The Xerobit Blog
Deep-dives on the developer-utility topics our tools cover — JSON, encoding, regex, timestamps, color, CSS, and the rest. RFC-accurate, code-tested, no fluff.
JWT Security Checklist for 2026
Twelve checks every JWT implementation should pass before shipping. The actual checklist used by security teams, with the failure mode each prevents.
URL Encoding: The 7 Bugs That Break Your API
Every API has at least one URL-encoding bug. Here are the seven I see most — what each looks like in production, the symptom, and the fix.
Percent Encoding and RFC 3986 Explained
Why is `+` sometimes a space and sometimes a literal plus? Why does `%2520` show up in your logs? RFC 3986 percent-encoding, end to end, with the rules nobody quite remembers.
Hex, RGB, HSL, OKLCH: Which to Pick in 2026
Four CSS color formats, four different audiences. This is what each is good at, why OKLCH is the 2026 upgrade, and a practical guide for which to use where.
WCAG Contrast Explained (AA vs AAA, When It Matters)
Color contrast determines who can read your interface. This is the WCAG math, the four thresholds, the difference from APCA, and how to actually fix violations.
Decoding a JWT Is Not the Same as Verifying It
Every JWT bug in production reduces to the same mistake: trusting a decoded token without verifying its signature. The difference, the consequences, and how to do it right.
When You Should NOT Use Base64 Encoding
Base64 is the duct tape of the web — and like real duct tape, it's used in places it absolutely shouldn't be. The five anti-patterns and what to do instead.
Base64: How It Actually Works Under the Hood
Base64 is everywhere — in JWTs, data URLs, email attachments. This is the byte-level walkthrough of what it does, why it grows files by 33%, and the URL-safe variant.
The 10 Most Common JSON Validation Errors (and How to Fix Them)
Every JSON parse error in production traces back to one of ten root causes. This is the field guide — what each error means, why it happened, and the exact fix.
What Is JSON and Why You Should Always Format It
JSON is the universal data format of the modern web. This is what it actually is, why formatting matters even for machines, and how to keep your sanity when JSON breaks.