nf start -j Procfile.dev

Local development and testing has huge advantages, but sometimes one needs to test web applications against their real-world domain name. Editing /etc/hosts is a pain however, and error prone. Node Foreman can start up an HTTP forward proxy which your browser can route requests through. The forward proxy will intercept requests based on domain name, and route them to the local application.

For users with Google Chrome, this can be paired with FelisCatus SwitchyOmega for great results.

this is incomplete. Yes you get a load of commits, but they no longer refer to the right paths. git log dir-B/somefile won't show anything except the one merge. See Greg Hewgill's answer references this important issue.

kdiff3 can be used solely with keyboard, so 5 conflict file takes when reading the code just few minutes.

If you're wondering, to insert a <tab> in osx, you need to Ctrl-V <tab>

I think so...I actually can't remember. I've used this script quite a bit.

Thanks. Worked for me. I needed to move the merged directory into a sub-folder so after following the above steps I simply used git mv source-dir/ dest/new-source-dir

In case you want to put project-a into a subdirectory, you can use git-filter-repo (filter-branch is discouraged)

Note: This rewrites history;

Shorter: git fetch /path/to/project-a master; git merge --allow-unrelated-histories FETCH_HEAD.

--ignore-unmatch

https://github.com/reaxis/mu µ

Are you also tired and fed up with the bulkiness of jQuery, but also don't want to have to type document.querySelector("div").appendChild(document.createTextNode("hello")); just to add some text to an element?

µ

Before we dive into the details of the actual migration, let’s discuss the theory behind it.

Seamless transitions; changes made to the old repositories after they were migrated must be imported to the new monorepository.

Preserving history; we often find ourselves using the git blame tool to discover why a certain change was made.

Our requirements:

A transition period rather than Stop-The-World migration; we want to merge in a few repositories per day, with minimal disruption to work-flow.

The implicit dependencies between different versions of different services were not expressed anywhere, which led to various problems in building, continuous integration, and, notably, repeatable builds.

Preserving commit hashes; we use commit hashes in binary names and our issue tracker; ideally, these references remain intact.

You may want to try putting the one-liner (everything in the single quotes) in an actual script, with a bash shebang line. I think filter-branch is probably trying to run this in sh, not bash.

If you want the project's history to look as though all files have always been in the directory foo/bar, then you need to do a little surgery. Use git filter-branch with the "tree filter" to rewrite the commits so that anywhere foo/bar doesn't exist, it is created and all files are moved to it:

git push -b

       git push [--all | --mirror | --tags] [--follow-tags] [--atomic] [-n | --dry-run] [--receive-pack=<git-receive-pack>]
                  [--repo=<repository>] [-f | --force] [-d | --delete] [--prune] [-v | --verbose]
                  [-u | --set-upstream] [-o <string> | --push-option=<string>]
                  [--[no-]signed|--signed=(true|false|if-asked)]
                  [--force-with-lease[=<refname>[:<expect>]] [--force-if-includes]]
                  [--no-verify] [<repository> [<refspec>...]]

New changes to the old repositories can be imported into the monorepo and merged in. For example, in the above example, say repository one had a branch my_branch which continued to be developed after the migration. To pull those changes in:

Don't Stop The World: keep working in your other repositories during the migration and pull the changes into the monorepo as you go.

Maybe the source code was originally thought to be independent but was later discovered to be “rightly coupled”.

#blogumentation

For filter-branch, using pipelines like git ls-files | grep -v ... | xargs -r git rm might be a reasonable workaround but can get unwieldy and isn't as straightforward for users; plus those commands are often operating-system specific (can you spot the GNUism in the snippet I provided?)

None of the existing repository filtering tools did what I wanted; they all came up short for my needs. No tool provided any of the first eight traits below I wanted, and all failed to provide at least one of the last four traits as well:

[Old commit references] Provide a way for users to use old commit IDs with the new repository (in particular via mapping from old to new hashes with refs/replace/ references).

a cheat sheet is available showing how to convert example commands from the manual of filter-branch into filter-repo commands.

die-hard fans of filter-branch may be interested in filter-lamely (a.k.a. filter-branch-ish), a reimplementation of filter-branch based on filter-repo which is more performant

Let's say that we want to extract a piece of a repository, with the intent on merging just that piece into some other bigger repo.

