JonKazama-Hellion/Hellion-NewTab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 8 Wiki Activity

Compare commits

base: JonKazama-Hellion/Hellion-NewTab:v1.11.0
Branches Tags
JonKazama-Hellion/Hellion-NewTab:master JonKazama-Hellion/Hellion-NewTab:renovate/configure
JonKazama-Hellion/Hellion-NewTab:v2.1.0 JonKazama-Hellion/Hellion-NewTab:v2.0.0 JonKazama-Hellion/Hellion-NewTab:v1.11.0 JonKazama-Hellion/Hellion-NewTab:v1.11.1 JonKazama-Hellion/Hellion-NewTab:v1.9.0 JonKazama-Hellion/Hellion-NewTab:v1.8.0 JonKazama-Hellion/Hellion-NewTab:v1.7.1 JonKazama-Hellion/Hellion-NewTab:v1.7.0 JonKazama-Hellion/Hellion-NewTab:v1.6.0 JonKazama-Hellion/Hellion-NewTab:v1.5.3 JonKazama-Hellion/Hellion-NewTab:v1.5.2 JonKazama-Hellion/Hellion-NewTab:v1.2.0
..
compare: JonKazama-Hellion/Hellion-NewTab:v1.11.1
Branches Tags
JonKazama-Hellion/Hellion-NewTab:master JonKazama-Hellion/Hellion-NewTab:renovate/configure
JonKazama-Hellion/Hellion-NewTab:v2.1.0 JonKazama-Hellion/Hellion-NewTab:v2.0.0 JonKazama-Hellion/Hellion-NewTab:v1.11.0 JonKazama-Hellion/Hellion-NewTab:v1.11.1 JonKazama-Hellion/Hellion-NewTab:v1.9.0 JonKazama-Hellion/Hellion-NewTab:v1.8.0 JonKazama-Hellion/Hellion-NewTab:v1.7.1 JonKazama-Hellion/Hellion-NewTab:v1.7.0 JonKazama-Hellion/Hellion-NewTab:v1.6.0 JonKazama-Hellion/Hellion-NewTab:v1.5.3 JonKazama-Hellion/Hellion-NewTab:v1.5.2 JonKazama-Hellion/Hellion-NewTab:v1.2.0

1 Commits
v1.11.0 .. v1.11.1

Author SHA1 Message Date
JonKazama-Hellion 677344f24d docs(release): Dokumentation ins Englische übersetzen und v1.11.1 Docs 
- README, CHANGELOG, DISCLAIMER, SECURITY auf Englisch übersetzen
- Projekt-Docs (architecture, patterns, widget-schema, style-guide) übersetzen
- CODEOWNERS für Master-Branch-Schutz hinzufügen
- release.yml auf Englisch übersetzen
- STYLE_GUIDE von src/css/ nach docs/ verschieben
 2026-03-22 13:12:24 +01:00
12 changed files with 973 additions and 592 deletions
Expand all files Collapse all files
.github/FUNDING.yml
+5 -2
View File
@@ -1,4 +1,7 @@
# These are supported funding model platforms
# Hellion NewTab — Support & Funding
# All tools are free and open-source. Donations are voluntary and go toward server costs.
ko_fi: hellionmedia
custom:
- "https://hellion-media.de"
.github/workflows/release.yml
+10 -10
View File
@@ -1,4 +1,4 @@
# Release — erstellt ZIP-Pakete für Chrome, Firefox und Opera bei neuem Tag
# Release — creates ZIP packages for Chrome, Firefox and Opera on new tag
name: Release
on:
@@ -17,18 +17,18 @@ jobs:
- name: Checkout
uses: actions/checkout@v4
- name: Version aus Tag extrahieren
- name: Extract version from tag
id: version
run: echo "tag=${GITHUB_REF#refs/tags/}" >> "$GITHUB_OUTPUT"
- name: Chrome/Edge ZIP erstellen (Manifest V3)
- name: Create Chrome/Edge ZIP (Manifest V3)
run: |
mkdir -p dist
zip -r "dist/hellion-newtab-${{ steps.version.outputs.tag }}-chrome.zip" \
manifest.json newtab.html src/js/*.js src/css/ assets/ \
-x "*.git*" "dist/*" ".github/*" "src/js/opera/*"
- name: Firefox ZIP erstellen (Manifest V3)
- name: Create Firefox ZIP (Manifest V3)
run: |
cp manifest.json manifest.chrome-backup.json
cp manifest.firefox.json manifest.json
@@ -37,7 +37,7 @@ jobs:
-x "*.git*" "dist/*" ".github/*" "manifest.chrome-backup.json" "manifest.firefox.json" "src/js/opera/*"
mv manifest.chrome-backup.json manifest.json
- name: Opera/Opera GX ZIP erstellen (Manifest V3 + Workaround)
- name: Create Opera/Opera GX ZIP (Manifest V3 + workaround)
run: |
cp manifest.json manifest.chrome-backup.json
cp manifest.opera.json manifest.json
@@ -46,13 +46,13 @@ jobs:
-x "*.git*" "dist/*" ".github/*" "manifest.chrome-backup.json" "manifest.opera.json"
mv manifest.chrome-backup.json manifest.json
- name: SHA256 Checksummen erstellen
- name: Generate SHA256 checksums
run: |
cd dist
sha256sum *.zip > checksums-sha256.txt
cat checksums-sha256.txt
- name: GitHub Release erstellen
- name: Create GitHub Release
uses: softprops/action-gh-release@v2
with:
name: "Hellion NewTab ${{ steps.version.outputs.tag }}"
@@ -64,10 +64,10 @@ jobs:
- **Firefox:** `hellion-newtab-${{ steps.version.outputs.tag }}-firefox.zip`
- **Opera / Opera GX:** `hellion-newtab-${{ steps.version.outputs.tag }}-opera.zip`
Siehe [README](README.md) für die vollständige Installationsanleitung.
See [README](README.md) for the full installation instructions.
### Checksummen
Siehe `checksums-sha256.txt` zur Integritätsprüfung.
### Checksums
See `checksums-sha256.txt` to verify file integrity.
files: |
dist/hellion-newtab-${{ steps.version.outputs.tag }}-chrome.zip
dist/hellion-newtab-${{ steps.version.outputs.tag }}-firefox.zip
CHANGELOG.md
+135 -54
View File
@@ -1,91 +1,172 @@
# ⬡ Hellion Dashboard — Changelog
Alle relevanten Änderungen pro Version. Format basiert auf [Keep a Changelog](https://keepachangelog.com/de/1.0.0/).
All notable changes per version. Format based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
> Changelog entries can be written in English or German. English preferred for consistency.
---
### v1.10.0 — 22.03.2026
#### Themes
- **3 new themes** — Satisfactory (Industrial Desert), Avorion (Deep Void) and Hellion Stealth (Tactical Recon)
- Now **11 themes** total, each with its own accent colors, overlays and font styles
- Satisfactory has increased board alpha (0.65) and stronger blur (12px), a deliberate choice for better readability on a visually busy background
- Avorion uses a radial gradient overlay so the ship in the center of the image stays visible
- Hellion Stealth is the only theme with a `border-left` hover effect in tactical scanner style
---
### v1.9.0 — 22.03.2026
#### New Features
- **Onboarding reworked** — 7 slides instead of 6, new slide explains the widget toolbar with all widgets
- **Gaming Starter Board** — Opt-in during onboarding: pre-filled board with links to Satisfactory, Factorio, Avorion, Minecraft and Star Citizen
- **Settings redesign** — Settings panel slimmed down to 3 sections (Widgets, Data & Help, Danger Zone)
- **Appearance modal** — Theme picker and all display settings combined in one modal instead of spread across the panel
- **Fixed about footer** — Developer info, license and links are now permanently visible at the bottom of the settings panel
- **Project documentation** — `docs/architecture.md`, `docs/widget-schema.md` and `docs/patterns.md` for anyone who wants to fork or contribute
#### Improvements
- All labels and descriptions unified in German, no more language mix
- Dropdown options use theme colors instead of white browser default
- Firefox update URL for store publishing added to `manifest.firefox.json`
---
### v1.8.0 — 21.03.2026
#### New Features
- **Image Reference Widget** — Drop images as floating reference widgets (max. 3 at once)
- Canvas API WebP conversion for smaller file sizes, all local in the browser
- Two-layer storage: metadata persistent, image data session-only (sessionStorage)
- Load images via drag & drop or file dialog
- Labels editable with debounced save
- Feature is off by default, enable via Settings → Widgets
---
### v1.7.1 — 21.03.2026
#### Improvements
- **Timer mute toggle** — Alarm can be muted via icon button without restarting the timer
- Alarm volume reduced to 7%, 30% was a bit much
- Mute state is saved and persists on next open
---
### v1.7.0 — 21.03.2026
#### New Features
- **Calculator widget** — Shunting-yard parser (no `eval()`), history of last calculations, keyboard input
- **Timer/countdown widget** — Saveable presets, Web Audio API alarm, tab title blinks when timer completes
- **Widget z-index fix** — Widgets now correctly render above the search bar (z-index 100+)
---
### v1.6.0 — 21.03.2026
#### New Features
- **Widget system** — Draggable, resizable floating panels managed by WidgetManager
- **Notes & checklists** — Multi-instance widgets (max. 5) with text and checklist template, Markdown support, export as `.md`
- **Notebook sidebar** — All notes at a glance, quick access via toolbar
- **Widget toolbar** — Floating buttons on the side for quick access to all widgets, position (left/right) configurable in Settings
- **Sticky note migration** — Old sticky notes are automatically migrated to the new widget system on first launch
#### Improvements
- Ko-fi support link added to the about section and `FUNDING.yml`
---
### v1.5.2 — 21.03.2026
#### Neue Features
#### New Features
- **Custom Dialog-System** — Native `confirm()` und `alert()` durch Frosted-Glass-Dialoge ersetzt (`dialog.js`)
- **Onboarding** — 6-stufiger Willkommens-Flow beim ersten Start mit Boards, Themes, Features und Backup-Hinweis
- **Backup-Reminder** — Erinnert alle 7 Tage an JSON-Export, warnt vor Datenverlust bei Browser-Reset
- **Theme-Modal** — Theme-Picker als eigenes Modal aus Settings ausgelagert, eigener Header-Button
- **Accordion-Settings** — Alle Settings-Sektionen einklappbar mit Chevron (About/Danger Zone standardmäßig zu)
- **Custom dialog system** — Native `confirm()` and `alert()` replaced with frosted glass dialogs (`dialog.js`)
- **Onboarding** — 6-step welcome flow on first launch with explanations for boards, themes, features and a backup reminder
- **Backup reminder** — Reminds every 7 days to run a JSON export and warns about data loss on browser reset
- **Theme modal** — Theme picker moved to its own modal with its own header button
- **Accordion settings** — All settings sections collapsible (About and Danger Zone closed by default)
#### Verbesserungen
#### Improvements
- Fonts von Google Fonts API auf lokale WOFF2-Dateien umgestellt (DSGVO)
- Ungenutzte Font-Dateien entfernt (~388 KB gespart)
- `innerHTML` komplett durch `createElement`/`createElementNS` ersetzt (XSS-Schutz)
- SVG-Icons via `createElementNS` statt Inline-HTML
- Drag & Drop: Inline-Styles durch CSS-Klassen ersetzt (`.drag-ghost`, `.drag-over`, `.dragging-source`)
- Suchleisten-Toggle von DATA nach BEHAVIOR verschoben
- Nicht implementiertes "Quick Save" UI-Element entfernt
- Onboarding wiederholbar über Settings → Help
- Fonts migrated from Google Fonts API to local WOFF2 files (GDPR, ~388 KB saved)
- `innerHTML` fully replaced with `createElement` and `createElementNS` (XSS protection)
- SVG icons now via `createElementNS` instead of inline HTML
- Drag & drop uses CSS classes instead of inline styles (`.drag-ghost`, `.drag-over`, `.dragging-source`)
- Search bar toggle moved from DATA to BEHAVIOR section
- Unimplemented "Quick Save" UI element removed
- Onboarding repeatable via Settings → Help
#### Opera / Opera GX
- `manifest.opera.json` hinzugefügt (MV3 mit Workaround-Skripten)
- `src/js/opera/background.js` — Tab-Management gegen Opera Speed Dial
- `src/js/opera/redirect.js` — Content Script Redirect bei `document_start`
- `manifest.opera.json` added (MV3 with workaround scripts)
- `src/js/opera/background.js` monitors tabs and redirects away from Opera Speed Dial
- `src/js/opera/redirect.js` fires as content script at `document_start`
#### Firefox
- `manifest.firefox.json` auf Manifest V3 migriert
- `browser_specific_settings` mit Gecko-ID und `data_collection_permissions`
