The digital transformation of India’s healthcare sector has revolutionized patient care, diagnostics, and operational efficiency. However, this growing reliance on digital platforms has also led to an exponential increase in the collection and processing of sensitive personal data. The Digital Personal Data Protection (DPDP) Act 2023 is a critical regulatory milestone, shaping how healthcare organizations manage patient data.
This blog explores the significance of the DPDP Act for hospitals, clinics, pharmaceutical companies, and other healthcare entities operating in India.
Building an Ethical and Trustworthy Healthcare Environment
Trust is the cornerstone of patient-provider relationships. The DPDP Act 2023 reinforces this trust by granting Data Principals (patients) fundamental rights over their digital health data, including access, correction, and erasure requests.
By complying with these regulations, healthcare organizations can demonstrate a commitment to patient privacy, strengthening relationships, and enhancing healthcare outcomes.
Strengthening Data Security in a High-Risk Sector
The healthcare industry is a prime target for cyberattacks due to the sensitivity and value of patient data, including medical history, treatment details, and financial records. The DPDP Act mandates that healthcare providers (Data Fiduciaries) implement comprehensive security measures to protect patient information from unauthorized access, disclosure, and breaches. This includes adopting technical and organizational safeguards to ensure data confidentiality, integrity, and availability.
Ensuring Regulatory Compliance and Avoiding Penalties
With strict compliance requirements, the Digital Personal Data Protection Act provides a robust legal framework for data protection in healthcare. Failure to comply can result in financial penalties of up to ₹250 crore for serious violations. By aligning data processing practices with regulatory requirements, healthcare entities can avoid legal risks, safeguard their reputation, and uphold ethical standards.
Promoting Patient Empowerment and Data Control
The DPDP Act empowers patients with greater control over their health data. Healthcare providers must establish transparent mechanisms for data collection and obtain explicit, informed, and unambiguous patient consent. Patients also have the right to know how their data is used, who has access, and for what purposes, reinforcing trust and accountability within the healthcare ecosystem.
Facilitating Innovation and Research with Safeguards
While prioritizing data privacy, the Digital Personal Data Protection Act also enables responsible data utilization for medical research, public health initiatives, and technological advancements. The Act provides pathways for the ethical use of anonymized or pseudonymized data, ensuring continued innovation while protecting patient rights. Healthcare organizations can leverage data analytics to improve treatment protocols and patient outcomes, provided they adhere to principles of data minimization and purpose limitation.
Key Obligations for Healthcare Providers under the DPDP Act
Healthcare organizations must comply with several critical obligations under the DPDP Act 2023:
Obtaining Valid Consent: Secure explicit patient consent for collecting and processing personal data for specified purposes.
Implementing Security Safeguards: To prevent breaches, deploy advanced security measures, such as encryption, access controls, and regular security audits.
Data Breach Notification: Promptly report data breaches to the Data Protection Board of India and affected patients.
Data Retention Limitations: Retain patient data only as long as necessary and ensure secure disposal once the purpose is fulfilled.
Addressing Patient Rights: Establish mechanisms for patients to access, correct, and erase their personal data while addressing privacy-related concerns.
Potential Appointment of a Data Protection Officer (DPO): Organizations processing large volumes of sensitive data may be required to appoint a DPO to oversee compliance efforts.
Navigating the Path to DPDP Compliance in Healthcare
Conducting a comprehensive data mapping exercise to understand how patient data is collected, stored, and shared.
Updating privacy policies and internal procedures to align with the Act’s compliance requirements.
Training employees on data protection best practices to ensure organization-wide compliance.
Investing in advanced data security technologies and establishing robust consent management and incident response mechanisms.
A Commitment to Data Privacy in Healthcare
The Digital Personal Data Protection Act 2023 is a transformative regulation for the healthcare industry in India. By embracing its principles, healthcare organizations can ensure compliance, strengthen patient trust, and build a secure, ethical, and innovation-driven ecosystem.
Seqrite offers cutting-edge security solutions to help healthcare providers protect patient data and seamlessly comply with the DPDP Act.
Hi Codrops community! My name is Andrea Biason, and I’m a Creative Frontend Developer currently living in Brescia. I spend my days at Adoratorio Studio, where we create award-winning interactive and immersive experiences by combining strategy, design, and technology.
Today, I’d like to present four diverse projects that showcase our approach and vision of what a web experience can be.
The Blue Desert is an R&D project developed to explore new ways of conveying information typically confined to PDFs, such as Global Impact Reports and corporate press releases.
We strongly believe in the power of storytelling to communicate data that might otherwise be overlooked — yet is truly future-defining — and we wanted to share that with the world.
The experience presents two narratives:
A sci-fi overarching narrative that follows a wanderer’s journey through his devastated world, forever altered by a catastrophic desertification phenomenon.
A data-driven narrative revealed through pins scattered across the experience, comparing the Climate Change Goals set by COP21 with the current progress — and shortcomings — we’ve made as a species.
While creating The Blue Desert, we aimed to maintain an immersive, sand-inspired aesthetic that complemented the narrative and setting — from the color palette to the font choices and design elements. This visual continuity is evident in everything from the smallest icons to the most noticeable transitions, and especially in the brushed, soft, and warm style of the 3D models that define the entire experience.
The smooth camera movements guiding the user through the various scenes were studied in meticulous detail and often refined throughout the development process.
We believe that attention to the smallest details is what makes or breaks an immersive experience — and there are many we’re particularly proud of. Each scene offers a unique interaction, such as the rapid flow of a waterfall, the blooming of flowers on tree crowns, or the rejuvenation of the blue desert when touched by the “Komai” blobs.
When it comes to overall navigation, we’re always struck by the profound, AI-generated voice-over — carefully refined by human hands — paired with the original soundtrack and a rich variety of sound effects tailored to each scene.