--tag-rename '':'my-module-' (the single quotes are unnecessary, but make it clearer to a human that we are replacing the empty string as a prefix with my-module-)

It would be unfortunate for the "LTS" kernel version to not be installable on LTS Ubuntu.

Also, it is definitely NOT okay to recommend --force on forums, Q&A sites, or in emails to other users without first carefully explaining that --force means putting your repositories’ data at risk. I am especially bothered by people who suggest the flag when it clearly is NOT needed; they are needlessly putting other peoples' data at risk.

These checks can have both false positives and false negatives.

The .git/filter-repo/ref-map file contains a mapping of which local references were changed.

Every time filter-repo is run, files are created in the .git/filter-repo/ directory. These files overwritten unconditionally on every run.

The .git/filter-repo/commit-map file contains a mapping of how all commits were (or were not) changed.

However, the place where pip places that package might not be in your $PATH (thus requiring you to manually update your $PATH afterwards), and on windows the pip install might not take care of python-specific issues for you (see "Notes for Windows Users", above). As such, installation via package managers is recommended instead.

If your python3 executable is named "python" instead of "python3" (this particularly appears to affect a number of Windows users), then you'll also need to modify the first line of git-filter-repo to replace "python3" with "python".

one of the following package repositories:

Installation via Package Manager

the bullet-proof way to add a path (e.g., ~/opt/bin) to the PATH environment variable is PATH="${PATH:+${PATH}:}~/opt/bin"

even if system scripts do not use this (I wonder why)

Thank you for this answer, perfectly detailed.

They also let us make assumptions about relative relationships between folders during development.

Monorepos let us version our back-end with our front-end, making compability easy with combined builds and deployments using a shared CI/CD pipeline.

By default, groups created in: GitLab 12.2 or later allow both Owners and Maintainers to create subgroups. GitLab 12.1 or earlier only allow Owners to create subgroups.

Make it easier to manage people and control visibility. Give people different permissions depending on their group membership.

Organize large projects. For large projects, subgroups makes it potentially easier to separate permissions on parts of the source code.

Allowing users to use the bulk of your service without receiving cookies.

the majority of XSS attacks target theft of session cookies. A server could help mitigate this issue by setting the HttpOnly flag on a cookie it creates, indicating the cookie should not be accessible on the client.

Cross-site scripting (XSS) vulnerabilities (even in other applications running on the same domain) allow attackers to bypass essentially all CSRF preventions.

The NoScript extension for Firefox mitigates CSRF threats by distinguishing trusted from untrusted sites, and removing authentication & payloads from POST requests sent by untrusted sites to trusted ones. The Application Boundary Enforcer module in NoScript also blocks requests sent from internet pages to local sites (e.g. localhost), preventing CSRF attacks on local services (such as uTorrent) or routers.

The Self Destructing Cookies extension for Firefox does not directly protect from CSRF, but can reduce the attack window, by deleting cookies as soon as they are no longer associated with an open tab.

The advantage of this technique over the Synchronizer pattern is that the token does not need to be stored on the server.

The same-origin policy prevents an attacker from reading or setting cookies on the target domain, so they cannot put a valid token in their crafted form.

Security of this technique is based on the assumption that only JavaScript running on the client side of an HTTPS connection to the server that initially set the cookie will be able to read the cookie's value.

As the token is unique and unpredictable, it also enforces proper sequence of events (e.g. screen 1, then 2, then 3) which raises usability problem (e.g. user opens multiple tabs). It can be relaxed by using per session CSRF token instead of per request CSRF token.

In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.

Attacks were launched by placing malicious, automatic-action HTML image elements on forums and email spam, so that browsers visiting these pages would open them automatically, without much user action. People running vulnerable uTorrent version at the same time as opening these pages were susceptible to the attack.

Details were not released, citing "obvious security reasons".

Cross-site request forgery is an example of a confused deputy attack against a web browser because the web browser is tricked into submitting a forged request by a less privileged attacker.

This link may be placed in such a way that it is not even necessary for the victim to click the link. For example, it may be embedded within an html image tag on an email sent to the victim which will automatically be loaded when the victim opens their email.

