKDF2+HMAC hash collisions explained”…

JavaScript has a Unicode problem

· tagged with JavaScript, Unicode

The way JavaScript handles Unicode is… surprising, to say the least. This write-up explains the pain points associated with Unicode in JavaScript, provides solutions for common problems, and explains how the upcoming ECMAScript 6 will improve the situation.

Continue reading “JavaScript has a Unicode problem”…

Processing Content Security Policy violation reports

· tagged with CSP, PHP, security

Content Security Policy can be used to generate reports describing attempts to attack your site. This post briefly explains how this works, and presents a simple example script that can be used to process these reports.

Continue reading “Processing Content Security Policy violation reports”…

Hiding JSON-formatted data in the DOM with CSP enabled

· tagged with CSP, DOM, HTML, JavaScript, PHP, security

If Content Security Policy is enabled for protection against cross-site scripting attacks (i.e. the unsafe-inline option is not set), the use of inline <script>s is not allowed. In that case, how can we pass server-generated data to the front-end without negatively affecting load time and run-time performance?

Continue reading “Hiding JSON-formatted data in the DOM with CSP enabled”…

Loading JSON-formatted data with Ajax and xhr.responseType='json'

· tagged with DOM, HTTP, JavaScript

This post explains a hidden gem in the XMLHttpRequest standard that simplifies fetching and parsing JSON data through Ajax.

Continue reading “Loading JSON-formatted data with Ajax and xhr.responseType='json'”…

Older notes

Browse the archive.