One final element we particularly love is the moment you break through the clouds at the start of the experience and arrive at the wanderer’s campsite. It immediately sets a deeper level of immersion from the very beginning.
Challenges
The wanderer’s aphorism at the beginning of the experience reflects the project’s learning journey: “The more we know, the more we realize we don’t know.”
And that’s exactly what we found ourselves grappling with throughout the creation of this unique digital experience.
The main challenges we faced included:
3D challenges: Coordinating multiple scenes in a continuous flow, ensuring smooth navigation, and optimizing exported assets. We also had to manage the project’s large scale — particularly handling cameras, backgrounds, and high-quality textures positioned close to the point of view.
Development challenges: Maintaining a consistent frame rate for users by implementing a dual optimization process for both desktop and mobile, along with leveraging Three.js’ frustum culling. The 3D and development teams worked closely together, experimenting with and implementing InstancedMesh, with a particular focus on Shader Materials and Vertex Shaders.
Personal Notes
In terms of R&D, The Blue Desert was definitely the most challenging project we engaged with in recent memory. This isn’t only true in terms of (heavily) expanding our understanding and knowledge of optimization and 3D/WebGL, but also in polishing (and in the beginning, often reworking) the art direction, camera movements, and not falling into the pitfall of “wanting every random idea to make it to the final experience.”
Given that the project was pretty much carried out in parallel between the 3D and Dev departments, the first phase for both teams consisted of a wide variety of specific experimentations that lasted from a few days to a week, in order to fully master — and then be able to customise to our needs — a variety of technical specifics, from texturing, UV map creation, and modeling, to understanding the shortcomings of optimisation tools like glTF-Transform, as well as specific tests on shaders and animations. The biggest lesson and achievement was definitely structuring (not without hardships) a smoother, more natural collaboration and hand-over process between the two teams.
Another unexpected outcome, given the unusual pairing of content and approach, was the audiences this experience gathered interest from: initially (and expectedly) from the design community, who enjoyed the story as well as the imaginative world it takes place in, the curated 3D models, and the original themes we produced for the experience. Secondly (and a bit unexpectedly), from many brands that took notice and reached out, finding the approach fresh and engaging as a way to highlight years of efforts in achieving higher sustainability standards.
Tech Stack
Vue.js, Three.js, GSAP, Howler.js, Blender
Ariostea is a brand of Iris Ceramica Group, one of the world’s largest ceramics producers and innovators. What initially started as a simple request for a new corporate website quickly evolved into a complete overhaul of their brand, positioning, and digital presentation.
The first step in the project was completely revisiting the former sitemap (which consisted of more than 40 first-level pages — a mess we had never seen before), reducing it to eight main pages.
What makes us particularly proud of this work is the thorough implementation of the brand design elements — most notably the smooth-cornered, rectangular shape of Ariostea’s slabs, which became a cornerstone of the design system — as well as the integration of the client’s PIM to automatically source and update product data, textures, 3D models, and the catalogue.
While corporate websites generally tend not to stand out as much as WebGL experiences or interactive experiments, we find great satisfaction in crafting well-polished, strategically sound, and functional platforms that — like in Ariostea’s case — will stand the test of time and may serve as a foundation for bolder experiments to follow, as we’ll soon see with ICG Galleries.
Challenges
Approaching the design and development for Ariostea, we knew we would face three main challenges. Let’s delve into them one by one:
The sheer scale of the project
As mentioned above, the gargantuan amount of information presented on the website proved to be the first challenge. While a careful restructuring streamlined the UI and header — going from 40-something elements (I’m still in disbelief typing this out) to around 8 — the information itself wasn’t going to be deleted. Having longer, richer pages therefore meant creating a more diverse array of modules working in unison, featuring a variety of image and text carousels to better organize the content consumption.
This was only the first step, as the richest section of the website was (who would’ve thought) the product catalogue — featuring more than 1,500 unique products.
Our main objective for the “Collections” page was to avoid overwhelming the user with such a diverse selection, which was also arbitrarily divided from a business — not user — perspective. We therefore created a progressive filter system, clearly displayed at the bottom-center, with intuitive options tailored to user needs such as appearance, application, and material size.
Finding a distinctive element / module / page that would take the project a step further
While integrating the brand guidelines into the design system as seamlessly as possible, we knew we wanted to design a single page that would set Ariostea apart — something that would act as a memorable visual for all users. That could only be the product page.
The design we chose to pursue presents an initial, card-like view featuring a texture preview, main data such as description and formats, and a sticky component showcasing the product name, collection, contact CTA, and the option to add the product to a wishlist.
The texture preview was integrated with a savvy, highly optimized WebGL, generatively sourcing from the client’s PIM and presenting an authentic slab, just like those seen in their showrooms.
Working in tandem with the brand’s IT to fail-proof the PIM connection
Given our extensive expertise in custom development and WebGL, as well as modular, consistent productions for corporate websites, the biggest challenge we faced was definitely coordinating and working in tandem with Ariostea’s technical team to smoothly integrate their PIM — a challenge that wasn’t accomplished without a wide range of creative solutions and nerve-wracking brainstorming sessions!
Personal Notes
Ariostea was our first time creating custom APIs to connect with the brand’s PIM — something that proved useful later on for developing other, more experiential projects for the group. Additionally, the delicate tuning of multiple animations to achieve a cohesive experience, with a strong focus on UX and content consumption rather than flashy, explosive transitions, was a careful effort that often goes unnoticed.
Iris Ceramica Group is one of the world leaders in ceramic production, with an ever-growing number of stunning showrooms around the world.
ICG Galleries are designed to showcase the breadth of the group’s products, brands, and innovations — simulating living environments, presenting new collaborations, and hosting talks and events.