A user who is authenticated by a cookie saved in the user's web browser could unknowingly send an HTTP request to a site that trusts the user and thereby causes an unwanted action.

Data tainting[edit] Netscape Navigator briefly contained a taint checking feature. The feature was experimentally introduced in 1997 as part of Netscape 3.[10] The feature was turned off by default, but if enabled by a user it would allow websites to attempt to read JavaScript properties of windows and frames belonging to a different domain. The browser would then ask the user whether to permit the access in question.

This mechanism bears a particular significance for modern web applications that extensively depend on HTTP cookies[1] to maintain authenticated user sessions, as servers act based on the HTTP cookie information to reveal sensitive information or take state-changing actions. A strict separation between content provided by unrelated sites must be maintained on the client-side to prevent the loss of data confidentiality or integrity.

Cross-site scripting attacks are a case of code injection.

A reflected attack is typically delivered via email or a neutral web site. The bait is an innocent-looking URL, pointing to a trusted site but containing the XSS vector. If the trusted site is vulnerable to the vector, clicking the link can cause the victim's browser to execute the injected script.

By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access-privileges to sensitive page content, to session cookies, and to a variety of other information maintained by the browser on behalf of the user.

Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system.

Any code designed to do more than spread the worm is typically referred to as the "payload".

Please you please cc when you create that issue. It will probably help me reproduce with rollup too.

Currently people are working around this using process.env['SECRET'] to avoid the string replacement

How do I setup a path alias? permalink First, you need to add it to the Vite configuration. In svelte.config.js add vite.resolve.alias: // svelte.config.js import path from 'path'; export default { kit: { vite: { resolve: { alias: { $utils: path.resolve('./src/utils') } } } } }; Then, to make TypeScript aware of the alias, add it to tsconfig.json (for TypeScript users) or jsconfig.json: { "compilerOptions": { "paths": { "$utils/*": ["src/utils/*"] } } }

How do I hash asset file names for caching? permalink You can have Vite process your assets by importing them as shown below: <script> import imageSrc from '$lib/assets/image.png'; </script> <img src="{imageSrc}" />

noReload Type: bool Default: false

noPreserveState Deprecated: removed and default changed from version 0.12. Use preserveLocalState instead.

Well, since you're reading this, let me tell you a little more about HMR. Magic is actually not such a good think in software development, so if we can demystify HMR a bit, it will probably benefits you when it comes to answer setup questions or, generally, get the most out of your HMR experience.

most of my 1K+ packages

There are two ways to move your packages to ESM:Pure ESMThis has the benefit that it’s easier to set up. You just add "type": "module" to your package.json, require Node.js 12, update docs & code examples, and do a major release.

CommonJS has served us well for many years, but ESM comes with many benefits, like language-level syntax, browser support, defaults to strict mode, async loading, top-level await, improved static analysis & tree-shaking, and more.

Rip off the bandaid and completely move to JavaScript Modules.

There are two ways to handle the migration:Pure: Rip off the bandaid and completely move to JavaScript Modules.Dual: Introduce a build step that transpiles a CommonJS fallback.

After discussion with the team, we're going to avoid Request and Response in favour of POJOs, which are much less cumbersome.

In a serverless-first world this gets a bit trickier. It needs to be possible to do both things, in a way that maps to the various serverless platforms out there, which most likely precludes using the (req, res) => {...} signature (and by extension, the ecosystem of Express middleware).

Something people seem to trip over a bit is the fact that session, despite being a writable store, doesn't get persisted. I wonder if we can address that:

We don't interact with the req/res objects you might be familiar with from Node's http module or frameworks like Express, because they're only available on certain platforms. Instead, SvelteKit translates the returned object into whatever's required by the platform you're deploying your app to.

Building an app with all the modern best practices — code-splitting, offline support, server-rendered views with client-side hydration — is fiendishly complicated. SvelteKit does all the boring stuff for you so that you can get on with the creative part.

makes your app inaccessible to users if JavaScript fails or is disabled (which happens more often than you probably think).

Service workers act as proxy servers that handle network requests inside your app. This makes it possible to make your app work offline, but even if you don't need offline support (or can't realistically implement it because of the type of app you're building), it's often worth using service workers to speed up navigation by precaching your built JS and CSS.