- `manifest.firefox.json` migrated to Manifest V3
- `browser_specific_settings` with Gecko ID and `data_collection_permissions` added
#### Build & CI
- GitHub Actions: Release erstellt jetzt 3 ZIP-Pakete (Chrome, Firefox, Opera)
- Quality-Check prüft alle 3 Manifests und Opera-Ordner
- GitHub Actions release now builds 3 ZIP packages (Chrome, Firefox, Opera)
- Quality check validates all 3 manifests and the Opera folder
---
### v1.2.0 — 20.03.2026
- Projektstruktur in `src/js/`, `src/css/`, `assets/` aufgeteilt
- JS in 10 Module aufgeteilt (storage, state, themes, boards, drag, settings, search, sticky, data, app)
- Firefox-Kompatibilität (`manifest.firefox.json`, Manifest V3)
- Vivaldi bestätigt kompatibel
- Theme-Bildpfade korrigiert (Settings Preview)
- URL-Validierung bei Bookmark-Erstellung
- JSON-Import mit Board- und Bookmark-Struktur-Validierung
- XSS-Schutz: `createElement` statt `innerHTML` für Bookmarks
- Storage-Quota-Prüfung mit Warnung bei 8 MB+
- Event Delegation für Bookmark-Klicks (Performance)
- Responsive Design (Tablet 768px, Smartphone 480px)
- Sticky Note Header-Kollision behoben
- FileReader-Fehlerbehandlung für Hintergrundbild-Upload
- GitHub Actions: Security Scan, Code Quality, Release Automation
- 3 Themes ersetzt: Astronaut → Nebula, Cosmic Clock → Crescent, Void Mage → Event Horizon
- Alle Theme-Bilder lizenzrechtlich geprüft und dokumentiert
- LICENSE (CC BY-NC-SA 4.0), SECURITY.md und DISCLAIMER.md hinzugefügt
- Project structure split into `src/js/`, `src/css/` and `assets/`
- JS split into 10 modules (storage, state, themes, boards, drag, settings, search, sticky, data, app)
- Firefox compatibility (`manifest.firefox.json`, Manifest V3)
- Vivaldi confirmed compatible
- Theme image paths fixed (settings preview)
- URL validation on bookmark creation
- JSON import validates board and bookmark structure
- XSS protection: `createElement` instead of `innerHTML` for bookmarks
- Storage quota check with warning at 8 MB+
- Event delegation for bookmark clicks (performance)
- Responsive design (tablet 768px, smartphone 480px)
- Sticky note header collision fixed
- FileReader error handling for background image upload
- GitHub Actions: security scan, code quality, release automation
- 3 themes replaced: Astronaut → Nebula, Cosmic Clock → Crescent, Void Mage → Event Horizon
- All theme images checked and documented for license compliance
- LICENSE (CC BY-NC-SA 4.0), SECURITY.md and DISCLAIMER.md added
---
### v1.1.0 — 20.03.2026
- 5 neue Themes (Merchantman, Julia & Jin, SC Sunset, Hellion HUD, Hellion Energy)
- Suchleiste (Google / DuckDuckGo / Bing)
- Sticky Note Widget
- JSON Export & Import
- Datum neben der Uhr
- About / Impressum in Settings
- Board Blur-Funktion (Privat-Modus)
- Drag & Drop auf Pointer Events umgestellt
- Opera / Opera GX Kompatibilität
- 5 new themes (Merchantman, Julia & Jin, SC Sunset, Hellion HUD, Hellion Energy)
- Search bar (Google, DuckDuckGo, Bing)
- Sticky note widget
- JSON export & import
- Date next to the clock
- About / imprint in settings
- Board blur function (privacy mode)
- Drag & drop migrated to Pointer Events API
- Opera / Opera GX compatibility
---
### v1.0.0 — 20.03.2026
- Initiales Release
- Boards & Bookmarks mit Drag & Drop
- 3 Themes (Nebula, Crescent, Event Horizon)
- HTML-Import (Browser-Lesezeichen)
- Settings Panel
- Initial release
- Boards & bookmarks with drag & drop
- 3 themes (Nebula, Crescent, Event Horizon)
- HTML import (browser bookmarks)
- Settings panel
---
DISCLAIMER.md
+62 -28
View File
@@ -1,47 +1,81 @@
# Haftungsausschluss — Hellion NewTab
# Disclaimer — Hellion NewTab
## Nutzung auf eigenes Risiko
## Use at Your Own Risk
Diese Browser-Extension wird "wie besehen" (as-is) zur Verfügung gestellt, ohne jegliche ausdrückliche oder stillschweigende Gewährleistung, einschließlich, aber nicht beschränkt auf die Gewährleistung der Marktgängigkeit, der Eignung für einen bestimmten Zweck und der Nichtverletzung von Rechten Dritter.
This browser extension is provided "as is", without warranty of any kind, express
or implied, including but not limited to the warranties of merchantability, fitness
for a particular purpose and non-infringement.
## Keine Garantie
## No Guarantee
Der Entwickler übernimmt keine Haftung für:
The developer assumes no liability for:
- Datenverlust durch fehlerhafte Speicherung, Browser-Updates oder Extension-Deinstallation
- Inkompatibilitäten mit bestimmten Browser-Versionen oder Betriebssystemen
- Schäden, die durch die Nutzung oder Nichtnutzung dieser Extension entstehen
- Verfügbarkeit oder Korrektheit von Drittanbieter-Diensten (Google Favicons API)
- Data loss caused by storage errors, browser updates or extension uninstallation
- Incompatibilities with specific browser versions or operating systems
- Damages arising from the use or inability to use this extension
- Availability or accuracy of third-party services (Google Favicons API)
## Datenspeicherung
## Data Storage
Alle Daten werden ausschließlich lokal im Browser gespeichert (`chrome.storage.local`). Es erfolgt keine Übertragung an externe Server. Der Entwickler hat keinen Zugriff auf gespeicherte Bookmarks, Einstellungen oder Notizen.
All data is stored exclusively in the local browser (`chrome.storage.local`).
No data is transmitted to external servers. The developer has no access to stored
bookmarks, settings, notes or any other user data.
**Empfehlung:** Regelmäßig JSON-Backups über die Export-Funktion erstellen.
**Recommendation:** Create regular JSON backups using the export function in Settings.
## Drittanbieter-Dienste
## No Guaranteed Updates
Diese Extension nutzt folgende externe Dienste:
This extension is maintained by a single developer in their spare time.
Continued development and updates are not guaranteed. Features may change,
projects may pause, and support is provided on a best-effort basis, not as an obligation.
| Dienst | Zweck | Datenschutz |
## Third-Party Services
| Service | Purpose | Privacy |
|---|---|---|
| Google Favicons API | Bookmark-Icons laden | Es wird nur die Domain übermittelt, keine vollständige URL |
| Google Fonts | Schriftarten (Rajdhani, Inter, Cinzel) | Standardmäßige Google-Fonts-Nutzungsbedingungen |
| Google Favicons API | Load bookmark icons | Only the domain is transmitted, not the full URL |
## Änderungen
## Trademark
Der Entwickler behält sich das Recht vor, diese Extension jederzeit zu ändern, zu aktualisieren oder einzustellen, ohne vorherige Ankündigung.
The name "Hellion Online Media", the associated logo and all related graphics are
the property of Florian Wathling / Hellion Online Media and may not be used without
explicit permission. The CC BY-NC-SA 4.0 license applies to the source code and
content of this project, not to trademarks or brand assets.
## Kontakt
Forks and derivative works must remove or replace all Hellion Online Media branding.
| | |
| --- | --- |
| **Entwickler** | Florian Wathling |
| **Unternehmen** | Hellion Online Media |
| **Web** | [hellion-media.de](https://hellion-media.de) |
| **E-Mail** | [kontakt@hellion-media.de](mailto:kontakt@hellion-media.de) |
| **Impressum** | [hellion-media.de/impressum](https://hellion-media.de/impressum) |
## Legal
This extension is developed and maintained by Florian Wathling / Hellion Online Media,
based in Bad Harzburg, Germany. All matters are handled in accordance with German
and EU law, including the General Data Protection Regulation (GDPR / DSGVO).
For legal inquiries: [hellion-media.de/impressum](https://hellion-media.de/impressum)
## Use of AI
**Claude:** Code analysis, bug fixing, documentation and proofreading.
**Me:** Architecture, features and logic are planned, thought through and written by me.
Who looks for "AI patterns" in the code: clean indentation is the linter,
okayish variable names are the developer, and the semicolon hiding somewhere
is what Claude finds. That's how it works.
I have ADHD and mild dyslexia. Claude helps me stay focused and makes sure
others can follow the code too. That's exactly what open source is for.
Source code is open, every decision is traceable.
---
**Hellion NewTab** — [Hellion Online Media - Florian Wathing](https://hellion-media.de) — JonKazama-Hellion
| | |
|---|---|
| **Developer** | Florian Wathling |
| **Company** | Hellion Online Media |
| **Web** | [hellion-media.de](https://hellion-media.de) |
| **Imprint** | [hellion-media.de/impressum](https://hellion-media.de/impressum) |
| **Contact** | [kontakt@hellion-media.de](mailto:kontakt@hellion-media.de) |
---
**Hellion NewTab** — [Hellion Online Media — Florian Wathling](https://hellion-media.de) — JonKazama-Hellion
README.md
+194 -178
View File
@@ -4,31 +4,31 @@
![JavaScript](https://img.shields.io/badge/JavaScript-Vanilla%20ES2020-F7DF1E?logo=javascript&logoColor=black)
![Manifest](https://img.shields.io/badge/Manifest-V3-green)
![License](https://img.shields.io/badge/License-CC%20BY--NC--SA%204.0-orange)
![Privacy](https://img.shields.io/badge/Privacy-100%25%20Lokal-448f45)
![Privacy](https://img.shields.io/badge/Privacy-100%25%20Local-448f45)
[![Ko-fi](https://img.shields.io/badge/Support-Ko--fi-ff5e5b?logo=ko-fi)](https://ko-fi.com/hellionmedia)
**Kein Account. Kein Abo. Keine Cloud. Alle Daten bleiben 100% lokal.**
**No account. No subscription. No cloud. All data stays 100% local.**
Ein persönlicher Bookmark-Dashboard als Browser-Extension.
Boards, Drag & Drop, 8 Themes, Suchleiste, Sticky Notes — alles im Browser, alles offline.
Keine externe Datenübertragung, keine Tracker, keine Analytics, keine Werbung.
A personal bookmark dashboard as a browser extension.
Boards, drag & drop, 11 themes, search bar, widget system with notes, calculator, timer and more. All in the browser, all offline.
No external data transmission, no trackers, no analytics, no ads.
Entwickelt von **[Hellion Online Media — Florian Wathling](https://hellion-media.de)** — JonKazama-Hellion.
Developed by **[Hellion Online Media — Florian Wathling](https://hellion-media.de)** — JonKazama-Hellion.
---
## Was diese Extension NICHT ist
## What this extension is NOT
- Kein Cloud-Sync und kein Account-System
- Keine Datenerfassung oder Telemetrie
- Keine Drittanbieter-Abhängigkeiten oder Build-Tools
- Kein Netzwerkverkehr außer Favicon-Abruf (Google Favicons API)
- No cloud sync and no account system
- No data collection or telemetry
- No third-party dependencies or build tools
- No network traffic except favicon fetching (Google Favicons API)
## Was diese Extension IST
## What this extension IS
Ein lokaler, privater NewTab-Ersatz für alle gängigen Browser.
Bookmarks werden in `chrome.storage.local` gespeichert — nichts verlässt den Browser.
Was angezeigt wird, ist was gespeichert ist. Keine Magie.
A local, private NewTab replacement for all major browsers.
Bookmarks are stored in `chrome.storage.local`, nothing leaves the browser.
What you see is what's saved. No magic.
---
@@ -36,25 +36,30 @@ Was angezeigt wird, ist was gespeichert ist. Keine Magie.