Formerly represented only on the main company website, the objective of the immersive experience was to present ICG products in a contextualized setting, while also showcasing — through 3D and animations — the wide array of innovations and technologies developed by the company for ceramic surfaces. This idealized version of the Galleries was something the company had long been hoping to achieve digitally.
Based on three floors that highlight the group’s Values, Products, and Creations, the experience begins with a slider displaying the three isometric floor plans, allowing the user to start their journey freely from whichever floor they find most enticing.
While isometric views have been used in similar experiences before, for this project we were committed, first, to achieving a distinctive, warm, and refined art direction that embodied the group’s positioning and products — and second, to implementing them directly in the WebGL scene, rather than simply using images.
Each of the floors presents a custom-designed (and engineered!) space, beautifully adorned with surfaces and interior design elements from ICG — a process that, due to its level of detail, required painstaking shoulder-to-shoulder collaboration with the client. Animations were also created for each of the pins, ranging from simpler ones — like a selection of slabs being highlighted in the Material Library — to more advanced ones, such as the Caveau revealing itself behind the Vault, or a listening room coming to life on the ground floor to showcase the “Hypertouch” technology.
Given the numerous artistic and design collaborations the Group engages in, we also added a “bonus” floor — the Pop-Up Window — where a new setting or collaboration can be showcased every few months. We like this touch, as it allows the experience to evolve over time, not only in its more information-oriented pages.
The experience also includes two editorial pages: one showcasing every ICG location around the world, and the other highlighting the events organized at those locations.
Challenges
When proposing this project to the client, we knew it was something they hadn’t considered (or even thought possible!) before that moment. We also knew we were asking them to take a leap of faith, to some extent.
Being launched for the 2025 Milan Design Week (yes, you’re the first ones seeing this!), we’re incredibly proud to show how — through strategy, creative alignment, and close collaboration with the client — truly experiential and visually stunning results can be achieved, even in the B2B space.
Personal Notes
The final product we achieved with ICG Galleries is the result of many learnings from previous experiences — particularly in terms of WebGL experimentation — as well as a stable, proven tech stack and a well-oiled collaboration between the Dev and 3D teams.
Technically speaking, we’re very proud of the smoothness of the camera scrolling, as well as the synchronization of the pins with the 3D environment and its connected HTML overlays.
What definitely pushed us was adding a variety of animations to every interaction — from the technologies to the living spaces — creating an experience that didn’t feel like a static image, but rather a living, breathing space.
Emerging from the politically charged atmosphere of Bologna in the late ’70s, the Intrusion Project serves as a living tribute to Radio Alice — a pioneering force in the free radio movement that sparked a cultural revolution.
A project born from passion, it features seven audio-reactive shaders designed to amplify the powerful tracks of six genre-defining Italian underground artists, who reinterpreted the recording of the free radio’s final 23 minutes before it was broken into and shut down by police in 1977.
While designing the Radio Alice experience, we had two certainties. Design-wise, we wanted to reverse our usual approach by inviting members of our creative team who are typically less tied to digital to lead the design — intentionally foregoing recognized (and self-imposed) UI/UX standards in favor of a bolder, grittier experience.
Conceptually, we wanted to create an incisive moment that spoke directly to the gut of users, but we were also dead set on not letting the design and visuals overshadow the strong, generational narrative the project conveyed.
The design employs a brutalist aesthetic that emphasizes raw, unpolished elements — mirroring the disruptive nature of the radio station itself — while bringing the archival sounds of Radio Alice to life in a visually dynamic environment.
By creating a space where users can interact with and connect to the past, the site aims to embed the rebellious spirit of Radio Alice into our collective consciousness. The goal is to leave a trace as indelible as the events of 1977 themselves, encouraging new generations to absorb, reflect, and find inspiration in the courage of those voices.
Challenges
The first task for the project was defining a cohesive and scalable art direction for the seven audio-reactive shaders, tackled by our Interaction Designer in collaboration with the creative team. Once we had defined the visuals, the next challenge was transforming the source audio into texture via FFT (Fast Fourier Transform), an algorithm that breaks sound down into its individual frequencies, allowing our visuals to be influenced by a variety of inputs instead of just the combined track.
As always, when working on the web, optimization was also a key focus — aiming to create the lightest possible shaders that could perform well across all kinds of devices.
Taking a step back from the technical elements of the website, Radio Alice was one of the first opportunities for our Development team to implement shaders they hadn’t directly developed themselves, leading to a smoother collaboration with our Interaction Designer.
Personal Notes
We are particularly proud of the audio-reactive shaders. These not only create a mesmerizing visual experience synced to historical broadcasts but also embody Radio Alice’s chaos and creativity.
A detail we’d like to highlight is the ability to switch the experience’s color palette between three versions. The reason behind this choice is actually quite simple — and a bit childish: while the iconic red is how we showcase the project and probably the most authentic representation of Radio Alice, the black-and-white and white-on-black versions were just too stunning to leave out!
Tech Stack
Vue.js + Nuxt.js, OGL, GSAP, Web Audio Beat Detector
More about me
My academic background is anything but related to programming or design. I graduated from a classical high school and chose a university path that combined the worlds of communication, design, and development.
About 12 years ago, I began my journey at Studio Idee Materia, an independent creative agency in a small town in the province of Venice, with my latest project, Bertani, earning my first SOTD (Site of the Day) on Awwwards.
For the past 4 years, my path has become more focused on frontend development, since I joined Adoratorio Studio — an independent creative studio known for its drive toward innovation and the creation of deeply branded digital experiences.
Here, together with Andrea, Daniele, and the entire team, we share daily challenges and a philosophy that we try to convey and bring into the projects we develop.
Our Philosophy
It’s a philosophy based on obsessive attention to detail, the desire to always experiment with something new in each project, setting medium- to long-term goals, knowing that nothing is magically achieved overnight, and finally, being aware that the way we implement or approach a problem isn’t always the best one — but it’s the one that suits us best.