This function runs both during server-side rendering and in the client, and allows you to get data for a page without (for example) showing a loading spinner and fetching data in onMount.

When you add a redirect with cPanel interface, the system places redirect rules at the bottom of the .htaccess file.

Select a redirect type from the Type menu. Permanent (301) — This setting notifies the visitor’s browser to update its records. Temporary (302) — This setting does not update the visitor’s bookmarks.

Forwarding and URL is equivalent to Redirecting an URL. Is the same concept. You can use the words interchangeably. However, while redirecting normally refer to the practice of sending an HTTP 30x status code (generally 301 for permanent and 302 for temporary redirects) the word forwarding assumes a broader meaning. In fact, several companies (including GoDaddy) provides different type of forwarding: forward (redirect) forward with masking Forwarding an URL using the masking technique means instead of redirecting to the target transparently, the target URL is opened in a frame so that the visitor will always see the source URL in the address bar.

Post/Redirect/Get (PRG) is a web development design pattern that lets the page shown after a form submission be reloaded, shared, or bookmarked without ill effects, such as submitting the form another time.

To solve this, many people resort to a nounVerb naming schema, but this has it’s problems. For one thing, it feels unnatural to many people; postAdd just doesn’t read as well as addPost.

Current tooling doesn’t allow for a simple way to group your mutations, so a large list of them can make it difficult to see what sort of operations you can perform on a given resource (eg. add, delete, promote, hide, like, etc).

The query name doesn't have any meaning on the server whatsoever. It's only used for clients to identify the responses (since you can send multiple queries/mutations in a single request).

In fact, you can send just an anonymous query object if that's the only thing in the GraphQL request (and doesn't have any parameters):

Name your mutations verb first. Then the object, or “noun,” if applicable; createAnimal is preferable to animalCreate.

Case stylesField names should use camelCase. Many GraphQL clients are written in JavaScript, Java, Kotlin, or Swift, all of which recommend camelCase for variable names.Type names should use PascalCase. This matches how classes are defined in the languages mentioned above.Enum names should use PascalCase.Enum values should use ALL_CAPS, because they are similar to constants.

It is common good practice to use camelCase for your fields and pascalCase for the names of types.

When working with mutations it is considered good design to return mutated records as a result of the mutation. This allows us to update the state on the frontend accordingly and keep things consistent

Can you re-open this until we fix it?

I hope I won’t forget, but I’ll come back to you once we’ve got an idea on how to improve this Svelte API

Also don’t forget to call toPromise() on the Return value or it won’t execute :)

the only way to make it work is to do something like $: result = mutation(...) but it doesn't make sense, I don't want to run the mutation after each keystroke.

Currently the mutate helper in Svelte runs immediately as we’re still figuring out patterns. However, if you call a mutation programmatically you can use getClient() and call client.mutation, like so: https://formidable.com/open-source/urql/docs/concepts/core-package/#one-off-queries-and-mutations We’re still working on idiomatic Svelte APIs so this one’s also on our list to figure out what the best way forward is

For context, the previous API had a lazy promise. Currently I’m thinking we could just return a closure like in the React API

IMPORTANT Please do not ignore this template. If you do, your issue will be closed immediately.

So it can issue a cross-sign whose validity extends beyond the expiration of its own self-signed certificate without any issues.

The self-signed certificate which represents the DST Root CA X3 keypair is expiring. But browser and OS root stores don’t contain certificates per se, they contain “trust anchors”, and the standards for verifying certificates allow implementations to choose whether or not to use fields on trust anchors. Android has intentionally chosen not to use the notAfter field of trust anchors. Just as our ISRG Root X1 hasn’t been added to older Android trust stores, DST Root CA X3 hasn’t been removed. So it can issue a cross-sign whose validity extends beyond the expiration of its own self-signed certificate without any issues.

