Software engineer @mozilla on 🔥🦊 (DOM, web platform). open sourcerer.

Work

Firefox

I work at Mozilla on Firefox full-time, specifically DOM Core (think HTML elements and most things exposed in `window`)

<hr> in <select>
Lazy loading iframes
User activation API

Projects

Shadow

A new novel browser engine made (almost) entirely in JS from scratch

porffor

A basic experimental AOT optimizing JS -> Wasm compiler (and more) in JS

test262.fyi

View many JS engines' test262 (JS test suite) results

arRPC

Open implementation of Discord's local RPC server

Capybara

Tiny fast robust Squirrel.Windows alternative

Posts

Shadow Devlog #2

What's new in Shadow from last week (Oct 31-Nov 6)

Shadow Devlog #1: 1 week in

What's new in Shadow since the intro post (Oct 27-30)

Introducing Shadow

Shadow is a new novel browser engine made almost entirely in JS

Joining Mozilla

On October 1st, I join Mozilla to work on Firefox full-time!

Discord 0-click XSS to RCE (2022)

IPC allowlist bypass allowing to arbitary IPC calls setting a malicious update endpoint

Work

Firefox

I work at Mozilla on Firefox full-time, specifically DOM Core (think HTML elements and most things exposed in `window`)

<hr> in <select>
Lazy loading iframes
User activation API

Projects

Shadow

A new novel browser engine made (almost) entirely in JS from scratch

porffor

A basic experimental AOT optimizing JS -> Wasm compiler (and more) in JS

test262.fyi

View many JS engines' test262 (JS test suite) results

arRPC

Open implementation of Discord's local RPC server

Capybara

Tiny fast robust Squirrel.Windows alternative

Posts

Shadow Devlog #2

What's new in Shadow from last week (Oct 31-Nov 6)

Shadow Devlog #1: 1 week in

What's new in Shadow since the intro post (Oct 27-30)

Introducing Shadow

Shadow is a new novel browser engine made almost entirely in JS

Joining Mozilla

On October 1st, I join Mozilla to work on Firefox full-time!

Discord 0-click XSS to RCE (2022)

IPC allowlist bypass allowing to arbitary IPC calls setting a malicious update endpoint

Discord 1-click XSS to RCE (2020)

Path traversal in an Electron app leading to NodeJS execution from browser

Ramblings

Mozilla Chronicles #1

Day 10 in the big... Mozilla house

Work

Firefox

I work at Mozilla on Firefox full-time, specifically DOM Core (think HTML elements and most things exposed in window)<hr> in <select>Lazy loading iframesUser activation API

Projects

Shadow

A new novel browser engine made (almost) entirely in JS from scratch

porffor

A basic experimental AOT optimizing JS -> Wasm compiler (and more) in JS

test262.fyi

View many JS engines' test262 (JS test suite) results

arRPC

Open implementation of Discord's local RPC server

Capybara

Tiny fast robust Squirrel.Windows alternative

Posts

What's new in Shadow from last week (Oct 31-Nov 6)

What's new in Shadow since the intro post (Oct 27-30)

Shadow is a new novel browser engine made almost entirely in JS

On October 1st, I join Mozilla to work on Firefox full-time!

IPC allowlist bypass allowing to arbitary IPC calls setting a malicious update endpoint

Path traversal in an Electron app leading to NodeJS execution from browser

Ramblings

Day 10 in the big... Mozilla house

I work at Mozilla on Firefox full-time, specifically DOM Core (think HTML elements and most things exposed in `window`)

<hr> in <select>
Lazy loading iframes
User activation API