Our Stack
Depending on the needs of the project at hand, we’ve developed different stacks:
The most commonly used stack is based on Vue.js + Nuxt.js + WordPress as the backend. Nuxt is used in both of its variants: SSR mode on a Node.js server, and generate mode deployed via CI/CD on Firebase servers. This stack is used for all corporate projects — especially in generate mode — to meet SEO requirements.
For smaller and/or more experimental projects, or those without SEO concerns, we sometimes use a simpler stack that relies on Vite.js.
For projects involving 3D, we’ve developed two stacks as well: one using Three.js, and a lighter one using OGL — used when we only need to write shaders without relying on 3D models.
Looking forward
As for our current experimentations, we’re still refining our skills in Three.js — particularly in optimization, shader development, and workflow integration with the 3D team.
Another topic we deeply care about is accessibility, as we believe our projects — however flashy — should be accessible to everyone, without compromise.
Last but not least, and I felt this needed to be addressed: in such a fast-paced, ever-evolving digital world, we’re continuously finding ways to use AI as a tool to support our creative coding and ideas — not as a jack-of-all-trades meant to replace us.
Final thoughts
If you’re a young (or new) developer, my tip is: don’t be afraid to experiment. Today more than ever, technology evolves rapidly and offers infinite possibilities to create new and exciting things. Don’t limit yourself to what you already know — go out and explore uncharted territory.
When you experiment and try new things, sometimes it may end up like this:
Let’s dive deep into the CallerMemberName attribute and explore its usage from multiple angles. We’ll see various methods of invoking it, shedding light on how it is defined at compile time.
Table of Contents
Just a second! 🫷 If you are here, it means that you are a software developer.
So, you know that storage, networking, and domain management have a cost .
If you want to support this blog, please ensure that you have disabled the adblocker for this site. I configured Google AdSense to show as few ADS as possible – I don’t want to bother you with lots of ads, but I still need to add some to pay for the resources for my site.
Thank you for your understanding. – Davide
Method names change. And, if you are using method names in some places specifying them manually, you’ll spend a lot of time updating them.
Luckily for us, in C#, we can use an attribute named CallerMemberName.
This attribute can be applied to a parameter in the method signature so that its runtime value is the caller method’s name.
publicvoid SayMyName([CallerMemberName] string? methodName = null) =>
Console.WriteLine($"The method name is {methodName ?? "NULL"}!");
It’s important to note that the parameter must be a nullable string: this way if the caller sets its value, the actual value is set. Otherwise, the name of the caller method is used. Well, if the caller method has a name! 👀
Getting the caller method’s name via direct execution
Direct call with overridden name:
The method name is Walter White!
It’s important to note that the compiler sets the methodName parameter only if it is not otherwise specified.
This means that if you call SayMyName(null), the value will be null – because you explicitly declared the value.
privatevoid DirectCallWithNullName()
{
Console.WriteLine("Direct call with null name:");
SayMyName(null);
}
The printed text is then:
Direct call with null name:
The method name is NULL!
CallerMemberName when the method is called via an Action
Let’s see what happens when calling it via an Action:
publicvoid CallViaAction()
{
Console.WriteLine("Calling via Action:");
Action<int> action = (_) => SayMyName();
var singleElement = new List<int> { 1 };
singleElement.ForEach(s => action(s));
}
This method prints this text:
Calling via Action:
The method name is CallViaAction!
Now, things get interesting: the CallerMemberName attribute recognizes the method’s name that contains the overall expression, not just the actual caller.
We can see that, syntactically, the caller is the ForEach method (which is a method of the List<T> class). But, in the final result, the ForEach method is ignored, as the method is actually called by the CallViaAction method.
This can be verified by accessing the compiler-generated code, for example by using Sharplab.
At compile time, since no value is passed to the SayMyName method, it gets autopopulated with the parent method name. Then, the ForEach method calls SayMyName, but the methodName is already defined at compiled time.
Lambda executions and the CallerMemberName attribute
What if we try to execute the SayMyName method by accessing the root class (in this case, CallerMemberNameTests) as a dynamic type?
privatevoid CallViaDynamicInvocation()
{
Console.WriteLine("Calling via dynamic invocation:");
dynamic dynamicInstance = new CallerMemberNameTests(null);
dynamicInstance.SayMyName();
}
Oddly enough, the attribute does not work as could have expected, but it prints NULL:
Calling via dynamic invocation:
The method name is NULL!
This happens because, at compile time, there is no reference to the caller method.
privatevoid CallViaDynamicInvocation()
{
Console.WriteLine("Calling via dynamic invocation:");
object arg = new C();
if (<>o__0.<>p__0 == null)
{
Type typeFromHandle = typeof(C);
CSharpArgumentInfo[] array = new CSharpArgumentInfo[1];
array[0] = CSharpArgumentInfo.Create(CSharpArgumentInfoFlags.None, null);
<>o__0.<>p__0 = CallSite<Action<CallSite, object>>.Create(Microsoft.CSharp.RuntimeBinder.Binder.InvokeMember(CSharpBinderFlags.ResultDiscarded, "SayMyName", null, typeFromHandle, array));
}
<>o__0.<>p__0.Target(<>o__0.<>p__0, arg);
}
I have to admit that I don’t understand why this happens: if you want, drop a comment to explain to us what is going on, I’d love to learn more about it! 📩
Event handlers can get the method name
Then, we have custom events.
We define events in one place, but they are executed indirectly.
privatevoid CallViaEventHandler()
{
Console.WriteLine("Calling via events:");
var eventSource = new MyEventClass();
eventSource.MyEvent += (sender, e) => SayMyName();
eventSource.TriggerEvent();
}
publicclassMyEventClass{
publicevent EventHandler MyEvent;
publicvoid TriggerEvent() =>
// Raises an event which in our case calls SayMyName via subscribing lambda method MyEvent?.Invoke(this, EventArgs.Empty);
}
So, what will the result be? “Who” is the caller of this method?