### Boards & Bookmarks
- Boards als Gruppen für Links — per Drag & Drop umsortierbar
- Bookmarks mit Favicon, Titel, optionaler Beschreibung
- Boards per Blur-Button verstecken (Privat-Modus)
- HTML-Import von Browser-Lesezeichen (Chrome, Edge, Firefox)
- JSON Export & Import (Backup & Restore)
- Boards as groups for links, sortable via drag & drop
- Bookmarks with favicon, title and optional description
- Hide boards with the blur button (privacy mode)
- HTML import from browser bookmarks (Chrome, Edge, Firefox)
- JSON export & import (backup & restore)
### Suchleiste
### Search Bar
- Google, DuckDuckGo oder Bing — per Klick wechselbar
- Ein/ausblendbar über Settings
- Google, DuckDuckGo or Bing, switchable with a click
- Toggleable via Settings
### Sticky Note
### Widget System
- Schwebendes Notiz-Widget, frei positionierbar
- Text und Position werden persistent gespeichert
- **Notes & Checklists** — Floating note widgets with text or checklist template (max. 5)
- **Calculator** — Shunting-yard parser (no `eval()`), history, keyboard input
- **Timer / Countdown** — Saveable presets, Web Audio API alarm, mute toggle, tab title blinks on completion
- **Image Reference** — Images as floating reference widgets, Canvas API WebP conversion (max. 3, enable in Settings)
- **Notebook Sidebar** — All notes at a glance
- **Widget Toolbar** — Floating buttons for quick access, position (left/right) configurable in Settings
- All widgets: draggable, resizable, z-index stacking on click
### 8 Themes
### 11 Themes
| Theme | Akzent | Stil |
| Theme | Accent | Style |
|---|---|---|
| Nebula | `#b359ff` Magenta | Cosmic Nebula |
| Crescent | `#d4bd8a` Gold | Minimalist Night |
@@ -64,60 +69,58 @@ Was angezeigt wird, ist was gespeichert ist. Keine Magie.
| SC Sunset | `#ff8c3d` Amber | Planet-Side |
| Hellion HUD | `#32ff6a` Neon Green | Circuit Board |
| Hellion Energy | `#1eff8e` Acid Green | Tactical |
| Satisfactory | `#00b4d8` Cyan | Industrial Desert |
| Avorion | `#2ec4a0` Turquoise | Deep Void |
| Hellion Stealth | `#5ec2ff` Tech Blue | Tactical Recon |
### Bild-Credits
### Image Credits
| Theme | Quelle | Lizenz |
| Theme | Source | License |
|---|---|---|
| Nebula | [Temel / mrwashingt0n](https://pixabay.com/de/users/mrwashingt0n-15745216/) auf Pixabay | Pixabay License (frei) |
| Crescent | [Daniil Silantev](https://unsplash.com) auf Unsplash | Unsplash License (frei) |
| Event Horizon | Eigenes Werk — Stillframe von [hellion-initiative.online](https://hellion-initiative.online) | Hellion Online Media |
| Merchantman | [Roberts Space Industries](https://robertsspaceindustries.com) — Made by the community | RSI Community Content |
| SC Sunset | Screenshot aus Star Citizen von Cloud Imperium Games | Fan Content |
| Julia & Jin | Eigenes Werk — Final Fantasy XIV Screenshot, bearbeitet in Photoshop | Hellion Online Media |
| Hellion HUD | Eigenes Werk — AI-generiert und nachbearbeitet für hellion-media.de | Hellion Online Media |
| Hellion Energy | Eigenes Werk — AI-generiert für hellion-media.de | Hellion Online Media |
| Nebula | [Temel / mrwashingt0n](https://pixabay.com/de/users/mrwashingt0n-15745216/) on Pixabay | Pixabay License (free) |
| Crescent | [Daniil Silantev](https://unsplash.com) on Unsplash | Unsplash License (free) |
| Event Horizon | Own work, still frame from [hellion-initiative.online](https://hellion-initiative.online) | Hellion Online Media |
| Merchantman | [Roberts Space Industries](https://robertsspaceindustries.com), made by the community | RSI Community Content |
| SC Sunset | Screenshot from Star Citizen by Cloud Imperium Games | Fan Content |
| Julia & Jin | Own work, Final Fantasy XIV screenshot, edited in Photoshop | Hellion Online Media |
| Hellion HUD | Own work, AI-generated and post-processed for hellion-media.de | Hellion Online Media |
| Hellion Energy | Own work, AI-generated for hellion-media.de | Hellion Online Media |
| Satisfactory | Screenshot from Satisfactory by Coffee Stain Studios | Fan Content |
| Avorion | Own work, screenshot from Avorion, Hellion Initiative ship | Hellion Online Media |
| Hellion Stealth | Screenshot from Star Citizen by Cloud Imperium Games | Fan Content |
### Onboarding & Dialoge
### Onboarding & Dialogs
- 6-stufiger Willkommens-Flow beim ersten Start
- Custom Frosted-Glass-Dialoge statt nativer Browser-Popups
- Backup-Reminder alle 7 Tage (warnt vor Datenverlust bei Browser-Reset)
- 7-step welcome flow on first launch with widget explanation and optional gaming starter board
- Custom frosted glass dialogs instead of native browser popups
- Backup reminder every 7 days (warns about data loss on browser reset)
### Settings (Accordion)
### Appearance & Settings
- Einklappbare Sektionen mit Chevron — About/Danger Zone standardmäßig geschlossen
- Compact Mode — reduziert Abstände für mehr Bookmarks
- Shorten Titles — kürzt lange Titel auf eine Zeile
- Open in New Tab — Bookmarks in neuem Tab öffnen
- Show Descriptions — Beschreibungen unter Bookmarks anzeigen
- Hide Extra Bookmarks — Boards ab 5/10/20 Bookmarks einklappen
- Suchleiste ein/ausblenden
- JSON Export / Import
- Onboarding wiederholbar
- Danger Zone — Reset aller Daten
### Theme-Picker (eigener Header-Button)
- 8 Themes als zentriertes Modal
- Hintergrundbild per URL oder lokaler Upload
- **Appearance modal** (header button), theme picker, background image and all display options in one modal
- **Settings panel** (header button), widgets, data & help, danger zone
- **About footer**, developer info, license and support links permanently visible
- Compact mode, shorten titles, search bar toggle, open links in new tab, descriptions, hide extra bookmarks
- JSON export & import (backup & restore)
- Onboarding repeatable
- All UI labels in German (English coming in v2.1)
---
## Browser-Kompatibilität
## Browser Compatibility
| Browser | Status | Manifest |
|---|---|---|
| Chrome | ✅ Kompatibel | V3 (`manifest.json`) |
| Edge | ✅ Kompatibel | V3 (`manifest.json`) |
| Brave | ✅ Kompatibel | V3 (`manifest.json`) |
| Opera | ✅ Kompatibel | V3 (`manifest.opera.json`) |
| Opera GX | ✅ Kompatibel | V3 (`manifest.opera.json`) |
| Vivaldi | ✅ Kompatibel | V3 (`manifest.json`) |
| Firefox | ✅ Kompatibel | V3 (`manifest.firefox.json`) |
| Chrome | ✅ Compatible | V3 (`manifest.json`) |
| Edge | ✅ Compatible | V3 (`manifest.json`) |
| Brave | ✅ Compatible | V3 (`manifest.json`) |
| Opera | ✅ Compatible | V3 (`manifest.opera.json`) |
| Opera GX | ✅ Compatible | V3 (`manifest.opera.json`) |
| Vivaldi | ✅ Compatible | V3 (`manifest.json`) |
| Firefox | ✅ Compatible | V3 (`manifest.firefox.json`) |
> **Firefox-Hinweis:** Ab v1.2.0 läuft die Extension auf Manifest V3 identisch zu Chrome/Edge.
> `manifest.firefox.json` bleibt als separate Datei erhalten für Firefox-spezifische Anpassungen.
> **Firefox note:** From v1.2.0 onwards the extension runs on Manifest V3, identical to Chrome/Edge.
> `manifest.firefox.json` remains a separate file for Firefox-specific adjustments.
---
@@ -126,144 +129,154 @@ Was angezeigt wird, ist was gespeichert ist. Keine Magie.
### Chrome / Edge / Brave / Vivaldi
```text
1. Repository als ZIP herunterladen oder git clone
2. chrome://extensions öffnen (bzw. edge:// / brave://)
3. Entwicklermodus aktivieren
4. "Entpackte Erweiterung laden" → Ordner auswählen in dem manifest.json liegt
5. Neuen Tab öffnen
1. Download the repository as ZIP or git clone
2. Open chrome://extensions (or edge:// / brave://)
3. Enable developer mode
4. Click "Load unpacked" and select the folder containing manifest.json
5. Open a new tab
```
### Opera / Opera GX
```bash
# manifest.opera.json als manifest.json verwenden:
# Use manifest.opera.json as manifest.json:
copy manifest.opera.json manifest.json # Windows
cp manifest.opera.json manifest.json # Linux/Mac
```
```text
1. opera://extensions öffnen
2. Entwicklermodus aktivieren
3. "Entpackte Erweiterung laden" → Ordner auswählen
4. Neuen Tab öffnen
1. Open opera://extensions
2. Enable developer mode
3. Click "Load unpacked" and select the folder
4. Open a new tab
```
> **Opera-Hinweis:** Opera GX priorisiert Speed Dial — der enthaltene Workaround
> übernimmt die New-Tab-Seite zuverlässig. Details: [src/js/opera/README.md](src/js/opera/README.md)
> **Opera note:** Opera GX prioritizes Speed Dial, the included workaround
> takes over the new tab page reliably. Details: [src/js/opera/README.md](src/js/opera/README.md)
### Firefox
```bash
# manifest.firefox.json als manifest.json verwenden:
# Use manifest.firefox.json as manifest.json:
copy manifest.firefox.json manifest.json # Windows
cp manifest.firefox.json manifest.json # Linux/Mac
```
```text
1. about:debugging#/runtime/this-firefox öffnen
2. "Temporäres Add-on laden"
3. Die manifest.json aus dem Projektordner auswählen
1. Open about:debugging#/runtime/this-firefox
2. Click "Load Temporary Add-on"
3. Select the manifest.json from the project folder
```
> **Hinweis:** Temporäre Add-ons werden beim Browser-Neustart entfernt.
> Für dauerhafte Installation ist eine signierte `.xpi`-Datei nötig.
> **Note:** Temporary add-ons are removed on browser restart.
> For permanent installation a signed `.xpi` file is required.
---
## Browser-Bookmarks exportieren & importieren
## Importing Browser Bookmarks
| Browser | Export-Pfad |
| Browser | Export path |
|---|---|
| Chrome / Edge | Einstellungen → Lesezeichen → Exportieren |
| Firefox | Lesezeichen → Alle Lesezeichen → Importieren und Sichern → Als HTML exportieren |
| Chrome / Edge | Settings → Bookmarks → Export bookmarks |
| Firefox | Bookmarks → All Bookmarks → Import and Backup → Export Bookmarks to HTML |
Die exportierte `.html`-Datei über den **Import**-Button in der Extension laden.
Load the exported `.html` file via the **Import** button in the extension.