Please ensure that if the lookup fails, the exception indicates which part of the name caused the failure. It's waaay past time that the industry moves past "ENOENT: No such file or directory" in its exception reporting :)

GraphQL Field Resolution Method Dispatch type class field method obj receiver args method arguments ctx runtime state

In real life I ride a Ninja, the last in a line of many bikes over more than forty-five years. However, within this game I've apparently never ridden a sport bike. Or any motorcycle. Or a bicycle. Or watched people ride. Or walked upright. I'm playing with a Thrustmaster joystick, but frankly I might as well be controlling the bike with a Ouija board. If I can not hit a wall, it's a personal victory. Personal victories do not occur often. Instead of the feeling that I'm controlling an exquisitely balanced, steep fork angle sport bike, or even a full dress Harley with an enormously fat passenger and two flat tires, I feel like I'm controlling a rocket-powered lawnmower with several missing tires. Perhaps towing a couple trailers connected with springs. Dying fish don't flop around like me. In forty minutes I've not come close to anything resembling control, much less fun, and I've hit my limit on time I'm willing to throw at it. Wasted money for me; time to acknowledge my mistake, uninstall and get on with my life.

1. The main folder names have numbers in front of them, such as 0-base to ensure that the folders stay in that particular order. You can certainly omit this or choose different folder names.

Note that not all of the colors in SMUI read from CSS variables, so some parts will still use the colors defined in the original Sass compile.

Because of that, it's essential that the bundler doesn't treat the package as an external dependency. You can either modify the external option under server in rollup.config.js or the externals option in webpack.config.js,

or simply install the package to devDependencies rather than dependencies, which will cause it to get bundled (and therefore compiled) with your app:

The super hacky alternative... using an error's stack trace When I got this to work I literally laughed out loud 😂. It might be the most hacky solution to a problem I've found yet

It's a chicken-and-egg-like problem: If we use module: 'commonjs', then if any TS files import ES Modules (indirectly in their dependency graph), then Node throws an error because CommonJS modules can not import ES Modules.

abandoned

You would struggle to fit a list of all the issues onto the Great Wall of China even with tiny handwriting, but here are a couple of very simple UI issues that make me think, if you can't get this right, why are you bothering?

The thing that makes the client-side invocation return the same data as the server-side one is that the results of calling fetch during SSR are serialized and inlined into the page. This ensures consistency when the page hydrates, and saves network round-trips (and also means less data needs to come over the wire, since everything can get compressed using the same gzip dictionary or whatever).

This allows you to have any sort of object as a prop (e.g. you could dynamically import a component inside load and use it with <svelte:component>).

Using unfinished software to build an app that will be seen by millions of people is a risk, and in general I don't recommend it. But it has enabled us to develop the app much faster, and has made the framework itself much stronger than it otherwise would be.

Vite falls into the same category as Snowpack.

Use cases: Volumes are most useful when you need more storage space but don’t need the additional processing power or memory that a larger Droplet would provide, like: As the document root or media upload directory for a web server To house database files for a database server As a target location for backups As expanded storage for personal file hosting platforms like ownCloud As components for building more advanced storage solutions, like RAID arrays

Familiarity: Volumes function as generic block devices, so you can treat attached volumes like locally connected storage drives. This lets you partition, format, and manage volumes with familiar tools and techniques.

However, the novelty wears off quickly and the whole thing soon becomes a slog — the career mode could be cut in half and the experience would be better for it.

However, as powerful as the <picture> element is, sometimes it gives us more power than is actually needed to achieve suitable responsiveness. Sometimes all it really takes is a regular <img> element using the srcset and sizes attributes inline.

That image only contains 200 pixels horizontally, but the browser stretches it to 400px wide or even farther!Luckily, you’ll see there’s an easy “fix” there at the end: our old good friend the width attribute!<img src="example.gif", srcset="example.gif 200w" sizes="(min-width: 400px) 400px, 100vw" width="200" /* <=== TA-DA! */ class="logo">As long as you can specify the width attribute so it reflects the true maximum size of your largest image, you won’t run into this problem of having sizes make your image wider than it naturally should go.

The selected source size affects the intrinsic size of the image (the image’s display size if no CSS styling is applied).

Of course in the world of responsive images, we put constraints on our images with CSS:img { max-width: 100%;}Now the image appears at it’s natural size unless it’s constrained by the parent container! Excellent.

Any news on this? It has been over a year?

Cadence on the other hand is about the rhythm at which the business can regularly and consistently delivery projects that effect change.

Agile as a methodology is designed to be adaptive to multiple conditions and drivers to enhance the speed of delivery, but it is most successful when the organisation adopting it understands its own in-built cadence, i.e. its specific rhythm of project delivery.