Calling via events:
The method name is CallViaEventHandler!
Again, it all boils down to how the method is generated at compile time: even if the actual execution is performed “asynchronously” – I know, it’s not the most obvious word for this case – at compile time the method is declared by the CallViaEventHandler method.
CallerMemberName from the Class constructor
Lastly, what happens when we call it from the constructor?
public CallerMemberNameTests(IOutput output) : base(output)
{
Console.WriteLine("Calling from the constructor");
SayMyName();
}
We can consider constructors to be a special kind of method, but what’s in their names? What can we find?
Calling from the constructor
The method name is .ctor!
Yes, the actual method name is .ctor! Regardless of the class name, the constructor is considered to be a method with that specific internal name.
Wrapping up
In this article, we started from a “simple” topic but learned a few things about how code is compiled and the differences between runtime and compile time.
In modern web development, there are times when a page needs to refresh itself without the user pressing a button. Whether you are responding to updated content, clearing form inputs, or forcing a session reset, JavaScript provides a simple method for this task: location.reload().
This built-in method belongs to the window.location object and allows developers to programmatically reload the current web page. It is a concise and effective way to refresh a page under controlled conditions, without relying on user interaction.
What Is JavaScript location.reload()?
The location.reload() method refreshes the page it is called on. In essence, it behaves the same way a user would if they clicked the browser’s reload button. However, because it is called with JavaScript, the action can be triggered automatically or in response to specific events.
Here is the most basic usage:
location.reload();
This line of code tells the browser to reload the current page. It does not require any parameters by default and typically loads the page from the browser’s cache. Note that you can use our free resources (namely, online code editors) to follow along with this discussion.
Forcing a Hard Reload
Sometimes a regular reload is not enough, especially when you want to ensure that the browser fetches the latest version of the file from the server instead of using the cached copy. You can force a hard reload by passing true as a parameter:
location.reload(true);
However, it is important to note that modern browsers have deprecated this parameter in many cases. Instead, they treat all reloads the same. If you need to fully bypass the cache, server-side headers or a versioned URL might be a more reliable approach.
And let’s talk syntax:
So what about the false parameter? That reloads the page using the web browser cache. Note that false is also the default parameter. So if you run reload() without a parameter, you’re actually running object.reload(false). This is covered in the Mozilla developer docs.
So when do you use Location.reload(true)? One common situation is when the page has outdated information. A hard reload can also bypass caching issues on the client side.
Common Use Cases
The location.reload() method is used across a wide range of situations. Here are a few specific scenarios where it’s especially useful:
This use case helps clear form inputs or reset the page state after the form has been processed. You can test this in the online Javascript editor. No download required. Just enter the code and click run to immediately see how it looks.
2. Refresh after receiving new data:
In web applications that rely on live data, such as dashboards or status monitors, developers might use location.reload() to ensure the page displays the most current information after an update.
This is a simple way to give users control over when to reload, particularly in apps that fetch new content periodically.
4. Reload a Page Without Keeping the Current Page in Session History
This is another common use. It looks like this.
window.location.replace(window.location.href);
Basically, if a user presses the back button after they hit reload, they might be taken back to a page that no longer reflects the current application logic. The widow.location.replace() method navigates to a new URL, often the same one, and replaces the current page in the session history.
This effectively reloads the page without leaving a trace in the user’s history stack. It is particularly useful for login redirects, post-submission screens, or any scenario where you want to reset the page without allowing users to revisit the previous state using the back button.
Limitations and Best Practices
While location.reload() is useful; it should be used thoughtfully. Frequent or automatic reloads can frustrate users, especially if they disrupt input or navigation. In modern development, reloading an entire page is sometimes considered a heavy-handed approach.
For dynamic updates, using JavaScript to update only part of the page, through DOM manipulation or asynchronous fetch requests, is often more efficient and user-friendly.
Also, keep in mind that reloading clears unsaved user input and resets page state. It can also cause data to be resubmitted if the page was loaded through a form POST, which may trigger browser warnings or duplicate actions. If you’re looking for a job, make sure to brush up on this and any other common JavaScript interview questions.
Smarter Alternatives to Reloading the Page
While location.reload() is simple and effective, it is often more efficient to update only part of a page rather than reloading the entire thing. Reloading can interrupt the user experience, clear form inputs, and lead to unnecessary data usage. In many cases, developers turn to asynchronous techniques that allow content to be refreshed behind the scenes.
AJAX, which stands for Asynchronous JavaScript and XML, was one of the earliest ways to perform background data transfers without refreshing the page. It allows a web page to send or receive data from a server and update only the necessary parts of the interface. Although the term AJAX often brings to mind older syntax and XML data formats, the concept remains vital and is now commonly used with JSON and modern JavaScript methods.
One of the most popular modern approaches is the Fetch API. Introduced as a cleaner and more flexible alternative to XMLHttpRequest, the Fetch API uses promises to handle asynchronous requests. It allows developers to retrieve or send data from a server and then apply those updates directly to the page using the Document Object Model, or DOM.
This example retrieves data from the server and updates only a single element on the page. It is fast, efficient, and keeps the user interface responsive.
By using AJAX or the Fetch API, developers can create a more fluid and interactive experience. These tools allow for partial updates, background syncing, and real-time features without forcing users to wait for an entire page to reload. In a world where performance and responsiveness matter more than ever, these alternatives offer a more refined approach to managing content updates on the web.
Conclusion
The location.reload() method in JavaScript is a straightforward way to refresh the current web page. Whether used for resetting the interface or updating content, it offers a quick and accessible solution for common front-end challenges. But like all tools in web development, it should be used with an understanding of its impact on user experience.