---
## Datenschutz
## Privacy
- Keine externe Datenübertragung (außer Google Favicons API für Icons)
- Speicherung in `chrome.storage.local` (Chromium) bzw. `browser.storage.local` (Firefox)
- Keine Tracker, keine Analytics, keine Werbung
- Keine Cookies, keine Session-Daten
- Storage-Quota-Prüfung warnt bei 8 MB+ (Limit: 10 MB)
- Permissions: `storage`, `bookmarks`
- No external data transmission (except Google Favicons API for icons)
- Storage in `chrome.storage.local` (Chromium) or `browser.storage.local` (Firefox)
- No trackers, no analytics, no ads
- No cookies, no session data
- Storage quota check warns at 8 MB+ (limit: 10 MB)
- Permissions: `storage`, `bookmarks` (all browsers) + `tabs` (Opera / Opera GX only)
---
## Tech-Stack
## Tech Stack
| Komponente | Details |
| Component | Details |
|---|---|
| Sprache | JavaScript (Vanilla ES2020, keine Frameworks) |
| Styling | CSS Custom Properties (Theme-System) |
| Fonts | Lokale Fonts (Rajdhani, Inter, Cinzel) |
| Storage | `chrome.storage.local` / `localStorage` Fallback |
| Language | JavaScript (Vanilla ES2020, no frameworks) |
| Styling | CSS Custom Properties (theme system) |
| Fonts | Local fonts (Rajdhani, Inter, Cinzel) |
| Storage | `chrome.storage.local` / `localStorage` fallback |
| Favicons | Google Favicons API (`/s2/favicons`) |
| Drag & Drop | Pointer Events API (nativ) |
| Build | Kein Build-Schritt — direkt lauffähig |
| CI/CD | GitHub Actions (Security, Quality, Release) |
| Drag & Drop | Pointer Events API (native) |
| Build | No build step, runs directly |
| CI/CD | GitHub Actions (security, quality, release) |
---
## Architektur
## Architecture
```text
hellion-newtab/
├── manifest.json # Chrome, Edge, Brave, Vivaldi (MV3)
├── manifest.firefox.json # Firefox (MV3)
├── manifest.opera.json # Opera / Opera GX (MV3 + Workaround)
├── newtab.html # Haupt-HTML (UI-Struktur, Modals, Settings Panel)
├── manifest.opera.json # Opera / Opera GX (MV3 + workaround)
├── newtab.html # Main HTML (UI structure, modals, settings panel)
├── LICENSE # CC BY-NC-SA 4.0
├── CHANGELOG.md # Versionshistorie
├── SECURITY.md # Sicherheitsrichtlinie und Meldeprozess
├── DISCLAIMER.md # Haftungsausschluss
├── CHANGELOG.md # Version history
├── SECURITY.md # Security policy and reporting
├── DISCLAIMER.md # Disclaimer and legal
├── src/
│ ├── js/
│ │ ├── storage.js # Storage Abstraction + Quota-Prüfung
│ │ ├── state.js # Globaler State, Defaults, Hilfsfunktionen
│ │ ├── dialog.js # Custom Dialog-System (HellionDialog.alert/confirm)
│ │ ├── themes.js # Theme-Definitionen & Anwendungslogik
│ │ ├── boards.js # Board/Bookmark Rendering, Event Delegation, Modals
│ │ ├── drag.js # Drag & Drop (Pointer Events, Board + Bookmark)
│ │ ├── settings.js # Settings Panel, Theme-Modal, Accordion
│ │ ├── search.js # Suchleiste (Google, DuckDuckGo, Bing)
│ │ ├── sticky.js # Sticky Note Widget (Drag, Persist, Toggle)
│ │ ├── data.js # JSON Export / Import mit Validierung
│ │ ├── onboarding.js # Mehrstufiger Willkommens-Flow
│ │ ├── app.js # Init, Clock, globale Events (Einstiegspunkt)
│ │ ── opera/ # Opera GX Workaround-Skripte
│ │ ├── background.js # Tab-Management gegen Speed Dial
│ │ └── redirect.js # Content Script Redirect
│ │ ├── storage.js # Storage abstraction + quota check
│ │ ├── state.js # Global state, defaults, helpers
│ │ ├── dialog.js # Custom dialog system (HellionDialog.alert/confirm)
│ │ ├── themes.js # Theme definitions & application (11 themes)
│ │ ├── boards.js # Board/bookmark rendering, event delegation, modals
│ │ ├── drag.js # Drag & drop (Pointer Events, board + bookmark)
│ │ ├── settings.js # Settings panel, appearance modal, accordion
│ │ ├── search.js # Search bar (Google, DuckDuckGo, Bing)
│ │ ├── widgets.js # Widget manager (registry, drag, resize, z-index)
│ │ ├── notes.js # Notes & checklists (multi-instance, max. 5)
│ │ ├── calculator.js # Calculator (shunting-yard, history)
│ │ ├── timer.js # Timer/countdown (presets, Web Audio alarm)
│ │ ── image-ref.js # Image reference widget (Canvas API, sessionStorage)
│ │ ├── data.js # JSON export / import with validation
│ │ ├── onboarding.js # 7-step welcome flow + gaming board
│ │ ├── app.js # Init, clock, global events (entry point)
│ │ └── opera/ # Opera GX workaround scripts
│ │ ├── background.js # Tab management against Speed Dial
│ │ └── redirect.js # Content script redirect
│ └── css/
│ └── main.css # Styles + Theme-System + Responsive Breakpoints
│ └── main.css # Styles + 11 themes + responsive breakpoints
├── assets/
│ ├── fonts/ # Lokale Fonts (Rajdhani, Inter, Cinzel)
│ ├── themes/ # 8 Theme-Hintergrundbilder
│ ├── fonts/ # Local fonts (Rajdhani, Inter, Cinzel)
│ ├── themes/ # 11 theme background images (WebP only)
│ └── icons/
│ ├── icon16.png
│ ├── icon48.png
│ └── icon128.png
├── docs/
│ ├── architecture.md # Project architecture and init sequence
│ ├── widget-schema.md # Widget system API and schema reference
│ ├── patterns.md # Code patterns and conventions
│ └── style-guide.md # Design system and theme documentation
└── .github/
└── workflows/
├── security.yml # CodeQL-Analyse + Dependency Review
├── quality.yml # Struktur, Manifest, Syntax, Versions-Konsistenz
└── release.yml # ZIP-Pakete (Chrome + Firefox + Opera) + SHA256
├── security.yml # CodeQL analysis + dependency review
├── quality.yml # Structure, manifest, syntax, version consistency
└── release.yml # ZIP packages (Chrome + Firefox + Opera) + SHA256
```
### Design-Prinzipien
### Design Principles
- **Zero Dependencies** — Kein npm, kein Build, kein Framework. Direkt lauffähig
- **Privacy First** — Alle Daten lokal, kein Server-Kontakt
- **Modular** — 12 JS-Dateien mit klarer Zuständigkeit
- **Responsive** — Tablet (768px) und Smartphone (480px) Breakpoints
- **Secure** — `createElement` statt `innerHTML`, URL-Validierung, Storage-Fehlerbehandlung
- **Event Delegation** — Ein Listener pro Board-Liste statt pro Bookmark (Performance)
- **Theme-System** — CSS Custom Properties, 8 Themes, Custom-Background-Support
- **Zero Dependencies** — No npm, no build, no framework. Runs directly
- **Privacy First** — All data local, no server contact
- **Modular** — 15 JS files with clear responsibilities
- **Responsive** — Tablet (768px) and smartphone (480px) breakpoints
- **Secure** — `createElement` instead of `innerHTML`, URL validation, storage error handling
- **Event Delegation** — One listener per board list instead of per bookmark (performance)
- **Theme System** — CSS Custom Properties, 11 themes, custom background support
---
@@ -271,85 +284,88 @@ hellion-newtab/
### Security Scan (`security.yml`)
- **CodeQL-Analyse** — Statische Sicherheitsanalyse für JavaScript
- **Dependency Review** — Prüft Pull Requests auf bekannte Schwachstellen
- **Zeitplan** — Automatisch wöchentlich (Montag 06:00 UTC) + bei Push/PR
- **CodeQL analysis** — Static security analysis for JavaScript
- **Dependency review** — Checks pull requests for known vulnerabilities
- **Schedule** — Automatically weekly (Monday 06:00 UTC) + on push/PR
### Code Quality (`quality.yml`)
- **Projektstruktur** — Alle Pflichtdateien und -ordner vorhanden
- **Manifest-Validierung** — JSON-Syntax, Version, Permissions
- **JavaScript Syntax-Check** — `node --check` für alle JS-Dateien
- **Versions-Konsistenz** — manifest.json, manifest.firefox.json und newtab.html müssen übereinstimmen
- **Icon-Prüfung** — Alle Extension-Icons vorhanden
- **Project structure** — All required files and folders present
- **Manifest validation** — JSON syntax, version, permissions
- **JavaScript syntax check** — `node --check` for all JS files
- **Version consistency** — manifest.json, manifest.firefox.json and newtab.html must match
- **Icon check** — All extension icons present
### Release (`release.yml`)
- **Trigger** — Bei Git-Tag (`v*`)
- **Pakete** — Chrome-ZIP + Firefox-ZIP + Opera-ZIP (alle MV3)
- **Checksummen** — SHA256 für alle Artefakte
- **GitHub Release** — Automatisch mit Installationsanleitung
- **Trigger** — On Git tag (`v*`)
- **Packages** — Chrome ZIP + Firefox ZIP + Opera ZIP (all MV3)
- **Checksums** — SHA256 for all artifacts
- **GitHub Release** — Automatic with installation instructions
```bash
# Release erstellen:
git tag v1.5.2
git push origin v1.5.2
# → GitHub Action erstellt automatisch Release mit ZIP-Dateien
# Create a release:
git tag v1.10.0
git push origin v1.10.0
# → GitHub Action automatically creates release with ZIP files
```
---
## Entwicklung
## Development
```bash
# Repository klonen
# Clone the repository
git clone https://github.com/JonKazama-Hellion/Hellion-NewTab.git
# Extension im Browser laden (siehe Installation)
# Load the extension in your browser (see Installation)
# Nach Änderungen: Extension neu laden
chrome://extensions → Hellion NewTab → Neu laden
# After changes: reload the extension
chrome://extensions → Hellion NewTab → Reload
```
Kein Build-Schritt nötig. Dateien ändern, Extension neu laden, fertig.
No build step needed. Change files, reload extension, done.
---
## Sicherheit
## Security
Sicherheitslücken bitte **nicht** über öffentliche Issues melden.
Details zur Meldung, Reaktionszeiten und Sicherheitsarchitektur: [SECURITY.md](SECURITY.md)
Please do **not** report security vulnerabilities through public GitHub issues.
Details on reporting, response times and security architecture: [SECURITY.md](SECURITY.md)
---
## Lizenz & Impressum
## License & Legal
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International
- Kostenlos für private Nutzung
- Teilen und Modifikation erlaubt mit Namensnennung
- Kommerzielle Nutzung ohne Erlaubnis verboten
- Free for private use
- Sharing and modification allowed with attribution
- Commercial use without permission prohibited
Vollständige Lizenz: [LICENSE](LICENSE) | [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/)
Full license: [LICENSE](LICENSE) | [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/)
| | |
|---|---|
| **Entwickler** | Florian Wathling |
| **Unternehmen** | Hellion Online Media |
| **Developer** | Florian Wathling |
| **Company** | Hellion Online Media |
| **Web** | [hellion-media.de](https://hellion-media.de) |
| **Impressum** | [hellion-media.de/impressum](https://hellion-media.de/impressum) |
| **Imprint** | [hellion-media.de/impressum](https://hellion-media.de/impressum) |
| **Bug Reports** | [kontakt@hellion-media.de](mailto:kontakt@hellion-media.de?subject=Hellion%20NewTab%20%E2%80%93%20Bug%20Report) |
| **Security** | [SECURITY.md](SECURITY.md) |
| **Support** | [Ko-fi](https://ko-fi.com/hellionmedia) |
---
### Einsatz von AI
### Use of AI
AI (Claude Code, Opus 4.6 von Anthropic) wurde als Hilfsmittel eingesetzt — für Fehleridentifikation, Code-Review und Qualitätssicherung. Architektur, Features und alle Entscheidungen sind Eigenleistung.
**Claude:** Code analysis, bug fixing, documentation and proofreading.
**Me:** Architecture, features and logic are planned, thought through and written by me.
Details: [DISCLAIMER.md](DISCLAIMER.md)
---
> Vollständige Versionshistorie: [CHANGELOG.md](CHANGELOG.md)
> Full version history: [CHANGELOG.md](CHANGELOG.md)
**Hellion NewTab** — [Hellion Online Media](https://hellion-media.de) — JonKazama-Hellion
SECURITY.md
+74 -58
View File
@@ -1,76 +1,92 @@
# Sicherheitsrichtlinie — Hellion NewTab
# Security Policy — Hellion NewTab
## Unterstützte Versionen
## Supported Versions
| Version | Status |
|---|---|
| 1.2.x | Aktiv unterstützt |
| < 1.2.0 | Nicht unterstützt |
| 1.9.x | Actively supported |
| < 1.9.0 | Not supported |
## Sicherheitslücke melden
## Reporting a Vulnerability
Wenn du eine Sicherheitslücke in Hellion NewTab findest, melde sie bitte **nicht** über ein öffentliches GitHub Issue.
If you find a security vulnerability in Hellion NewTab, please **do not** open a public GitHub issue.
### Kontakt
### Contact
**E-Mail:** [kontakt@hellion-media.de](mailto:kontakt@hellion-media.de?subject=Hellion%20NewTab%20%E2%80%93%20Security%20Report)
**Email:** [kontakt@hellion-media.de](mailto:kontakt@hellion-media.de?subject=Hellion%20NewTab%20%E2%80%93%20Security%20Report)
Bitte folgende Informationen angeben:
Please include the following information:
- Beschreibung der Schwachstelle
- Schritte zur Reproduktion
- Betroffene Version(en)
- Mögliche Auswirkungen (Datenverlust, XSS, etc.)
- Description of the vulnerability
- Steps to reproduce
- Affected version(s)
- Potential impact (data loss, XSS, etc.)
### Reaktionszeit
### Response Times
- **Bestätigung:** Innerhalb von 48 Stunden
- **Ersteinschätzung:** Innerhalb von 7 Tagen
- **Fix:** Abhängig von Schweregrad, Ziel innerhalb von 14 Tagen
- **Acknowledgement:** Within 48 hours
- **Initial assessment:** Within 7 days
- **Fix:** Depends on severity, target within 14 days
### Schweregrad-Einstufung
### Severity Levels
| Stufe | Beschreibung | Beispiel |
| Level | Description | Example |
|---|---|---|
| Kritisch | Datenverlust oder Remote Code Execution | Storage-Manipulation durch Dritte |
| Hoch | XSS oder ungewollte Datenübertragung | Script-Injection via Bookmark-Import |
| Mittel | Umgehung von UI-Schutzmechanismen | Blur-Bypass, Settings-Manipulation |
| Niedrig | Kosmetisch oder theoretisch | Edge-Cases ohne praktische Auswirkung |
## Sicherheitsarchitektur
### Datenverarbeitung
- **Keine externe Datenübertragung** — Alle Daten bleiben in `chrome.storage.local`
- **Kein Server-Kontakt** — Außer Google Favicons API für Bookmark-Icons
- **Keine Cookies, Sessions oder Tokens**
- **Kein Netzwerkzugriff** außer Favicon-Abruf
### Eingabe-Validierung
- URL-Validierung bei Bookmark-Erstellung (`new URL()`)
- JSON-Import: Board- und Bookmark-Struktur wird validiert
- HTML-Sanitierung via `escHtml()` und `createElement` (kein `innerHTML` für User-Daten)
- Storage-Quota-Prüfung mit Warnung bei 8 MB+
### Permissions
Diese Extension benötigt nur zwei Browser-Permissions:
| Permission | Grund |
| --- | --- |
| `storage` | Boards, Settings und Sticky Note lokal speichern |
| `bookmarks` | Browser-Lesezeichen für HTML-Import lesen |
Keine Permissions für: Tabs, History, Web Requests, Downloads, Clipboard oder Host-Zugriff.
