Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix typos #28142

Merged
merged 1 commit into from
Jul 24, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion files/en-us/learn/performance/css/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ To optimize the CSSOM construction and improve page performance, you can do one

Making your selectors less complex and specific is also good for maintenance. It is easy to understand what simple selectors are doing, and it is easy to override styles when needed later on if the selectors are less [specific](/en-US/docs/Learn/CSS/Building_blocks/Cascade_and_inheritance#specificity_2).

- **Don't apply styles to more elements than needed**: A common mistake is to apply styles to all elements using the [universal selector](/en-US/docs/Web/CSS/Universal_selectors), or at least, to more elements than needed. This kind of styling can impact performance neagtively, especially on larger sites.
- **Don't apply styles to more elements than needed**: A common mistake is to apply styles to all elements using the [universal selector](/en-US/docs/Web/CSS/Universal_selectors), or at least, to more elements than needed. This kind of styling can impact performance negtively, especially on larger sites.

```css
/* Selects every element inside the <body> */
Expand Down
4 changes: 2 additions & 2 deletions files/en-us/learn/performance/html/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ You can also lazy load video content by using the `preload` attribute. For examp
</video>
```

Giving `preload` a value of `none` tells the browser to not preload any of the video data before the user decides to play it, which is obviously good for preformance. Instead, it will just show the image indicated by the `poster` attribute. Different browsers have different default video loading behavior, so it is good to be explicit.
Giving `preload` a value of `none` tells the browser to not preload any of the video data before the user decides to play it, which is obviously good for performance. Instead, it will just show the image indicated by the `poster` attribute. Different browsers have different default video loading behavior, so it is good to be explicit.

See [Lazy loading video](https://web.dev/lazy-loading-video/) on web.dev for detailed information.

Expand Down Expand Up @@ -193,7 +193,7 @@ Ordering of resource loading is important for maximizing perceived and actual pe

1. The HTML is generally parsed first, in the order in which it appears on the page.
2. Any found CSS is parsed to understand the styles that need to be applied to the page. During this time, linked assets such as images and web fonts start to be fetched.
3. Any found JavaScript is parsed, evaluated, and run against the page. By default, this blocks parsing of the HTML that appears after the {{htmlelement("script")}} elements where the JavaScript is encoountered.
3. Any found JavaScript is parsed, evaluated, and run against the page. By default, this blocks parsing of the HTML that appears after the {{htmlelement("script")}} elements where the JavaScript is encountered.
4. Slightly later on, the browser works out how each HTML element should be styled, given the CSS applied to it.
5. The styled result is then painted to the screen.

Expand Down
6 changes: 3 additions & 3 deletions files/en-us/learn/performance/javascript/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@ This works OK, but is render-blocking. A better strategy is to use [`rel="preloa
The preload {{htmlelement("link")}} fetches the JavaScript as soon as possible, without blocking rendering. You can then use it wherever you want in your page:

```html
<!-- Include this whever makes sense -->
<!-- Include this wherever makes sense -->
<script src="important-js.js"></script>
```

Expand Down Expand Up @@ -294,10 +294,10 @@ There are several general best practices that will make your code run more effic

- **Reduce DOM manipulation**: Accessing and updating the DOM is computationally expensive, so you should minimize the amount that your JavaScript does, especially when performing constant DOM animation (see [Handling JavaScript animations](#handling_javascript_animations) above).
- **Batch DOM changes**: For essential DOM changes, you should batch them into groups that get done together, rather than just firing off each individual change as it occurs. This can reduce the amount of work the browser is doing in real terms, but also improve perceived performance. It can make the UI look smoother to get several updates out of the way in one go, rather than constantly making small updates. A useful tip here is — when you have a large chunk of HTML to add to the page, build the entire fragment first (typically inside a {{domxref("DocumentFragment")}}) and then append it all to the DOM in one go, rather than appending each item separately.
- **Simplify your HTML**: The simpler your DOM tree is, the faster it can be accessed and manipulated with JavaScript. Think carefully about what your UI needs, and remove unneccessary cruft.
- **Simplify your HTML**: The simpler your DOM tree is, the faster it can be accessed and manipulated with JavaScript. Think carefully about what your UI needs, and remove unnecessary cruft.
- **Reduce the amount of looped code**: Loops are expensive, so reduce the amount of loop usage in your code wherever possible. In cases where loops are unavoidable:

- Avoid running the full loop when it is unneccessary, using {{jsxref("Statements/break", "break")}} or {{jsxref("Statements/continue", "continue")}} statements as appropriate. For example, if you are searching arrays for a specific name, you should break out of the loop once the name is found; there is no need to run further loop iterations:
- Avoid running the full loop when it is unnecessary, using {{jsxref("Statements/break", "break")}} or {{jsxref("Statements/continue", "continue")}} statements as appropriate. For example, if you are searching arrays for a specific name, you should break out of the loop once the name is found; there is no need to run further loop iterations:

```js
function processGroup(array) {
Expand Down
16 changes: 8 additions & 8 deletions files/en-us/web/privacy/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ It is hard to talk about privacy without also talking about security — they ar
- Health information such as medical history, allergies, or ongoing conditions
- Usernames and passwords
- Hobbies, interests, or other personal preferences
- Biometic data such as fingerprints or facial recognition data
- Biometric data such as fingerprints or facial recognition data

**Private information** is any information that users do not want shared publicly and must be kept private (i.e., information that is accessible only by a certain group of authorized users). Some private data is private by law (for example medical data), and some is private more by personal preference.

Expand All @@ -48,7 +48,7 @@ Following on from the above section, **personally identifiable information** (PI

**Tracking** refers to the process of a third party recording a user's activity across many different websites. This can be done in various ways, for example:

- Looking at cookies that the user has set (for example, to persist a log in or personalization details across different sites) if the third party is embedded on the same domain.
- Looking at cookies that the user has set (for example, to persist a login or personalization details across different sites) if the third party is embedded on the same domain.
- Looking at the {{httpheader("Referer")}} header to see where a user has navigated from.

Tracking data can be used to profile a user and their interests and preferences, which is usually bad and can be annoying to various degrees. For example:
Expand Down Expand Up @@ -90,7 +90,7 @@ Related topics are as follows:

### Opt-in for "powerful features"

So-called "powerful" web API features that provide access to potentially sensitive data and operations are available only in [secure contexts](/en-US/docs/Web/Security/Secure_Contexts), which basically means HTTPS-only. Not only that, but these web features are gated behind a system of user permissions. Users have to explicitly opt-in to features like allowing notifications, accessing geolocation data, making the browser go into fullscreen mode, accessing media streams from web cams, using web payments, etc.
So-called "powerful" web API features that provide access to potentially sensitive data and operations are available only in [secure contexts](/en-US/docs/Web/Security/Secure_Contexts), which basically means HTTPS-only. Not only that, but these web features are gated behind a system of user permissions. Users have to explicitly opt in to features like allowing notifications, accessing geolocation data, making the browser go into fullscreen mode, accessing media streams from webcams, using web payments, etc.

### Anti-tracking technology

Expand Down Expand Up @@ -126,7 +126,7 @@ Some of the most developed parts of the privacy sandbox project are as follows:
- [Cookies Having Independent Partitioned State (CHIPS)](/en-US/docs/Web/Privacy/Partitioned_cookies)
- : Also known as **partitioned cookies**, CHIPs allows developers to opt a cookie into partitioned storage, with a separate cookie jar per top-level site.
- [First-party sets](https://developer.chrome.com/docs/privacy-sandbox/first-party-sets/)
- : A machanism for a company to declare relationships between different origins. Supporting browsers will then allow limited third-party cookie access across those origins for specific purposes.
- : A mechanism for a company to declare relationships between different origins. Supporting browsers will then allow limited third-party cookie access across those origins for specific purposes.
- Third-party cookie default
- : Chrome does not yet block third-party cookies by default, but this can be set by users in Chrome settings.

Expand Down Expand Up @@ -203,7 +203,7 @@ Earlier on we discussed tracking, and some of the unethical purposes they are us
Also recall from earlier that browsers are implementing a number of technologies to limit the usage of tracking cookies, especially cross-site cookies, with the eventual aim of removing them altogether. It is a good idea to prepare for this, by limiting the amount of tracking activities you rely on, and/or implementing desired information persistence in other ways. For example:

- Use an alternative client-side storage mechanism such as [Web Storage](/en-US/docs/Web/API/Web_Storage_API) to persist data. This does have the downside that the data is stored per-origin, so it can't be shared.
- Use a technology such as [IFrame credentialless](/en-US/docs/Web/Security/IFrame_credentialless), [First-party sets](https://developer.chrome.com/docs/privacy-sandbox/first-party-sets/) and/or the [Storage access API](/en-US/docs/Web/API/Storage_Access_API) to allow your sites to opt-in to using cross-site cookies in a safe, controlled way, or block them altogether. These currently have limited browser support.
- Use a technology such as [IFrame credentialless](/en-US/docs/Web/Security/IFrame_credentialless), [First-party sets](https://developer.chrome.com/docs/privacy-sandbox/first-party-sets/) and/or the [Storage access API](/en-US/docs/Web/API/Storage_Access_API) to allow your sites to opt in to using cross-site cookies in a safe, controlled way, or block them altogether. These currently have limited browser support.
- Use a server-side solution for data persistence.

> **Note:** To reiterate what we said earlier, make sure you clearly communicate to your users what you are doing via your privacy policy, and allow them to opt-in, and easily delete their data if they change their mind at a later date.
Expand All @@ -226,7 +226,7 @@ Once you have audited your third-party resources and understand what they are do

The following list provides some tips on how to mitigate privacy risks inherent with using third party resources:

- When embedding third party resources, consider if there is a way to achieve the same or a similar effect with less privacy impact. For example, it might be fun to have a social media post viewer embeded on your site, but is it really necessary? Wouldn't a link to your social media page be sufficient? also, some third-party services have privacy-enhancing options. See for example YouTube's [Embed videos & playlists > Turn on privacy-enhanced mode](https://support.google.com/youtube/answer/171780).
- When embedding third party resources, consider if there is a way to achieve the same or a similar effect with less privacy impact. For example, it might be fun to have a social media post viewer embedded on your site, but is it really necessary? Wouldn't a link to your social media page be sufficient? also, some third-party services have privacy-enhancing options. See for example YouTube's [Embed videos & playlists > Turn on privacy-enhanced mode](https://support.google.com/youtube/answer/171780).
- Where possible, you should block third parties from receiving a {{httpheader("Referer")}} header when you make requests to them. This can be done in a pretty granular way, for example by including [rel="noreferrer"](/en-US/docs/Web/HTML/Attributes/rel/noreferrer) on external links:

```html
Expand All @@ -237,7 +237,7 @@ The following list provides some tips on how to mitigate privacy risks inherent

> **Note:** See also [Referer header: privacy and security concerns](/en-US/docs/Web/Security/Referer_header:_privacy_and_security_concerns).

- Use the {{httpheader("Permissions-Policy")}} HTTP header to control access to "powerful features" (such as notifications, geolocation data, accessing media streams from web cams, etc.). This can be useful for privacy because it stops third party sites from doing unexpected things with these features, and users don't want to be unnecessarily bombarded by permissions prompts that they may not understand.
- Use the {{httpheader("Permissions-Policy")}} HTTP header to control access to "powerful features" (such as notifications, geolocation data, accessing media streams from webcams, etc.). This can be useful for privacy because it stops third party sites from doing unexpected things with these features, and users don't want to be unnecessarily bombarded by permissions prompts that they may not understand.

The following example disables [Picture-in-Picture](/en-US/docs/Web/API/Picture-in-Picture_API) everywhere, allows [Geolocation](/en-US/docs/Web/API/Geolocation_API) to be used only on one specific origin, and allows camera usage everywhere:

Expand Down Expand Up @@ -267,7 +267,7 @@ You need to make sure that, once you have collected data from your users, that i
The below tips offer some guidance on protecting your user's data:

- Security is hard to get right. When implementing a secure solution that involves data collection — particularly if it is sensitive data such as log-in credentials — it makes sense to use a reputable solution from a well-respected provider. For example, any respectable server-side framework will have built-in features to protect against common vulnerabilities. You could also consider using a specialized product for your purpose — for example an identity provider solution, or a secure online survey provider.
- If you want to roll your own solution for collecting user data, make sure you understand what you are doing. Hire an experienced server-side developer and/or security engineer to implement the system, and ensure it is tested throroughly. Use multi-factor authentication (MFA) to provide better protection. Consider using a dedicated API such as [Web Authentication](/en-US/docs/Web/API/Web_Authentication_API) or [Federated Credential Management](/en-US/docs/Web/API/FedCM_API) to streamline the client-side of the app.
- If you want to roll your own solution for collecting user data, make sure you understand what you are doing. Hire an experienced server-side developer and/or security engineer to implement the system, and ensure it is tested thoroughly. Use multifactor authentication (MFA) to provide better protection. Consider using a dedicated API such as [Web Authentication](/en-US/docs/Web/API/Web_Authentication_API) or [Federated Credential Management](/en-US/docs/Web/API/FedCM_API) to streamline the client-side of the app.
- When collecting user sign-up information, enforce strong passwords so that your user's account details cannot be easily guessed. Weak passwords are one of the main causes of security breaches. In addition, encourage your users to use a password manager so that they can use more complex passwords, don't need to worry about remembering them, and won't create a security risk by writing them down.
- Don't include sensitive data in URLs — if a third party intercepts the URL (for example via the {{httpheader("Referer")}} header), they could steal that information. Use `POST` requests rather than `GET` requests to avoid this.
- Consider using tools like [Content Security Policy](/en-US/docs/Web/HTTP/CSP) and [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) to enforce a set of feature usage on your site that makes it harder to introduce vulnerabilities. Be careful when doing this — if you block usage of a feature that a third party script relies on to work, you may end up breaking your site's functionality. This is something you can look into when auditing your third party resources (see [Carefully manage third-party resources](#carefully_manage_third-party_resources)).
Expand Down