Brian McCaffrey

Tidbits from LibertyJS 2023

post finished 11-13-23

I had the privilege of attending the LibertyJS conference in Philly last Thursday and Friday! This was my first time attending a conference, so of course I excitedly tried to take detailed and extensive notes of each talk... but so much extended focus is quite difficult! I did, however, manage to capture key points from some of my favorite talks.

It's tricky to take in so much information for two days straight! Despite my note-taking not living up to expectations, I've distilled the most critical points here. This serves as a valuable reference for me, and hopefully you can get something from it too.

You Don't Know JavaScript (Yet)

Read it

I met someone during one of the talks who recommended the book (or rather, series of books) "You Don't Know JavaScript." I didn't get around to looking into it until writing this post. However, now that I've scanned the preface and foreword of the first book, I'm grateful I didn't dismiss the recommendation. It seems like it's right up my alley- an in-depth, gentle, and inquisitive exploration of the tool I use every day. The first book's foreword by Brian Holt adds to its credibility. As the preface suggests, I'll casually peruse this book and update my site or this post with additional thoughts.


I also enjoyed a captivating talk on the game Battlesnake. It is a fun and competitive approach to learning new technologies. The objective is similar to the game 'Snake', with a couple of twists. First, each game is played against other players 'Battle-Royale' style. Second, you don't directly control your snake; instead, you write a server to control it. The game acts as a client, sending a POST HTTP request to your server to communicate the game's current state, and it listens to your response to determine your next move. Check out the quickstart guide if you're interested. I need to learn how to spin up an Express server for my side project, so I plan to write my own Battlesnake to learn how.

View Transitions API

Another intriguing topic was the View Transitions API. According to the MDN page, this new API:

...provides a mechanism for easily creating animated transitions between different DOM states while also updating the DOM contents in a single step.

Phil Nash from Sonar demonstrated ways to use the view transition API on both MPA and SPA. In fact, the entire presentation was built using the View Transitions API. That being said, if you want to explore this technology yourself, you'll have to enable its experimental feature flag in a supported browser (if you use Safari like me, you're SOL). On Chrome, you can go to the URL: chrome://flags/ and then flip on the Experimental Web Platform features and viewTransition API for navigations. This seems to be a significant quality-of-life improvement for developers, streamlining and standardizing solutions to common problems and further maturing web technologies.

Trusted Types as a Way to Prevent XSS

Two Google engineers presented the Trusted Types API as a means of preventing XSS. This problem is prevalent, accounting for 35.6% of all bug bounty payouts from Google. This vulnerability allows attackers to inject malicious scripts into web pages, especially when user-inputted strings could be interpreted as code. The Trusted Types API can be used in such cases to ensure that the strings being used for dynamic content injection only come from trusted sources. Again, this technology is rather new (does not seem to be fully supported in Safari at the time of writing), but I think we all ought to be more careful to prevent these kinds of attacks.


Finally, I attended an excellent talk on accessibility. While I learned the basics during my first year as a web developer, this talk reinforced the importance of accessible technology. I learned that building apps with better accessibility not only benefits users with permanent disabilities, such as color blindness, but also aids those with temporary or situational disabilities. The talk also highlighted a fascinating service called fable, which allows you to work alongside users with disabilities to test your app and identify accessibility issues.