### CI/CD-Sicherheit
- **CodeQL** — Automatische statische Analyse bei Push und PR
- **Dependency Review** — Prüft auf bekannte Schwachstellen in PRs
- **Wöchentlicher Scan** — Automatischer CodeQL-Lauf jeden Montag
- **SHA256-Checksummen** — Alle Release-Artefakte werden signiert
| Critical | Data loss or remote code execution | Storage manipulation by third parties |
| High | XSS or unintended data transmission | Script injection via bookmark import |
| Medium | UI protection bypass | Blur bypass, settings manipulation |
| Low | Cosmetic or theoretical | Edge cases without practical impact |
---
**Hellion Dashboard** — [Hellion Online Media - Florian Wathling](https://hellion-media.de) — JonKazama-Hellion
## Security Architecture
### Data Handling
- **No external data transmission** — all data stays in `chrome.storage.local`
- **No server contact** — except Google Favicons API for bookmark icons
- **No cookies, sessions or tokens**
- **No network access** beyond favicon fetching
### Input Validation
- URL validation on bookmark creation (`new URL()`)
- JSON import validates board and bookmark structure before applying
- HTML sanitization via `escHtml()` and `createElement` — no `innerHTML` for user data
- Storage quota check with warning at 8 MB+
### Permissions
This extension requests the following browser permissions:
| Permission | Browsers | Reason |
|---|---|---|
| `storage` | All | Store boards, settings and widget states locally |
| `bookmarks` | All | Read browser bookmarks for direct import |
| `tabs` | Opera / Opera GX only | Required for the Speed Dial workaround — `background.js` monitors tab URLs and redirects via `chrome.tabs.update` |
No permissions requested for: history, web requests, downloads, clipboard or host access.
### CI/CD Security
- **CodeQL** — Automatic static analysis on every push and PR
- **Dependency Review** — Checks for known vulnerabilities in PRs
- **Weekly scan** — Automated CodeQL run every Monday at 06:00 UTC
- **SHA256 checksums** — All release artifacts are checksummed
---
## Legal
Hellion NewTab is developed and maintained by **Florian Wathling / Hellion Online Media**,
based in Bad Harzburg, Germany.
All security matters are handled in accordance with **German and EU law**, including
the General Data Protection Regulation (GDPR / DSGVO). Users in the European Union
are covered by the same legal framework.
For legal inquiries: [hellion-media.de/impressum](https://hellion-media.de/impressum)
---
**Hellion Dashboard** — [Hellion Online Media — Florian Wathling](https://hellion-media.de) — JonKazama-Hellion
docs/STYLE_GUIDE.md
+316
View File
@@ -0,0 +1,316 @@
# Hellion Dashboard — Design & Theme System
> This document is intentionally written in English. Full German/English i18n support
> is planned for v2.0 — until then, English keeps the docs accessible to anyone
> who wants to contribute or fork the project.
---
## Design Pillars
| Pillar | Description |
|---|---|
| **Immersion** | The interface feels like a HUD floating over the scene, not a foreign object sitting on top of it |
| **Visual Clarity** | Deliberate use of `blur` separates UI from background and reduces visual noise and cognitive load |
| **Harmony** | Every theme pulls its colors from the dominant light sources in its background image |
---
## Background Images — WebP Only
**All background images must be in WebP format.** This is an intentional architectural
decision to keep storage quota usage predictable and leave room for future features
(widgets, image references, etc.) that also compete for the 10 MB `chrome.storage` limit.
JPG, PNG and other formats are not accepted, so convert before adding a theme.
### Recommended Settings
| Quality | When to use |
|---|---|
| 85 | Default, good balance of size and sharpness |
| 80 | For images over 500 KB |
| 90 | For images with fine details (stars, in-game UI text) |
### Conversion Tools
**Squoosh** (squoosh.app) — browser-based, no install, nothing gets uploaded to external servers.
Drag in the image, pick WebP, set quality to 85, download. Done.
**cwebp** (command line):
```bash
cwebp -q 85 input.jpg -o output.webp
```
### Current Theme Images
| File | Status |
|---|---|
| `bg-nebula.webp` | ✅ WebP |
| `bg-crescent.webp` | ✅ WebP |
| `bg-event-horizon.webp` | ✅ WebP |
| `bg-merchantman.webp` | ✅ WebP |
| `bg-julia-jin.webp` | ✅ WebP |
| `bg-sc-sunset.webp` | ✅ WebP |
| `bg-hellion-hud.webp` | ✅ WebP |
| `bg-hellion-energy.webp` | ✅ WebP |
| `bg-satisfactory.webp` | ✅ WebP |
| `bg-avorion.webp` | ✅ WebP |
| `bg-scPolaris.webp` | ✅ WebP |
---
## Anatomy of a Theme
Every theme lives in `main.css` as a `[data-theme="name"]` block. Copy this template
to add a new one:
```css
[data-theme="your-theme-name"] {
/* 1. ACCENTS — The light source */
--accent: #HEXCODE; /* Main color (neon/light) */
--accent-dim: rgba(R, G, B, 0.12); /* Subtle background tint */
--accent-glow: rgba(R, G, B, 0.08); /* Glow for logo & clock */
--border-accent: rgba(R, G, B, 0.25); /* Focus ring */
/* 2. BASE — The foundation */
--bg-primary: #HEXCODE; /* Darkest point in the image */
--bg-board: rgba(R, G, B, 0.55); /* Glass effect on boards */
--border: rgba(R, G, B, 0.12); /* Default border */
/* 3. TEXT — Contrast */
--text-primary: #FFFFFF; /* Readable, slightly tinted */
--text-secondary: #A0A0A0; /* Desaturated, less visual weight */
--text-muted: #606060; /* Barely visible, for hints */
/* 4. OVERLAY — Vignette */
--overlay-bg: radial-gradient(
circle at center,
transparent 0%,
var(--bg-primary) 100%
);
/* 5. COMPONENT COLORS */
--header-bg: rgba(R, G, B, 0.94);
--board-hover-border: rgba(R, G, B, 0.22);
--toggle-on-bg: rgba(R, G, B, 0.20);
--logo-shadow: rgba(R, G, B, 0.50);
/* 6. FONTS */
--font-display: 'Rajdhani', sans-serif;
--font-body: 'Inter', sans-serif;
}
/* Theme-specific overrides */
[data-theme="your-theme-name"] .logo { letter-spacing: 4px; }
[data-theme="your-theme-name"] .clock { color: var(--accent); }
[data-theme="your-theme-name"] .board-title { text-transform: uppercase; }
[data-theme="your-theme-name"] .board { backdrop-filter: blur(8px); }
[data-theme="your-theme-name"] .bm-item:hover { background: var(--accent-dim); }
```
After adding the CSS block, register the theme in `src/js/themes.js` and add a preview entry in the theme picker.
---
## UI Patterns
### Frosted Glass
Hardware-accelerated blur for readability on complex backgrounds:
```css
backdrop-filter: blur(8px);
```
Creates depth and visual calm behind text and UI elements. Standard value is `8px`. Only increase it when the background image has a lot of fine detail that competes with the UI.
### Clock Color
All themes set `color: var(--accent)` on the clock element. This is a consistent
detail across the entire theme system. Don't skip it for new themes.
```css
[data-theme="your-theme"] .clock { color: var(--accent); }
```
### Typography Hierarchy
| Font | Usage |
|---|---|
| **Rajdhani** | Display: clock, logo, titles. Anything that should feel like a system readout |
| **Inter** | Body: bookmark titles, lists, interactive elements |
| **Cinzel** | Fantasy: reserved for themes with a majestic or ancient aesthetic (Crescent, Julia & Jin) |
### Overlay Strategy
The overlay gradient determines what stays visible in the background image.
**Radial (default)** draws attention to the center and darkens edges:
```css
--overlay-bg: radial-gradient(circle at center, transparent 0%, var(--bg-primary) 100%);
```
**Linear** darkens top and bottom and leaves the middle open. Use when the subject
is horizontally centered and should stay visible (Satisfactory factory floor, SC Sunset horizon):
```css
--overlay-bg: linear-gradient(180deg, rgba(R,G,B,0.85) 0%, rgba(R,G,B,0.15) 50%, rgba(R,G,B,0.90) 100%);
```
Choose based on where the most important part of the image is, not by habit.
---
## Focus & Accessibility
For backgrounds with a lot of detail (many small elements, high contrast, busy textures),
increase board alpha and blur to reduce visual noise. This makes boards easier to scan,
especially for users with ADHD or attention sensitivities.
```css
--bg-board: rgba(R, G, B, 0.65); /* Up from default 0.55 */
backdrop-filter: blur(12px); /* Up from default 8px */
```
This was applied intentionally to the Satisfactory theme, because the factory floor screenshot
has a lot going on and needed more visual separation between background and UI.
---
## All 11 Themes
| Theme | File | Accent | Mood | Overlay |
|---|---|---|---|---|
| Nebula | `bg-nebula.webp` | `#b359ff` Magenta | Chill, Cosmic | Radial |
| Crescent | `bg-crescent.webp` | `#d4bd8a` Gold | Luxury, Night | Radial |
| Event Horizon | `bg-event-horizon.webp` | `#9d5cff` Purple | Deep Space, Void | Radial |
| Merchantman | `bg-merchantman.webp` | `#2eb8b8` Emerald | Industrial, Alien | Radial |
| Julia & Jin | `bg-julia-jin.webp` | `#7db3ff` Aetherial Blue | FFXIV Night | Linear |
| SC Sunset | `bg-sc-sunset.webp` | `#ff8c3d` Amber | Emotional, Horizon | Linear |
| Hellion HUD | `bg-hellion-hud.webp` | `#32ff6a` Neon Green | Tactical, Admin | Radial |
| Hellion Energy | `bg-hellion-energy.webp` | `#1eff8e` Acid Green | Overdrive, Power | Radial |
| Satisfactory | `bg-satisfactory.webp` | `#00b4d8` Cyan | Industrial Desert | Linear |
| Avorion | `bg-avorion.webp` | `#2ec4a0` Turquoise | Deep Void | Radial |
| Hellion Stealth | `bg-scPolaris.webp` | `#5ec2ff` Tech Blue | Tactical Recon | Radial |
### Theme Quirks Worth Knowing
**Julia & Jin** uses `Cinzel` as display font and a linear gradient. The subjects in
the screenshot are positioned left of center, so radial would soften them.
**Satisfactory** has increased board alpha (0.65) and stronger blur (12px), an intentional
ADHD optimization for a visually busy background.
**Avorion** uses `letter-spacing: 6px` on the logo for maximum HUD feel.
**Hellion Stealth** is the only theme with `border-left: 2px solid var(--accent)` on
`.bm-item:hover`. Every other theme uses background tinting only. This is intentional
and gives Stealth its tactical scanner character. Don't apply it to other themes.
---
## Registering a Theme in themes.js
The `THEMES` object in `src/js/themes.js` is the single source of truth for which
themes exist and which background image they use. CSS handles all the visual variables —
`themes.js` only needs the image path.
```javascript
const THEMES = {
'nebula': { bg: 'assets/themes/bg-nebula.webp' },
'crescent': { bg: 'assets/themes/bg-crescent.webp' },
'event-horizon': { bg: 'assets/themes/bg-event-horizon.webp' },
'merchantman': { bg: 'assets/themes/bg-merchantman.webp' },
'julia-jin': { bg: 'assets/themes/bg-julia-jin.webp' },
'sc-sunset': { bg: 'assets/themes/bg-sc-sunset.webp' },
'hellion-hud': { bg: 'assets/themes/bg-hellion-hud.webp' },
'hellion-energy': { bg: 'assets/themes/bg-hellion-energy.webp' },
'satisfactory': { bg: 'assets/themes/bg-satisfactory.webp' },
'avorion': { bg: 'assets/themes/bg-avorion.webp' },
'hellion-stealth': { bg: 'assets/themes/bg-scPolaris.webp' }
};
```
To add a new theme, add one line. The key must exactly match the `data-theme`
attribute in the CSS block. If they don't match, `applyTheme()` will silently
do nothing and no one will know why.
