Regularly sharing the team's thoughts and insights on frontend development
This article explains why frontend security is critical, outlines common attacks such as CSRF, XSS (stored, reflected, DOM), and clickjacking, and provides practical defense strategies including CSRF tokens, SameSite cookies, input validation, CSP, X‑Frame‑Options, and secure coding practices for modern web developers.
Using a familiar chat example, this article walks through the OSI seven‑layer model, illustrating each layer’s role—from the application’s HTTP request to the physical bitstream—through analogies with parcel delivery, complete with data format transformations and visual diagrams.
This newsletter curates five technical articles covering AI‑enhanced frontend productivity, a comparative deep dive into tree shaking across major bundlers, innovative AI code generation for e‑commerce frontends, a rapid AI‑assisted component refactor, and efficiency gains in ad‑monitoring development.
With SSL/TLS certificates now limited to 13 months and soon to just 47 days, this article explains why encryption is essential, details symmetric and asymmetric cryptography, illustrates HTTPS handshake and certificate verification, and shows how these mechanisms protect against man‑in‑the‑middle attacks.
This article explores how the Cursor AI tool can automatically assess the impact of code changes in a Vue 2 frontend project, detailing a three‑step MVP workflow, its strengths, limitations, and practical insights for developers seeking smarter pre‑test risk evaluation.
This article explains the architecture, core thread responsibilities, and performance enhancements of the Skyline rendering engine for WeChat Mini Programs, detailing version support, multi‑threaded design, custom routing, snapshot and lazy‑mount features, and provides practical code examples for developers.
This guide explains how to use Proxy Auto‑Config (PAC) files to intelligently route traffic through different proxy tools like ClashX, Whistle, and SwitchyOmega, covering the underlying JavaScript function, configuration examples, and a Node.js server for hot‑reloading the PAC file.
This article explains the Model Context Protocol (MCP), compares it with traditional function calling, and provides a step‑by‑step guide for integrating MCP into the Cursor editor, including token generation, configuration, server setup, and practical examples that dramatically improve AI‑assisted development productivity.
This article details the design and implementation of a native Android image‑editing component built for warehouse quality‑inspection, covering business motivations, core features such as multi‑image batch editing, matrix‑based transformations, a command‑pattern undo/redo system, technical architecture, key challenges, and future extension plans.
This article details ZhiZhuan Group's end‑to‑end code‑coverage system for Android and iOS apps, covering its background, design, incremental instrumentation, CI/CD integration, optimization steps, visual reporting, and real‑world impact, offering practical insights for mobile development teams seeking reliable test coverage.
