ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "373: Script Injection with Cloudflare Workers"
Episode Synopsis
This week Shaw and Chris dig into some deepnerd tech stuff: manipulating HTML. In a perfect world, perhaps we wouldn't need to, but today, and even moreso in the foreseeable future of CodePen, we need to do a smidge of HTML manipulation on the HTML that you write or that is generated by code you write on CodePen. A tiny example is removing the autofocus attribute when a Pen in shown in a grid view <iframe>. A more significant example is that we need to inject some of our own JavaScript into your Pen, to power features of CodePen itself, like the console, which receives information from your rendered page (like logs, errors, etc) and can push commands to execute as well.
So how do we inject a <script> into absolutely 100% arbitrary HTML? Well, it's tricky. We're starting to do it with Cloudflare Workers and the HTMLRewriter stuff they can do. Even then, it's not particularly easy, with lots of edge cases. Thank gosh for Miniflare for the ability to work on this stuff locally and write tests for it.
Time Jumps
So how do we inject a <script> into absolutely 100% arbitrary HTML? Well, it's tricky. We're starting to do it with Cloudflare Workers and the HTMLRewriter stuff they can do. Even then, it's not particularly easy, with lots of edge cases. Thank gosh for Miniflare for the ability to work on this stuff locally and write tests for it.
Time Jumps
More episodes of the podcast CodePen Radio
417: Iframe Allow Attribute Saga
18/11/2025
416: Upgrading Next.js & React
05/11/2025
415: Babel Choices
28/10/2025
414: Apollo (and the Almighty Cache)
23/10/2025
413: Still indie after all these years
14/10/2025
412: 2.0 Embedded Pens
09/10/2025
411: The Power of Tree-Sitter
01/10/2025
409: Our Own Script Injection
16/09/2025
408: Proxied Third-Party JavaScript
09/09/2025
In God we trust