```javascript
// New theme: key must match [data-theme="your-theme-name"] in main.css
'your-theme-name': { bg: 'assets/themes/bg-your-theme.webp' }
```
### How applyTheme() works
```javascript
function applyTheme(themeName, skipBgOverride) {
const theme = THEMES[themeName];
if (!theme) return;
// Sets data-theme on <html> — activates the matching CSS variable block
document.documentElement.setAttribute('data-theme', themeName);
// Applies the background image unless a custom background is active
if (!skipBgOverride) {
document.getElementById('bgLayer').style.backgroundImage = `url('${theme.bg}')`;
}
// Updates the active state in the theme picker UI
document.querySelectorAll('.theme-card').forEach(card => {
card.classList.toggle('active', card.dataset.value === themeName);
});
}
```
The `skipBgOverride` flag exists for one specific case: when a user has set a custom
background image, switching themes should still update the CSS variables and the picker
UI, but not wipe their custom image. Pass `true` to skip the background update.
---
## Adding a Theme Card to newtab.html
The theme picker modal lives in `newtab.html` as `#themeOverlay`. Every theme
needs a card in the `.theme-grid` — without it the theme exists in CSS and JS
but never shows up in the UI.
Copy this block and add it inside `.theme-grid`, after the last existing card:
```html
<div class="theme-card" data-value="your-theme-name">
<img class="theme-card-img" src="assets/themes/bg-your-theme.webp" alt="Your Theme" />
<span class="theme-card-label">Your Theme</span>
<span class="theme-card-check"></span>
</div>
```
Three things that must match exactly:
- `data-value` must match the key in `THEMES` in `themes.js`
- `data-value` must match the `[data-theme="..."]` attribute in `main.css`
- `src` must point to the correct WebP file in `assets/themes/`
The label shown in the picker can be shorter than the full theme name — "HUD" and
"Energy" are good examples of that. Keep it short enough to fit the card.
The `active` class is toggled by `applyTheme()` automatically, so don't add it
manually unless you want that theme to be the default on first load (Nebula currently
has it as fallback).
---
## Adding a New Theme — Checklist
- [ ] Background image converted to WebP (quality 85)
- [ ] Image added to `assets/themes/`
- [ ] CSS block added to `src/css/main.css`
- [ ] Theme registered in `src/js/themes.js` (one line, key + bg path)
- [ ] Theme card added to `.theme-grid` in `newtab.html` (data-value, img src, label)
- [ ] Theme added to theme table in `README.md`
- [ ] Theme added to theme table in this document
- [ ] Image credit added to Bild-Credits table in `README.md`
- [ ] `CHANGELOG.md` entry added
---
Developed by **[Hellion Online Media — Florian Wathling](https://hellion-media.de)** — JonKazama-Hellion
docs/architecture.md
+35 -29
View File
@@ -1,11 +1,17 @@
# Hellion Dashboard — Architecture
> This document is intentionally written in English. Full German/English i18n support
> is planned for v2.0 — until then, English keeps the docs accessible to anyone
> who wants to contribute or fork the project.
---
## Overview
Hellion Dashboard is a browser extension (NewTab replacement) built with **Vanilla JavaScript ES2020**, **CSS Custom Properties**, and **zero dependencies**. No build step, no framework, no bundler — files are loaded directly via `<script>` tags.
**Storage:** `chrome.storage.local` with `localStorage` fallback.
**Manifest:** V3 for Chromium browsers, V3 for Firefox (separate manifest).
**Manifest:** V3 across all supported browsers (separate files for Firefox and Opera GX).
---
@@ -14,59 +20,60 @@ Hellion Dashboard is a browser extension (NewTab replacement) built with **Vanil
```
HOM_NewTab_Project/
├── newtab.html # Single HTML entry point
├── manifest.json # Chrome/Edge/Brave/Vivaldi (MV3)
├── manifest.json # Chrome, Edge, Brave, Vivaldi (MV3)
├── manifest.firefox.json # Firefox (MV3)
├── manifest.opera.json # Opera/Opera GX (MV3 + workarounds)
├── manifest.opera.json # Opera, Opera GX (MV3 + workarounds)
├── src/
│ ├── css/
│ │ └── main.css # All styles, themes, responsive breakpoints
│ │ └── main.css # All styles, 11 themes, responsive breakpoints
│ └── js/
│ ├── dialog.js # Custom dialog system (alert, confirm)
│ ├── storage.js # Storage abstraction layer
│ ├── state.js # Global state, defaults, helpers
│ ├── themes.js # Theme definitions & application
│ ├── themes.js # Theme definitions & application (11 themes)
│ ├── boards.js # Board/bookmark rendering & events
│ ├── drag.js # Drag & drop (Pointer Events API)
│ ├── settings.js # Settings panel, toggles, theme picker
│ ├── search.js # Search bar (Google, DuckDuckGo, Bing)
│ ├── onboarding.js # First-run onboarding flow
│ ├── widgets.js # Widget manager (registry, drag, resize)
│ ├── notes.js # Notes/checklists (multi-instance widgets)
│ ├── calculator.js # Calculator widget (single-instance)
│ ├── timer.js # Timer/countdown widget (single-instance)
│ ├── image-ref.js # Image reference widget (multi-instance)
│ ├── onboarding.js # First-run onboarding flow
│ ├── data.js # JSON export/import (backup & restore)
── app.js # Init, clock, global events (entry point)
│ └── dialog.js # Custom dialog system (alert, confirm)
── app.js # Init, clock, global events (entry point)
├── assets/
│ ├── fonts/ # Local fonts (Rajdhani, Inter, Cinzel)
│ ├── icons/ # Extension icons (16-512px)
│ └── themes/ # Theme background images
└── docs/ # Documentation (you are here)
│ └── themes/ # 11 theme background images
└── docs/ # You are here
```
---
## Module Responsibilities
Each module has exactly one responsibility. They communicate through global references (no import/export this is a browser extension without a bundler).
Each module has exactly one responsibility. Communication happens through global references no import/export, because this is a browser extension without a bundler.
| Module | Responsibility |
|---|---|
| `storage.js` | **Only** place that touches `chrome.storage` / `localStorage`. All other modules go through `Store.get()` / `Store.set()`. |
| `dialog.js` | `HellionDialog.alert()` and `HellionDialog.confirm()` — custom styled dialogs that replace native browser popups. Loaded first so every other module can use it. |
| `storage.js` | The **only** place that touches `chrome.storage` / `localStorage`. Everything else goes through `Store.get()` / `Store.set()`. |
| `state.js` | Global `boards` and `settings` arrays, default values, `uid()`, `escHtml()`, `getFaviconUrl()`. |
| `themes.js` | Theme CSS variable application. 8 themes, each with its own `[data-theme]` block in CSS. |
| `themes.js` | Applies theme CSS variables. 11 themes, each with its own `[data-theme]` block in `main.css`. |
| `boards.js` | Renders boards and bookmarks. Event delegation on board containers. |
| `drag.js` | Board and bookmark reordering via Pointer Events API. |
| `settings.js` | Settings panel UI, toggle handlers, theme modal, background upload. |
| `settings.js` | Settings panel UI, toggle handlers, appearance modal, background upload. |
| `search.js` | Search bar with engine switching (Google, DuckDuckGo, Bing). |
| `onboarding.js` | Multi-slide first-run flow including the gaming starter board opt-in. |
| `widgets.js` | Widget manager — creates DOM, handles drag/resize/z-index, provides registry. See [widget-schema.md](widget-schema.md). |
| `notes.js` | Notes and checklists as widgets. Multi-instance (max 5). Notebook sidebar. Also handles widget toolbar events. |
| `calculator.js` | Calculator widget. Single-instance. Shunting-yard expression parser (no `eval()`). |
| `timer.js` | Timer/countdown widget. Single-instance. Presets, Web Audio API alarm, tab-title blink. |
| `image-ref.js` | Image reference widget. Multi-instance (max 3). Canvas API WebP conversion, sessionStorage for image data. |
| `onboarding.js` | Multi-slide onboarding flow. Gaming starter board opt-in. |
| `data.js` | JSON export/import with validation. Handles boards, notes, calculator history, timer presets. |
| `calculator.js` | Calculator widget. Single-instance. Shunting-yard expression parser no `eval()`. |
| `timer.js` | Timer/countdown widget. Single-instance. Presets, Web Audio API alarm, tab-title blink on completion. |
| `image-ref.js` | Image reference widget. Multi-instance (max 3). Canvas API WebP conversion, sessionStorage for image data — cleared on browser close. |
| `data.js` | JSON export/import with validation. Covers boards, notes, calculator history and timer presets. |
| `app.js` | Entry point. Calls `init()` on DOMContentLoaded. Clock, global event binding. |
| `dialog.js` | `HellionDialog.alert()` and `HellionDialog.confirm()` — custom styled dialogs replacing native browser dialogs. |
---
@@ -83,7 +90,7 @@ DOMContentLoaded
→ bindGlobalEvents() # Header buttons, modals
→ bindSettingsEvents() # Settings toggles, theme picker
→ initSearch() # Search bar
→ migrateSticky() # Legacy sticky note migration
→ migrateSticky() # Legacy sticky note migration (v1.5.x → v1.6+)
→ Notes.init() # Notes + widget toolbar
→ Calculator.init() # Calculator widget
→ Timer.init() # Timer widget
@@ -96,7 +103,7 @@ DOMContentLoaded
## Script Load Order
Scripts are loaded in `newtab.html` in dependency order:
Scripts are loaded in `newtab.html` in dependency order. A module may only reference modules loaded before it — there is no bundler to handle this automatically.
```html
<script src="src/js/dialog.js"></script>
@@ -117,8 +124,6 @@ Scripts are loaded in `newtab.html` in dependency order:
<script src="src/js/app.js"></script>
```
**Rule:** A module may only reference modules loaded before it.
---
## Z-Index Hierarchy
@@ -133,7 +138,7 @@ Scripts are loaded in `newtab.html` in dependency order:
| Dialogs / Modals | 300 | `.hellion-dialog-overlay`, modals |
| Onboarding | 400 | `#onboardingOverlay` |
Widgets use incrementing z-index (`WidgetManager._topZ++`) to stack above each other on click.
Widgets use an incrementing z-index (`WidgetManager._topZ++`) so the last clicked widget always sits on top.
---
@@ -143,9 +148,9 @@ Widgets use incrementing z-index (`WidgetManager._topZ++`) to stack above each o
|---|---|---|
| `boards` | Array | Board objects with bookmarks |
| `settings` | Object | User preferences (theme, toggles, etc.) |
| `widgetStates` | Object | All widget data (see [widget-schema.md](widget-schema.md)) |
| `onboardingDone` | Boolean | Whether onboarding has been completed |
| `lastBackupReminder` | Number | Timestamp of last backup reminder |
| `widgetStates` | Object | All widget data see [widget-schema.md](widget-schema.md) |
| `onboardingDone` | Boolean | Whether the first-run onboarding has been completed |
| `lastBackupReminder` | Number | Timestamp of the last backup reminder |
---
@@ -160,4 +165,5 @@ Widgets use incrementing z-index (`WidgetManager._topZ++`) to stack above each o
| Opera / GX | Chromium MV3 | `manifest.opera.json` |
| Firefox | Gecko MV3 | `manifest.firefox.json` |
Changes affecting manifest fields must be synchronized across all three manifest files.
Any change that touches manifest fields — version numbers, permissions, content scripts —
needs to be applied to all three files. The CI quality check will catch it if they drift out of sync.
docs/patterns.md
+41 -43
View File
@@ -1,5 +1,11 @@
# Hellion Dashboard — Code Patterns & Conventions
> This document is intentionally written in English. Full German/English i18n support
> is planned for v2.0 — until then, English keeps the docs accessible to anyone
> who wants to contribute or fork the project.
---
## Core Principles
- **Vanilla JS ES2020** — No frameworks, no TypeScript, no build step
@@ -15,7 +21,7 @@
**File:** `src/js/storage.js`
All persistent data goes through the `Store` object. Never access `chrome.storage` or `localStorage` directly.
All persistent data goes through the `Store` object. Never access `chrome.storage` or `localStorage` directly`Store` handles the fallback between the two transparently and provides unified error handling when storage is full.
```javascript
// Reading
@@ -30,13 +36,11 @@ await Store.set('settings', settings);
await Store.checkQuota();
```
**Why?** The `Store` handles the chrome.storage / localStorage fallback transparently. It also provides unified error handling (shows a dialog when storage is full).
---
## Pattern: Event Delegation
Instead of attaching listeners to each element, attach one to the container and use `closest()` to find the target.
One listener on the container, `closest()` to find the target. Much cleaner than attaching a listener to every single element, and it works automatically for dynamically added content.
```javascript
// GOOD — one listener, handles all bookmarks
@@ -53,13 +57,13 @@ bookmarks.forEach(bm => {
});
```
**Used in:** `boards.js` (board/bookmark events), `notes.js` (toolbar), `calculator.js` (button grid)
Used in `boards.js` (board/bookmark events), `notes.js` (toolbar) and `calculator.js` (button grid).
---
## Pattern: createElement over innerHTML
Always build DOM with `document.createElement()`. This prevents XSS and is the project's #1 security rule.