Note the difference between pace and cadence. Pace is 1/speed in (eg. min/km) whereas cadence refers to steps/minute

Why, it's a pleasure, and thank you kindly; glad to have been of help! =)

That's it! Yay! I have to say that you sure know your stuff. Thanks.

What I am attempting to do is to highlight a div with a certain id, when It has been referred to by an anchor on another page IE: User clicks link href="qw.html#test", when the page is loaded, then the div with the id="test" is highlighted so that the user can see it clearly.

You need to use the :target pseudo-class: :target { background-color: #ffa; }

I am unable to change the name and URL of my Kickstarter account.

My name is Floyd Lu, I have been designing and publishing games since 2015 under B&B Games studio. In 2020 B&B Games studio dissolved. I took over a part of the business including this account. I am unable to change the name and URL of my Kickstarter account. I delivered and personally worked on each project that I did and I can't transfer all the followers, therefore, I am still launching new projects under this account.

Without links, the World Wide Web would be more appropriately called the World Wide Set Of Unrelated Pages, or, incidentally, WWSOUP.

While it’s great how simple and effective the process is of “linking” pages together, I think there’s room for improvement.

deep URLs are not allowed in the "Website" field. If you use keywords or deep URLs, your comment or URL will be removed.

when HTML5 started, the feedback from the HTML5 guys was pretty clear: HTML5 is there to improve web apps (standards-based flash! yay!), and not to improve HTML as a hypermedia format. http://dret.typepad.com/dretblog/2008/05/xhtml-fragment.html was a very early attempt to raise the issue and was shot down promptly. with HTML5 now branching into so many micro-specs (https://github.com/dret/HTML5-overview), maybe there’s a good chance to simply create a “FragIDs in HTML5” spec and see if there’s any community uptake. it would be great to see this getting started, and maybe IETF with its more open process would be a better place than W3C.

For this very reason, we have the hx’s on our site dynamically create id’s. I love being able to direct people directly to a particular part of a page when I find something interesting, but the problem is that only we, as developers, know how to do this.

I like the idea in theory, however it doesn’t feel very robust – you are relying on the layout of the page in question. Many authors regularly revisit articles and add new sections and paragraphs. Now your #h2:3 link points to a previous section. (This is far less likely to happen with IDs.)

Linking directly to someone’s blog comment is very useful. Even if a blog doesn’t have an active link for each comment, it’s pretty easy to use developer tools to find the comment’s id and link to it. I’ve done this many times on Smashing Magazine (they don’t have live links on each comment). If there was no way to link to an individual blog comment, this would be a great hindrance to linking on the web. It would not be enough to link to the “#comments” section and then hope for the best. So CMSs like WordPress do the right thing by dynamically adding a unique identifier to each comment.

The reason fragments should be identifiable by users is because a user, not the content creator or the developer, will ultimately decide whether or not a portion of content is valuable or notable in some way.

Yes, the content creator should have the ability to decide how a page is generally divided, if they choose to do so. But the end user should not be restricted from linking to content fragments just because a developer couldn’t be bothered to add id attributes to every element on the page. And that’s besides the fact that it would be a waste of time for a developer to do that or to have to build a CMS that does it automatically.

The simple problem that I see with fragment identifiers is that their existence and functionality relies completely on the developer rather than the browser. Yes, the browser needs to read and interpret the identifier and identify the matching fragment. But if the developer doesn’t include any id attributes in the HTML of the page, then there will be no identifiable fragments. Do you see why this is a problem? Whether the developer has coded identifiers into the HTML has nothing to do with whether or not the page actually has fragments. Virtually every web page has fragments. In fact, sectioning content as defined in the HTML5 spec implies as much. Every element on the page that can contain content can theoretically be categorized as a “fragment”.

So why is it up to the developer (or content creator) to define whether or not a specific portion of the content can be linked to? When any page of content is created, there is no way of knowing which sections of the page are worthy of being identified.

The developer or content creator may have a general idea of how a page’s content might be divided up, but ultimately it will be the linking resource that should have full control over what portion of the page they want to highlight.

This means that, regardless of what the developer has done behind the scenes in the HTML, all HTML fragments on that page should be identifiable by external referrers.