A Snake Game in the URL Bar: What It Shows About Modern Web Security

Open Chrome and navigate to https://demian.ferrei.ro/snake#; a snake made of odd Unicode symbols crawls inside the address bar, eating food and growing, demonstrating a full game running in the URL field.

Curiosity Sparks a Technical Adventure

Creator Francisco Uzo was fascinated by Braille’s 2×4 dot matrix, which yields 256 possible characters—an 8‑bit pixel set already present in Unicode. He realized these characters could serve as tiny graphics, leading to the idea of a snake rendered with Braille symbols.

The game maps its world onto the Braille grid, each character acting as a 2×4 pixel block.

The snake’s body uses solid Braille dots (⣿) while empty space uses blank Braille (⠀).

JavaScript’s history.replaceState() updates the URL in real time without polluting the history.

Each frame refreshes, keeping the game fluid inside the address bar.

Why the Game Looks Broken Today

Modern browsers now escape all spaces in URLs (e.g., converting ⠀ to %20), breaking the visual layout. Security‑focused updates also limit the frequency of history.replaceState(), forcing fallback to location.hash, which clutters the browsing history.

Other constraints include varying URL length limits, stricter Unicode safety filters, and mobile browsers that hide or truncate the address bar, all of which make such projects harder to implement.

Other Unconventional Browser Experiments

Similar hacks have appeared, such as a 2048 game in the URL, a snake rendered in the tab title, TinyJS snake implementations, and even 3D worlds displayed via the URL bar.

Security vs. Creativity

While browser security improvements protect users from injection attacks and phishing, they also close doors on playful, experimental projects that have little commercial value but high learning and inspirational worth.

Developers argue that these “useless but fun” creations foster skill development and embody the hacker spirit, offering experiences that AI‑generated code cannot replicate.

What This Means in the AI Era

As AI can now generate code and understand Unicode, the human moments of discovery—late‑night epiphanies, debugging quirks, and the joy of seeing a snake slither in an address bar—remain uniquely valuable.