Always build DOM with `document.createElement()`. This is the project's #1 security rule`innerHTML` with user-provided content is an XSS risk, full stop.
```javascript
// GOOD
@@ -76,7 +80,7 @@ container.innerHTML = `<a href="${url}">${title}</a>`;
## Pattern: Shared Storage Key
Multiple widget modules share the `widgetStates` key. Every module must read-before-write and preserve other modules' data.
All widget modules share the `widgetStates` storage key. Every module that writes to it must read first and preserve what's already there — otherwise modules silently overwrite each other's data.
```javascript
async save() {
@@ -85,7 +89,7 @@ async save() {
// Write your own data
data.yourKey = { /* ... */ };
// DON'T overwrite — the key already contains other modules' data
// Don't replace the whole object — other modules live here too
await Store.set('widgetStates', data);
}
```
@@ -96,13 +100,13 @@ See [widget-schema.md](widget-schema.md) for the full `widgetStates` structure.
## Pattern: Widget Lifecycle Hooks
Single-instance widgets (Calculator, Timer) need to know when they're closed, minimized, or reopened. They wrap `WidgetManager` methods in their `init()`:
Single-instance widgets (Calculator, Timer) need to react when they're closed, minimized, or reopened. They do this by wrapping `WidgetManager` methods in their `init()`.
```javascript
async init() {
// Wrap close
const prevClose = WidgetManager.close;
const self = this;
WidgetManager.close = function(id) {
prevClose.call(WidgetManager, id);
if (id === self.WIDGET_ID) {
@@ -110,7 +114,6 @@ async init() {
}
};
// Wrap minimize
const prevMinimize = WidgetManager.minimize;
WidgetManager.minimize = async function(id) {
await prevMinimize.call(WidgetManager, id);
@@ -122,13 +125,13 @@ async init() {
}
```
**Important:** Multiple widgets chain these wraps. Calculator wraps first, Timer wraps Calculator's already-wrapped version, and so on. The chain must not break.
Multiple widgets chain these wraps Calculator wraps first, Timer wraps Calculator's already-wrapped version, and so on. Always call the previous method (`prevClose.call(...)`) or the chain breaks and other widgets stop responding.
---
## Pattern: Debounced Save
For frequent updates (typing in notes, moving widgets), use debounced saves to avoid excessive storage writes:
For frequent updates like typing in notes or dragging widgets, debouncing avoids hammering storage with a write on every keystroke.
```javascript
_saveTimer: null,
@@ -138,20 +141,20 @@ _debouncedSave() {
this._saveTimer = setTimeout(() => this.save(), 500);
}
// Usage: call _debouncedSave() instead of save() for frequent events
// Use _debouncedSave() instead of save() for frequent events
textarea.addEventListener('input', () => {
noteData.content = textarea.value;
this._debouncedSave();
});
```
**Used in:** `notes.js` (text editing), `image-ref.js` (label editing)
Used in `notes.js` (text editing) and `image-ref.js` (label editing).
---
## Pattern: Theme System
All themes use CSS Custom Properties defined in `[data-theme="name"]` blocks:
All themes use CSS Custom Properties in `[data-theme="name"]` blocks in `main.css`. There are currently 11 themes.
```css
[data-theme="nebula"] {
@@ -164,55 +167,51 @@ All themes use CSS Custom Properties defined in `[data-theme="name"]` blocks:
}
```
**Never hardcode colors in JS.** Use CSS classes or variables:
Never hardcode colors in JS. Let CSS handle it.
```javascript
// GOOD — let CSS handle colors
// GOOD
element.classList.add('active');
// BAD — hardcoded color
// BAD — breaks every theme that isn't Nebula
element.style.color = '#7db3ff';
```
8 themes are available: Nebula, Crescent, Event Horizon, Merchantman, Julia & Jin, SC Sunset, Hellion HUD, Hellion Energy.
---
## Pattern: Onboarding Slides
The onboarding system (`onboarding.js`) uses a data-driven slide array. Each slide is an object with rendering hints:
The onboarding system in `onboarding.js` is data-driven. Each slide is a plain object — add a new slide by adding an object to the `slides` array, the `_render()` method handles the rest.
```javascript
{
hero: '🎮', // Large emoji/icon
title: 'Slide Title', // Heading
text: 'Description...', // Optional text paragraph
title: 'Slide Title',
text: 'Optional description',
features: ['Item 1', ...], // Optional bullet list
showThemes: true, // Optional theme grid
interactive: 'gaming-board' // Optional custom buttons
}
```
The `_render()` method reads these properties and builds the DOM. To add a new slide, just add an object to the `slides` array.
---
## Pattern: Dialog System
Custom dialogs replace native `alert()` and `confirm()`:
Custom dialogs replace native `alert()` and `confirm()` everywhere in the project.
```javascript
// Alert (informational)
// Informational
await HellionDialog.alert('Message text', {
type: 'info', // 'info', 'success', 'warning', 'danger'
title: 'Title'
});
// Confirm (yes/no)
// Yes/no
const ok = await HellionDialog.confirm('Are you sure?', {
type: 'danger',
title: 'Delete',
confirmText: 'Delete', // Custom button text
confirmText: 'Delete',
cancelText: 'Cancel'
});
if (ok) { /* user confirmed */ }
@@ -222,7 +221,7 @@ if (ok) { /* user confirmed */ }
## Pattern: Pointer Events for Drag
Widget dragging and board reordering use the Pointer Events API (not mouse events):
Widget dragging and board reordering use the Pointer Events API instead of mouse events. The reason: Pointer Events work with both mouse and touch, and `setPointerCapture` keeps the events flowing even if the cursor leaves the element mid-drag.
```javascript
element.addEventListener('pointerdown', (e) => {
@@ -243,13 +242,11 @@ element.addEventListener('pointerdown', (e) => {
});
```
**Why Pointer Events over Mouse Events?** They work with both mouse and touch, and `setPointerCapture` ensures events continue even if the cursor leaves the element.
---
## Pattern: Canvas API Image Processing
The image reference widget converts uploaded images to WebP for smaller size:
The image reference widget converts uploaded images to WebP locally in the browser — no external service, no upload, nothing leaves the device.
```javascript
_processFile(file) {
@@ -264,7 +261,7 @@ _processFile(file) {
const ctx = canvas.getContext('2d');
ctx.drawImage(img, 0, 0);
const webpUrl = canvas.toDataURL('image/webp', 0.85);
URL.revokeObjectURL(objectUrl);
URL.revokeObjectURL(objectUrl); // Always free the object URL
resolve(webpUrl);
};
@@ -278,7 +275,7 @@ _processFile(file) {
}
```
**Important:** Always call `URL.revokeObjectURL()` to free memory.
Always call `URL.revokeObjectURL()` after the image has loaded — skipping it leaks memory.
---
@@ -287,24 +284,25 @@ _processFile(file) {
| Rule | Rationale |
|---|---|
| `createElement` only, never `innerHTML` | XSS prevention |
| All storage through `Store` | Browser compatibility |
| CSS variables, no hardcoded colors | Theme support |
| Event delegation | Performance, dynamic content |
| All storage through `Store` | Browser compatibility + unified error handling |
| CSS variables, no hardcoded colors | Theme support across all 11 themes |
| Event delegation | Performance, works with dynamic content |
| `const`/`let`, never `var` | Block scoping |
| No external dependencies | Extension simplicity |
| No build step | Direct development |
| JSDoc comments on public functions | Documentation |
| No build step | Direct development, no toolchain to break |
| JSDoc comments on public functions | Documentation for contributors |
| URL validation before `href` | Security |
| Error handling on storage operations | Graceful failure |
| `URL.revokeObjectURL()` after Canvas ops | Memory management |
---
## Manifest Synchronization
Three manifest files must stay in sync:
Three manifest files must always stay in sync:
- `manifest.json` — Chrome, Edge, Brave, Vivaldi
- `manifest.firefox.json` — Firefox
- `manifest.opera.json` — Opera, Opera GX
When changing version numbers, permissions, or content script entries, update all three files.
Version numbers, permissions and content script entries need to be updated in all three. The CI quality check will catch drift, but it's cleaner not to let it get there in the first place.
docs/widget-schema.md
+46 -49
View File
@@ -1,8 +1,14 @@
# Hellion Dashboard — Widget Schema
> This document is intentionally written in English. Full German/English i18n support
> is planned for v2.0 — until then, English keeps the docs accessible to anyone
> who wants to contribute or fork the project.
---
## Overview
The widget system provides draggable, resizable floating panels managed by `WidgetManager` (`src/js/widgets.js`). Each widget type has its own module that handles content rendering and state management.
The widget system provides draggable, resizable floating panels managed by `WidgetManager` (`src/js/widgets.js`). Each widget type has its own module that handles content rendering and state management`WidgetManager` only knows about DOM and position, never about content.
---
@@ -21,7 +27,7 @@ The widget system provides draggable, resizable floating panels managed by `Widg
### `create(type, config) → string`
Creates a widget and appends it to the DOM.
Creates a widget and appends it to the DOM. Returns the widget ID.
```javascript
const id = WidgetManager.create('note', {
@@ -37,7 +43,7 @@ const id = WidgetManager.create('note', {
### `getBody(id) → HTMLElement | null`
Returns the `.widget-body` element for content rendering.
Returns the `.widget-body` element. This is where your module renders its content.
```javascript
const body = WidgetManager.getBody('widget_calculator');
@@ -46,7 +52,7 @@ if (body) Calculator.renderBody(body);
### `getState(id) → Object | null`
Returns the current widget state (position, size, open status).
Returns the current widget state position, size, open status.
```javascript
const state = WidgetManager.getState('widget_timer');
@@ -55,11 +61,11 @@ const state = WidgetManager.getState('widget_timer');
### `close(id)`
Permanently removes a widget from the DOM and registry.
Permanently removes a widget from the DOM and registry. No undo.
### `minimize(id)`
Hides a widget with animation. Widget remains in registry with `open: false`.
Hides a widget with animation. The widget stays in the registry with `open: false` so it can be restored.
### `openWidget(id)`
@@ -67,24 +73,24 @@ Restores a minimized widget with animation.
### `bringToFront(id)`
Increments z-index to bring widget above all others.
Increments z-index so the widget sits above everything else. Called automatically on `pointerdown`.
### `save() → Array`
Returns an array of all `type: 'note'` widget states. Used by `Notes.save()` to merge with note content data.
Returns an array of all `type: 'note'` widget states. Used by `Notes.save()` to merge position/size data with note content.
### `restore(renderCallback)`
Loads widget states from storage and recreates all note widgets. Only handles notes — single-instance widgets (calculator, timer) restore themselves in their own `init()`.
Loads widget states from storage and recreates all note widgets. Single-instance widgets (Calculator, Timer) restore themselves in their own `init()``restore()` only handles notes.
---
## Shared Storage Key: `widgetStates`
All widget modules share a single storage key. Each module's `save()` method must preserve other modules' data.
All widget modules share a single storage key. Every module's `save()` must read first and preserve whatever it doesn't own — otherwise modules silently wipe each other's data on every save.
```javascript
// Structure of widgetStates
// Full widgetStates structure
{
notes: [
{
@@ -95,7 +101,7 @@ All widget modules share a single storage key. Each module's `save()` method mus
x: 120, y: 80,
width: 280, height: 220,
open: true,
checklistItems: [], // For checklist template
checklistItems: [], // Only used by checklist template
checkedItems: [] // Checked item IDs
}
],
@@ -124,23 +130,24 @@ All widget modules share a single storage key. Each module's `save()` method mus
x: 200, y: 120,
width: 320, height: 280,
open: true
// Image data is NOT stored here — sessionStorage only
}
]
}
}
```
### Save Pattern — Preserving Other Modules' Data
### The Save Pattern
Every module that saves to `widgetStates` must read existing data first and preserve keys it doesn't own:
Every module that touches `widgetStates` must follow this pattern:
```javascript
// Example from notes.js
// From notes.js — same pattern applies to every widget module
async save() {
const existing = await Store.get(this.STORAGE_KEY);
const saveData = { notes: mergedNotes };
// Preserve other modules
// Preserve everything we don't own
if (existing && existing.calculator) saveData.calculator = existing.calculator;
if (existing && existing.timer) saveData.timer = existing.timer;
if (existing && existing.imageRef) saveData.imageRef = existing.imageRef;
@@ -153,20 +160,21 @@ async save() {
## Creating a New Widget Type
### Step 1: Choose Single or Multi-Instance
### Step 1: Single or Multi-Instance?
- **Single-instance** (like Calculator, Timer): One widget with a fixed ID. `toggle()` opens/closes.
- **Multi-instance** (like Notes, ImageRef): Multiple widgets with dynamic IDs. `create()` adds new ones.
**Single-instance** (Calculator, Timer style): one widget, fixed ID, `toggle()` opens and closes it.
**Multi-instance** (Notes, ImageRef style): multiple widgets, dynamic IDs, `create()` adds new ones.
### Step 2: Create the Module (`src/js/your-widget.js`)
### Step 2: Create the Module
Here's a minimal single-instance widget template. Follow the same structure — the lifecycle hooks especially are easy to get wrong.
