Hi there! New to coding and still learnings lots… trying not to overload my brain.
Anyways, if anybody had some feedback for me on my tribute page. It’s pretty basic, but I’d super appreciate tips or opinions! <3
Thanks, campers!
Hi there! New to coding and still learnings lots… trying not to overload my brain.
Anyways, if anybody had some feedback for me on my tribute page. It’s pretty basic, but I’d super appreciate tips or opinions! <3
Thanks, campers!
Looks good but I’d take a closer look at your breakpoints and columns @ ~577px and up… your div captions look very skinny and it’s difficult to read at this window width. Maybe try a different layout. Also this is a personal preference but I think this layout would look better with centered images! Otherwise looks great! Nice job!
Hi @Ryancoso,
CSS inspector:
#Ip-Man {
margin-top: 200x;
}
HTML inspector:
<br>
element cannot be a child of the <ul>
element.MDN documentation:
<ul>: The Unordered List element - HTML: HyperText Markup Language | MDN
Permitted content
zero or more<li>
elements, eventually mixed with<ol>
and<ul>
elements.
<h1 class="text-center">Bruce Lee</h1>
<h3 class="text-center"><em>The Dragon</em></h3>
MDN documentation:
<h1>–<h6>: The HTML Section Heading elements - HTML: HyperText Markup Language | MDN
Do not use lower levels to decrease heading font size: use the CSS font-size property instead.Avoid skipping heading levels: always start from
<h1>
, next use<h2>
and so on.
h2–h6 elements must not be used to markup subheadings, subtitles, alternative titles and taglines unless intended to be the heading for a new section or subsection. Instead use the markup patterns in the §4.13 Common idioms without dedicated elements section of the specification.
Common Idioms
HTML Standard
<a href="https://en.wikipedia.org/wiki/Bruce_Lee" target="_blank">Wikipedia</a>
MDN documentation:
<a>: The Anchor element - HTML: HyperText Markup Language | MDN
Note: When using target, consider adding rel=“noopener noreferrer”
to avoid exploitation of the window.opener API.
TL;DR If window.opener is set, a page can trigger a navigation in the opener regardless of security origin.
Target="_blank" - the most underestimated vulnerability ever
People using target=‘_blank’ links usually have no idea about this curious fact:
The page we’re linking to gains partial access to the linking page via the window.opener object.
The newly opened tab can, say, change the window.opener.location to some phishing page. Or execute some JavaScript on the opener-page on your behalf… Users trust the page that is already opened, they won’t get suspicious.
How to fix
Add this to your outgoing links.
rel="noopener"
Update: FF does not support “noopener” so add this.
rel="noopener noreferrer"
Remember, that every time you open a new window via window.open(); you’re also “vulnerable” to this, so always reset the “opener” property
var newWnd = window.open();
newWnd.opener = null;
Cheers and happy coding