Before reaching for a full page reload, consider whether updating the page’s content directly might serve your users better. When applied appropriately, location.reload() can be a useful addition to your JavaScript toolkit.
Want to put this into action? Add it to a JavaScript project and test it out.
🎨✨💻 Stay ahead of the curve with handpicked, high-quality frontend development and design news, picked freshly every single day. No fluff, no filler—just the most relevant insights, inspiring reads, and updates to keep you in the know.
Prefer a weekly digest in your inbox? No problem, we got you covered. Just subscribe here.
Yesterday Online PNG Tools smashed through 6.31M Google clicks and today it’s smashed through 6.32M Google clicks! That’s 10,000 new clicks in a single day – the smash train keeps on rollin’!
What Are Online PNG Tools?
Online PNG Tools offers a collection of easy-to-use web apps that help you work with PNG images right in your browser. It’s like a Swiss Army Knife for anything PNG-related. On this site, you can create transparent PNGs, edit icons, clean up logos, crop stamps, change colors of signatures, and customize stickers – there’s a tool for it all. The best part is that you don’t need to install anything or be a graphic designer. All tools are made for regular people who just want to get stuff done with their images. No sign-ups, no downloads – just quick and easy PNG editing tools.
Who Created Online PNG Tools?
Online PNG Tools were created by me and my team at Browserling. We’ve build simple, browser-based tools that anyone can use without needing to download or install anything. Along with PNG tools, we also work on cross-browser testing to help developers make sure their websites work great on all web browsers. Our mission is to make online tools that are fast, easy to use, and that are helpful for everyday tasks like editing icons, logos, and signatures.
Who Uses Online PNG Tools?
Online PNG Tools and Browserling are used by everyone – from casual users to professionals and even Fortune 100 companies. Casual users often use them to make memes, edit profile pictures, or remove backgrounds. Professionals use them to clean up logos, design icons, or prepare images for websites and apps.
SEQRITE Labs APT-Team has been tracking and has uncovered a campaign targeting the Baltic State Technical University, a well-known institution for various defense, aerospace, and advanced engineering programs that contribute to Russia’s military-industrial complex. Tracked as Operation HollowQuill, the campaign leverages weaponized decoy documents masquerading as official research invitations to infiltrate academic, governmental, and defense-related networks. The threat entity delivers a malicious RAR file which contains a .NET malware dropper, which further drops other Golang based shellcode loader along with legitimate OneDrive application and a decoy-based PDF with a final Cobalt Strike payload.
Key Targets
Industries Affected
Academic & Research Institutions
Military & Defense Industry.
Aerospace & Missile Technology
Government oriented research entities.
Geographical Focus
Infection Chain.
Initial Findings.
In the early months of 2025, our team found a malicious RAR archive file named as Исх 3548 о формировании государственных заданий на проведение фундаментальных и поисковых исследований БГТУ «ВОЕНМЕХ» им. Д.Ф. Устинова.rar , which translates to Outgoing 3548 on the formation of state assignments for conducting fundamental and exploratory research at BSTU ‘VOENMEKH’ named after D.F. Ustinov.rar surfaced on Virus Total. Upon investigation, we determined that this RAR has been used as a preliminary source of infection, containing a malicious .NET dropper which contains multiple other payloads along with a PDF based decoy.
The RAR archive contains a malicious .NET executable functioning as a dropper, named “Исх 3548 о формировании государственных заданий на проведение фундаментальных и поисковых исследований БГТУ «ВОЕНМЕХ» им. Д.Ф. Устинова” which also translates to Outgoing No. 3548 regarding the formation of state assignments for conducting fundamental and exploratory research at BSTU ‘VOENMEKH’ named after D.F. Ustinov. This dropper is responsible for deploying a legitimate OneDrive executable alongside a malicious shellcode loader written in Golang. Upon execution, the .NET executable performs several operations: one of them it deploys the Golang loader containing shellcode, injects the shellcode into the legitimate OneDrive process, and spawns a decoy document. Before delving into the technical details, let’s first examine the decoy document.
Looking into the decoy-document.
Upon looking into the decoy document, it turns out that this lure is a document related to the Ministry of Science and Higher Education of Russia, specifically concerning Baltic State Technical University “VOENMEKH” named after D.F. Ustinov. The document appears to be an official communication addressed to multiple organizations, potentially discussing state-assigned research projects or defense-related academic collaborations.
The above is a translated version of the initial sections of the decoy.
The contents and the entire decoy confirm that this PDF serves as a comprehensive guideline for the allocation of state-assigned research tasks, outlining the process for organizations to submit proposals for fundamental and applied research projects under the 2026-2028 budget cycle. It provides instructions for institutions, particularly those engaged in advanced scientific and technological research, on how to register their technological requests within the Unified State Information System for Scientific Research and Technological Projects (ЕГИСУ НИОКТР) before the specified deadline.
Now, looking into the later part of the decoy it can be seen that the decoy document provides additional information on the submission process for state-assigned research tasks, emphasizing that financial support for these projects will come from budgetary allocations through the Ministry of Science and Higher Education of Russia. Also, the document mentions contact details for inquiries of Bogdan Evgenyevich Melnikov, a senior researcher in the Department of Fundamental and Exploratory Research, with an email address for communication.
Well, at the end of this decoy, it can be seen that it has been signed by A.E. Shashurin, who is identified as a Doctor of Technical Sciences (д.т.н.), professor, and acting rector (и.о. ректора) of the institution. Overall, this lure document serves as an official communication from the Ministry of Science and Higher Education of Russia, providing guidelines for organizations regarding state-funded research initiatives.
Technical Analysis
We will divide our analysis into four main sections. First, we will examine the malicious RAR archive. Second, we will delve into the malicious .NET dropper. Third, we will focus on analyzing the working of the malicious Golang based shellcode injector and at the end, we will look into the malicious Cobalt Strike payload. This detailed exploration will shed light on the methodologies employed and provide insights into the threat actor’s tactics within this particular campaign.