```javascript
const YourWidget = {
WIDGET_ID: 'widget_yourwidget', // Fixed ID for single-instance
WIDGET_ID: 'widget_yourwidget',
STORAGE_KEY: 'widgetStates',
_isOpen: false,
// Load state from storage
async load() {
const data = await Store.get(this.STORAGE_KEY);
if (data && data.yourWidget) {
@@ -174,7 +182,6 @@ const YourWidget = {
}
},
// Save state, preserving other modules
async save() {
const data = await Store.get(this.STORAGE_KEY) || {};
if (data.notes === undefined) data.notes = [];
@@ -192,7 +199,6 @@ const YourWidget = {
await Store.set(this.STORAGE_KEY, data);
},
// Open widget
async open() {
if (this._isOpen) {
WidgetManager.bringToFront(this.WIDGET_ID);
@@ -219,7 +225,6 @@ const YourWidget = {
await this.save();
},
// Toggle open/close
async toggle() {
if (this._isOpen) {
const entry = WidgetManager._widgets.get(this.WIDGET_ID);
@@ -237,24 +242,23 @@ const YourWidget = {
}
},
// Render widget content
renderBody(bodyEl) {
bodyEl.textContent = '';
// Build your UI with createElement (never innerHTML!)
// Build your UI with createElement never innerHTML!
},
// Initialize and hook into lifecycle
async init() {
await this.load();
// Restore if was open last time
const data = await Store.get(this.STORAGE_KEY);
if (data && data.yourWidget && data.yourWidget.open) {
await this.open();
}
// Hook into close event
// Lifecycle hooks — always call the previous method first
// or you'll break every widget that wrapped before yours
const self = this;
const prevClose = WidgetManager.close;
WidgetManager.close = function(id) {
prevClose.call(WidgetManager, id);
@@ -264,7 +268,6 @@ const YourWidget = {
}
};
// Hook into minimize event
const prevMinimize = WidgetManager.minimize;
WidgetManager.minimize = async function(id) {
await prevMinimize.call(WidgetManager, id);
@@ -274,7 +277,6 @@ const YourWidget = {
}
};
// Hook into open event
const prevOpen = WidgetManager.openWidget;
WidgetManager.openWidget = async function(id) {
await prevOpen.call(WidgetManager, id);
@@ -293,38 +295,33 @@ const YourWidget = {
### Step 3: Integration Checklist
1. **`newtab.html`** — Add `<script>` tag (after `widgets.js`, before `data.js`)
2. **`newtab.html`** — Add toolbar button: `<button class="widget-toolbar-btn" data-action="your-action">`
3. **`notes.js`** — Add toolbar handler in `initToolbar()`: `} else if (action === 'your-action') { YourWidget.toggle(); }`
4. **`notes.js`** — Preserve your data in `save()`: `if (existing && existing.yourWidget) saveData.yourWidget = existing.yourWidget;`
5. **`app.js`** — Add `await YourWidget.init();` to the init sequence
6. **`src/css/main.css`** — Add widget-specific CSS styles
7. **`data.js`** — Add export/import logic (if data should be included in backups)
1. `newtab.html` — Add `<script>` tag after `widgets.js` and before `data.js`
2. `newtab.html` — Add toolbar button: `<button class="widget-toolbar-btn" data-action="your-action">`
3. `notes.js` — Add handler in `initToolbar()`: `else if (action === 'your-action') { YourWidget.toggle(); }`
4. `notes.js` — Preserve your key in `save()`: `if (existing && existing.yourWidget) saveData.yourWidget = existing.yourWidget;`
5. `app.js` — Add `await YourWidget.init();` to the init sequence
6. `main.css` — Add widget-specific styles
7. `data.js` — Add export/import logic if your data should survive a JSON backup
---
## Widget DOM Structure
Every widget created by `WidgetManager.create()` has this structure:
Every widget created by `WidgetManager.create()` has this structure. Your module renders into `.widget-body` via `renderBody()` — never touch the header or resize handle.
```html
<div class="widget" data-widget-id="widget_abc123"
style="left: 120px; top: 80px; width: 280px; height: 220px;">
<div class="widget-header">
<span class="widget-title">Title</span>
<div class="widget-header"> <!-- Drag handle -->
<span class="widget-title">Title</span> <!-- Double-click to edit, max 20 chars -->
<div class="widget-actions">
<button class="widget-btn widget-minimize"></button>
<button class="widget-btn widget-close"></button>
</div>
</div>
<div class="widget-body">
<!-- Your content goes here (via renderBody) -->
<!-- Your content goes here via renderBody() -->
</div>
<div class="widget-resize-handle"></div>
<div class="widget-resize-handle"></div> <!-- Bottom-right, visible on hover -->
</div>
```
- **Header** is the drag handle (Pointer Events)
- **Title** supports double-click to edit (contentEditable, max 20 chars)
- **Body** is where your module renders content
- **Resize handle** appears on hover (bottom-right corner)
src/css/STYLE_GUIDE.md
-101
View File
@@ -1,101 +0,0 @@
# ⬡ Hellion Dashboard — Design & Theme-System
Leitfaden für das visuelle Design des Hellion Dashboards. Definiert wie Themes aufgebaut
sind und welche Patterns konsistent eingehalten werden — für eine immersive, fokussierte
Nutzererfahrung.
---
## Design-Säulen
| Säule | Beschreibung |
|---|---|
| **Immersion** | Das Interface wirkt wie ein HUD das über der Szenerie schwebt — kein Fremdkörper |
| **Visual Clarity** | Gezielter `blur`-Einsatz trennt UI und Hintergrundbild — reduziert Reizüberflutung |
| **Harmonie** | Jedes Theme zieht seine Farben aus den dominanten Lichtquellen des Hintergrundbildes |
---
## Anatomie eines Themes
Jedes Theme folgt dieser Variablen-Struktur in `main.css`.
Für ein neues Theme diesen Block kopieren und anpassen:
```css
[data-theme="dein-theme-name"] {
/* 1. AKZENTE — Die Lichtquelle */
--accent: #HEXCODE; /* Hauptfarbe (Neon/Licht) */
--accent-dim: rgba(R, G, B, 0.12); /* Subtiler Hintergrund */
--accent-glow: rgba(R, G, B, 0.08); /* Glow für Logo & Uhr */
--border-accent: rgba(R, G, B, 0.25); /* Fokus-Rahmen */
/* 2. BASIS — Das Fundament */
--bg-primary: #HEXCODE; /* Dunkelster Punkt im Bild */
--bg-board: rgba(R, G, B, 0.55); /* Glas-Effekt der Boards */
/* 3. TEXT — Kontrast */
--text-primary: #FFFFFF; /* Klar lesbar, leicht getönt */
--text-secondary: #A0A0A0; /* Entsättigt für weniger Rauschen */
/* 4. OVERLAY — Vignette */
--overlay-bg: radial-gradient(
circle at center,
transparent 0%,
var(--bg-primary) 100%
);
}
```
---
## UI-Patterns
### Frosted Glass
Hardware-beschleunigter Blur für Lesbarkeit auf komplexen Hintergründen:
```css
backdrop-filter: blur(8px);
```
Erzeugt Tiefe und visuelle Ruhe hinter Text und UI-Elementen.
### Typografie-Hierarchie
| Font | Einsatz |
|---|---|
| **Rajdhani** | Display — Uhr, Titel, Logo. Alles was nach "System" aussieht |
| **Inter** | Body — Bookmark-Titel, Listen, interaktive Elemente |
| **Cinzel** | Fantasy — Exklusiv für Themes mit majestätischem oder antikem Vibe (Crescent, Julia & Jin) |
---
## Theme-Übersicht
| Theme | Akzentfarbe | Stimmung |
|---|---|---|
| Nebula | `#b359ff` Magenta | Chill, Cosmic |
| Crescent | `#d4bd8a` Gold | Luxury, Night |
| Event Horizon | `#9d5cff` Purple | Deep Space, Void |
| Merchantman | `#2eb8b8` Emerald | Industrial, Alien |
| Julia & Jin | `#7db3ff` Aetherial Blue | FFXIV Night |
| SC Sunset | `#ff8c3d` Amber | Emotional, Horizon |
| Hellion HUD | `#32ff6a` Neon Green | Tactical, Admin |
| Hellion Energy | `#1eff8e` Acid Green | Overdrive, Power |
---
## ADHS-Optimierung
Bei Hintergrundbildern mit vielen Details (z.B. Julia & Jin) den Board-Alpha erhöhen
und den Blur verstärken — das dimmt das Hintergrundrauschen und lässt das Gehirn
schneller die relevanten Informationen erfassen:
```css
--bg-board: rgba(R, G, B, 0.65);
backdrop-filter: blur(12px);
```
---
Entwickelt von **[Hellion Online Media — Florian Wathling](https://hellion-media.de)** — JonKazama-Hellion
src/js/opera/README.md
+26 -11
View File
@@ -1,8 +1,12 @@
# ⬡ Opera GX — New-Tab Workaround
Opera GX priorisiert die eigene Speed Dial Seite und ignoriert `chrome_url_overrides`
für entpackte Erweiterungen. Um das Hellion Dashboard trotzdem als New-Tab-Seite
zu etablieren, kommen zwei zusätzliche Skripte zum Einsatz.
Opera GX ist der einzige Browser in diesem Projekt der sich aktiv dagegen wehrt,
eine eigene New-Tab-Seite zu nutzen. Während Chrome, Edge, Firefox und selbst Vivaldi
einfach `chrome_url_overrides` respektieren, priorisiert Opera GX seine eigene
Speed Dial Seite und ignoriert den Standard-Override für entpackte Erweiterungen.
Das Ergebnis: vier Stunden Debugging, zwei Workaround-Skripte und ein Reddit-Thread
der tatsächlich geholfen hat. Hier ist was dabei rausgekommen ist.
---
@@ -11,8 +15,8 @@ zu etablieren, kommen zwei zusätzliche Skripte zum Einsatz.
| Browser | New-Tab Override | Zusatzaufwand |
|---|---|---|
| Chrome / Edge / Brave / Vivaldi | `chrome_url_overrides` | Keiner |
| Firefox | `chrome_url_overrides` (MV2) | Eigenes Manifest |
| Opera / Opera GX | Blockiert durch Speed Dial | Workaround nötig |
| Firefox | `chrome_url_overrides` (MV3) | Eigenes Manifest |
| Opera / Opera GX | Blockiert durch Speed Dial | Dieser Ordner hier |
---
@@ -20,25 +24,36 @@ zu etablieren, kommen zwei zusätzliche Skripte zum Einsatz.
### `background.js` — Tab-Management
Überwacht Tab-Aktivitäten im Hintergrund und greift ein bevor Opera seine Startseite lädt.
Überwacht Tab-Aktivitäten im Hintergrund und greift ein bevor Opera seine Startseite laden kann.
- Erkennt `opera://startpage/` und `chrome://startpage/`
- Leitet per `chrome.tabs.update` auf `newtab.html` um
- Prüft zusätzlich bei `onActivated` — auch im Hintergrund geladene Tabs werden sofort aktualisiert
- Prüft zusätzlich bei `onActivated`, weil Opera manche Tabs im Hintergrund lädt
und der erste Redirect dann nicht greift
### `redirect.js` — In-Page Redirect
Einige Opera-Systemprozesse sind so isoliert dass ein externer Eingriff nicht zuverlässig greift.
Manche Opera-Systemprozesse sind so weit isoliert dass ein externer Eingriff
nicht zuverlässig ankommt. Also nochmal von innen.
- Wird als Content Script in Opera-Startseiten-Bereiche injiziert
- Löst den Redirect bei `document_start` aus — minimale Verzögerung, kein Flackern
- Wird als Content Script direkt in Opera-Startseiten-Bereiche injiziert
- Löst den Redirect bei `document_start` aus, bevor die Speed Dial Seite
überhaupt anfangen kann sich aufzubauen
Ja, es braucht wirklich beide Skripte. Opera GX hat das so entschieden.
Das Gute daran: die GitHub Actions kümmern sich darum dass jeder Browser nur bekommt
was er braucht. Das Opera-ZIP enthält die Workaround-Skripte, das Chrome-ZIP nicht.
Wer sich das manuell zusammensuchen müsste wäre vermutlich genauso genervt wie ich
beim Debuggen war.
---
## Datenschutz
Kein Tracking, keine Speicherung, keine externen Requests.
Ausschließlich Standard-Browser-APIs `chrome.tabs` um die Kontrolle über den New Tab zurückzugewinnen.
Nur Standard-Browser-APIs, `chrome.tabs`, um zurückzubekommen was eigentlich
standardmäßig funktionieren sollte.
**100% lokal. 0% Analytics. Wie im gesamten Hellion NewTab Projekt.**