Stage 1 – Malicious RAR File.
Upon examining the malicious RAR file, it contains another malicious executable named Исх 3548 о формировании государственных заданий на проведение фундаментальных и поисковых исследований БГТУ «ВОЕНМЕХ» им. Д.Ф. Устинова. After initial analysis of the file’s artefacts it was revealed it is a 32-bit .NET-based executable. In the next section, we will explore the functionality of this.NET executable.
Stage 2 – Malicious .NET malware-dropper.
Now, let us look into the workings of the .NET file which was compressed inside the RAR archive. As in the previous section we found that the binary is basically a 32-bit.NET executable, it is also renamed as SystemUpdaters.exe while we loaded it into analysis tools.
Upon looking inside, the sample, we found three interesting methods. Now let us dive deep into them.
Looking into the first method we can see that the Main function, we can see that it calls another method MyCustomApplicationContext . Let us analyze the method.
Next, looking into the method, we found that the code initially checks whether the decoy PDF is present inside the C:\Users\Appdata\Roaming\Documents location, in case the PDF file is not present, it goes ahead and copies the decoy, which is stored under the resources section, and writes it into the location.
Next, looking into the code further, we found that it checks if the file OneDrive.exe which is basically the legitimate OneDrive application exists, in case it does not find it on the desired location, it goes ahead and copies the legitimate application stored under the resource section, and writes it into the location.
Looking into the later part of code, we found that it checks for a file named as OneDrives_v2_1.exe under the location C:\Users\Appdata\Roaming\Driver , in case it did not find the file, just like similar files, it copies the executable from the resources section and writes it to the location.
Then looking into one of the most intriguing aspects of this dropper is its use of a shortcut (.lnk) file named X2yL.lnk as a persistence mechanism by placing it in the Windows Startup folder to ensure execution upon system boot. Upon analyzing the H3kT7fXw method, we observed that it is responsible for creating this shortcut file. The method utilizes WshShell to generate the .lnk file and assigns it a Microsoft Office-based icon, making it less suspicious. Additionally, the target path of the shortcut is set to the location where the malicious payload I.e., OneDrives_v2_1.exe is stored, ensuring its execution whenever the shortcut is triggered upon booting.
At the end, it goes ahead and spawns the decoy PDF into the screen. As, we conclude the analysis of the malicious .NET dropper, in the next sections, we will analyze the malicious executable dropped by this dropper.
Stage 3 – Malicious Golang Shellcode loader.
Initially, upon looking into the sample inside analysis tools. we can confirm that this executable is programmed using Golang. Next, we will look into the working of the shellcode loader and its injection mechanism.
Looking into the very first part of this shellcode loader, we found that the binary executes time_now function to initially capture the current system time, then it calls time_sleep which is also a Golang function with a hardcoded value, then again it calls the time_now function, which checks for the timestamp after the sleep. Then, it calls time_Time_Sub which checks the difference between the timestamp captured by the function and goes ahead and checks if the total sleep time is less then 6 seconds, in case the sleep duration is shorter, the program exits, this acts as a little anti-analysis technique.
Next, moving ahead and checking the code, we found that the legitimate OneDrive executable, which was dropped by the.NET dropper, that similar process is being created using the CreateProcess API in Golang, and the process is being created in a suspended mode.
Then, the shellcode which is already embedded in this loader binary is being read by using Golang function embed_FS_ReadFile which returns the shellcode.
Next, the shellcode which was returned by the previous function in a base64 encoded format is being decoded using Golang native function base64.StdEncoding.DecodeString and returned.
Then, the code basically uses a hardcoded 13-byte sized key, which is basically used to decode the entire shellcode.
Then finally, the code performs APC Injection technique to inject the shellcode inside the memory, by first starting with the process in a suspended state, followed by decoding and decrypting the shellcode, followed by allocating memory on the suspended OneDrive.exe process, then once the memory is allocated, it goes ahead and writes the shellcode inside the memory using WriteProcessMemory , then it uses QueueUserAPC API to queue a function call inside the main thread of the suspended OneDrive.exe process. Finally using ResumeThread which causes the queued APC function (containing the shellcode) to execute, effectively running the injected malicious code within the context of OneDrive.exe. Now, let us analyze some key artifacts of the shellcode.
Stage 4 -Shellcode overview.
Upon looking inside, the malicious shellcode and analyzing it we found that the shellcode is actually a loader, which works by initially loading a Windows wwanmm.dll library.
Once, the DLL is loaded it zeroes out the .text section of the DLL. It uses a windows API DllCanUnloadNow which helps to prepare the beacon in memory. Thus, further facilitating the working of the shellcode which is a Cobalt Strike beacon.
Further analyzing it becomes quite evident that the beacon is connecting to the C2-server, hosted by the attacker using certain user-agent. As, this tool is quite commonly used, therefore, we will not delve in-depth on the workings of the malicious beacon. The configuration of the beacon can be extracted as follows.
Extracted Configuration:
Method : GETHost[Command & Control] : phpsympfony.comUser-Agent : “Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko”
Hunting and Infrastructure.
Upon analysis of the shellcode injector programmed in Golang, we found little OPSEC related mistakes from the threat actor such as leaving Go-build ID along with the injector, which helped us to hunt for similar payloads, used by the same threat actor. The Go-build ID is as follows:
Now, looking into the infrastructural artefacts, the malicious command-and-control server which has been hosted at the domain phpsymfony[.]com , has been rotating the domain across multiples ASN services. Also, there has been a unique HTTP-Title which has also been rotated multiple times across the C2-server.
Looking into the response across the history we can see that the title Coming Soon – pariaturzzphy.makebelievercorp[.]com has been set up multiple times.
Upon further searching for the same HTTP-Title, we found that a lot of hosts are serving the same title, out of which some of them are serving malicious binaries such as ASyncRAT and much more.
Looking into the ASNs, the C2 server has been rotating since the date of activation. The list is as follows.
ASN
Geolocation
Owner
AS13335
United States
Cloudflare Net
AS35916
United States
MULTA-ASN1
AS135377
Hong Kong
UCLOUD-HK-AS-AP UCLOUD INFORMATION TECHNOLOGY HK LIMITED
AS174
United States
COGENT-174
AS47846
Germany
SEDO-AS
AS8560
🌍 Unknown
IONOS-AS
Conclusion
We have found that a threat actor is targeting the Baltic Technical University using research themed lure where they have been using a.NET dropper to shellcode loader finally delivering a Cobalt Strike in-memory implant. Analyzing the overall campaign and TTPs employed by the threat actor, we can conclude that the threat actor has started targeting few months back since December 2024.
SEQRITE Protection.
Trojan.Ghanarava.1738100518c73fdb
Trojan.Ghanarava.1735165667615275
IOCs.
MD5
Filename
ab310ddf9267ed5d613bcc0e52c71a08
Исх 3548 о формировании государственных заданий на проведение фундаментальных и поисковых исследований БГТУ «ВОЕНМЕХ» им. Д.Ф. Устинова.rar
fad1ddfb40a8786c1dd2b50dc9615275
SystemsUpdaters.exe
cac4db5c6ecfffe984d5d1df1bc73fdb
OneDrives_v2_1.exe
C2
phpsymfony[.]com
hxxps://phpsymfony[.]com/css3/index2.shtml
MITRE ATT&CK.
Tactic
Technique ID
Name
Initial Access
T1566.001
Phishing: Spear phishing Attachment
Execution
T1204.002
T1053.005
User Execution: Malicious File
Scheduled Task.
Persistence
T1547.001
Registry Run Keys / Startup Folder
Defense Evasion
T1036 T1027.009 T1055.004 T1497.003
Masquerading Embedded Payloads. Asynchronous Procedure Call Time Based Evasion
In past Developer Spotlights, we’ve featured devs who’ve pushed the craft of building award-winning websites. But web development is more than just translating great design—Max Barvian is one of those pioneering devs who have a deep understanding of the core mechanics of frontend development. In 2024, he shared one of the coolest CSS-powered, scroll-driven animations with us here on Codrops. We can’t shine the light enough on Max, as his work represents the next frontier in web development—one that merges deep technical knowledge with creative experimentation.
Hi! My name is Max Barvian. I’m a UI engineer currently working at Clerk.
NumberFlow is an animated number component for React, Vue, Svelte, and vanilla TS/JS. It was heavily inspired by the number animations in the wonderful Family app:
The inspiration for NumberFlow. Video by Benji Taylor.
The response to NumberFlow has been surreal. 𝕏 is currently using it for their analytics dashboard, and Elon Musk even retweeted this screenshot of it:
When it came time to rebuild my portfolio last year, my goal was to make some combination of Godly and the Apple TV home screen. I’d really wanted a site like that for years, with a grid of project videos that smoothly transitioned into detail pages, but never felt confident about pulling it off. Then I found the View Transitions API. Despite its shortcomings (i.e. no interruption handling), it felt like the perfect tool for the job. View Transitions using snapshots of “old” views seemed perfect for the video grid, and meant I wouldn’t have to worry about animating a bunch of <video> elements at the same time. Ultimately, I had to use a few more tricks to get decent performance during the transitions, but I still can’t imagine having built the site with anything else. I was honored when Googlers Addy Osmani and Una Kravets shared my little site as a demo for View Transitions.
I stumbled upon this incredible design by Kevin Pham on Dribbble a couple years ago and immediately fell in love with it. I had wanted to experiment with CSS Scroll Snapping and 3D scenes for a while, and this seemed like the perfect candidate. I ended up using React Three Fiber, Motion for React, and Tailwind to implement it. It’s not perfect (there’s a pesky bug with mobile Safari on the last slide that I haven’t been able to fix), but I’m pretty happy with how it turned out. I was honored when Guillermo Rauch, Paul Henschel, Matt Perry, and Three.js all reposted it.
This work is probably the most boring on the list but I’m still happy with it. I was working on a Tailwind plugin for CSS clamp() when I encountered some longstanding accessibility issues with fluid type. I didn’t want to bring those issues into my plugin, so I spent a whole Sunday watching math videos on YouTube and talking to my physicist brother to figure out how to work around them. I eventually published the results in Smashing Magazine with some help from their great editors there, and was honored to see Adrian Roselli reference the work in his original article. Utopia, a popular fluid clamp generator, also integrated the findings into their tool.
About me
I got into creative development in a 7th grade journalism class, when my teacher made me the webmaster for our school newspaper. I asked my parents for Dreamweaver that year for Christmas and got my first freelance client a year after that. I’ve since moved on from Dreamweaver 🙂, but I’ve never wanted to do anything else professionally. I feel lucky that I’ve been able to make a career out of my passion.
Current challenges
At Clerk I’m working on building the component library we use for our dashboard. It’s been a fun challenge to try to build something that equally emphasizes UX and DX! I hope to share more on 𝕏 as it progresses. React Aria Components has been a huge inspiration here.
Tools
I basically live in VS Code writing React, Tailwind, and Motion code all day.
Philosophy
Someone I follow on 𝕏 thought NumberFlow was a good example of a quote by Charlie Munger:
“Take a simple idea and take it seriously.” —Charlie Munger
That’s stuck with me over the last few months, and I think it’s increased my enjoyment of projects I previously would’ve dismissed as too routine or boring.
It’s an honor to be featured on a site I’ve been reading my whole career. Thanks a lot, Manoela and the Codrops team!
