A professional-grade, client-side-only platform providing 19 essential tools for software developers, system administrators, and web engineers. All operations execute locally in your browser — your data never leaves your device.
🔗 Live Platform: https://webdev-tools.info/
| 🔒 Privacy-First | ⚡ Performance | 🎯 Standards | 🌍 Global |
|---|---|---|---|
| Zero Server Processing All operations client-side |
No Network Latency Limited only by your CPU |
RFC/ISO Compliant Industry specifications |
6 Languages Full localization |
| No data transmission | Offline capable | IETF, NIST, W3C standards | EN, DE, ES, PT, FR, IT |
| No tracking, no logs | Bulk operations | Cryptographically secure | Native speaker reviewed |
Click to expand full table of contents
- 🎯 Why WebDev-Tools?
- ✨ Key Features
- 🔐 Security Architecture
- 🛠️ Available Tools
- 📜 Standards Compliance
- 📊 Quality Metrics
- 📈 Industry Comparison
- 🌍 Internationalization
- 💻 Technical Foundation
- 🤖 Development Methodology
- 🚀 Getting Started
- 🌐 Browser Compatibility
- 🧪 Testing & Quality Assurance
- 📚 Documentation
- 🗺️ Roadmap
- 🤝 Contributing
- 📄 License
- 🙏 Acknowledgments
- 📧 Contact & Support
|
Zero Data Transmission Philosophy
Philosophy: "The most secure server is no server at all" |
Blazing Fast, Always Available
No queues. No timeouts. No rate limits. |
|||||||||||||||||||||
|
Built on Industry Specifications
Not opinions. Standards. |
Truly International Platform Available in 6 languages with culturally-aware translations:
Dynamic switching — no page reload required |
WebDev-Tools implements a Privacy-by-Design architecture that eliminates common security risks associated with online utilities.
╔═══════════════════════════════════════════════════════════════╗
║ Your Browser (Client) ║
║ ┌─────────────────────────────────────────────────────────┐ ║
║ │ 1. Input Data (e.g., JWT token, password) │ ║
║ │ 2. JavaScript Processing (100% Local) │ ║
║ │ 3. Result Display (Never transmitted) │ ║
║ └─────────────────────────────────────────────────────────┘ ║
║ ║
║ ❌ NO server communication ║
║ ❌ NO data logging ║
║ ❌ NO third-party APIs ║
║ ❌ NO database storage ║
╚═══════════════════════════════════════════════════════════════╝
Impact: Zero attack surface for man-in-the-middle attacks, data breaches, or unauthorized access.
|
Security-critical tools utilize the Web Crypto API ( Entropy Sources:
Tools Using CSPRNG:
|
Multi-Layer Security Model:
|
| Risk Category | Server-Side Tools | WebDev-Tools (Client-Side) | Impact |
|---|---|---|---|
| Data Interception | (HTTPS mitigates but doesn't eliminate) |
✅ Eliminated (no transmission) |
🏆 Zero risk |
| Server Logs | ✅ No logs exist | 🏆 Untraceable | |
| Third-Party Access | ✅ No third parties | 🏆 Private | |
| MITM Attacks | ✅ No attack surface | 🏆 Immune | |
| Data Breach | ✅ No database | 🏆 Breach-proof | |
| Regulatory Compliance | ✅ Compliant by design | 🏆 Automatic |
Full Transparency — The complete source code is available for review and audit:
| Feature | Status | Link |
|---|---|---|
| 🔓 Public Repository | ✅ Available | github.com/RamonKaes/WebDev-Tools |
| 📋 MIT License | ✅ Open | Free to fork, modify, and distribute |
| 🔍 Community Review | ✅ Welcome | Anyone can inspect code and report security issues |
| 🛡️ Security Policy | ✅ Documented | See SECURITY.md |
Security researchers welcome — Found a vulnerability? See our Security Policy for responsible disclosure.
WebDev-Tools Security Checklist
| Security Feature | Status | Implementation |
|---|---|---|
| ✅ Subresource Integrity (SRI) | Enabled | All external libraries verified with SHA-384 hashes |
| ✅ Content Security Policy (CSP) | Strict | Nonce-based script execution, no inline code |
| ✅ Security Headers | Complete | HSTS, X-Frame-Options, CSP, Referrer-Policy, Permissions-Policy |
| ✅ Zero External Dependencies | Verified | Data processing uses only native browser APIs |
| ✅ No Tracking | Guaranteed | No cookies (except language), no analytics on tool usage |
| ✅ HTTPS Enforcement | Production | HSTS with 1-year max-age and includeSubDomains |
| ✅ XSS Protection | DOMPurify 3.0.9 | Sanitizes all user-generated content |
| ✅ OWASP Top 10 | 100% Compliant | All critical vulnerabilities mitigated |
Security Score: A+ (See Security Headers Report)
📚 Detailed Security Documentation: See SECURITY.md for comprehensive security architecture details.
All tools RFC/ISO compliant • Client-side only • Zero data transmission
| Tool | Standards | Key Features |
|---|---|---|
| UUID Generator | RFC 4122 RFC 9562 |
• Supports v1, v4, v7 (time-ordered) • Bulk generation (1-10,000) • CSPRNG for v4/v7 • Timestamp parsing for v1/v7 |
| Password Generator | NIST SP 800-63B |
• Customizable complexity • Real-time strength meter • Special character sets • CSPRNG randomness |
| Hash Generator | FIPS 180-4 |
• MD5, SHA-1/256/512 • HMAC support • File integrity verification • Bulk hashing |
| JWT Decoder | RFC 7519 |
• Header/payload parsing • Signature validation • Expiry checking • Claims extraction |
| Tool | Standards | Key Features |
|---|---|---|
| JSON Formatter & Validator | RFC 8259 |
• Syntax validation with error reporting • Tree view & collapsible nodes • Minification & beautification • Large file support (>10MB) |
| Code Formatter | Language-specific |
• HTML, CSS, JS, XML, SQL • Customizable indentation • Syntax highlighting • Error detection |
| Data Converter | YAML, TOML, CSV |
• JSON ↔ XML ↔ YAML ↔ CSV ↔ TOML • Bidirectional conversion • Syntax pre-validation • Preserves data types |
| Tool | Standards | Key Features |
|---|---|---|
| Base64 Encoder/Decoder | RFC 4648 |
• Standard & URL-safe variants • Binary file support • Data URIs for images • Batch processing |
| URL Encoder/Decoder | RFC 3986 |
• encodeURI vs encodeURIComponent• Component parsing (protocol, host, path) • Query string handling • Fragment identifier support |
| Punycode Converter | RFC 3492 (IDNA) |
• Internationalized domain names • Bidirectional conversion • IDN validation • Unicode character support |
| HTML Entity Encoder/Decoder | HTML5 |
• Named & numeric entities • XSS prevention escaping • Full HTML5 entity reference • Unicode support |
| Tool | Standards | Key Features |
|---|---|---|
| String Escaper | OWASP |
• HTML, SQL, JSON, CSV, JavaScript • Injection prevention • Context-aware escaping • Batch processing |
| Regex Tester | ECMAScript |
• Real-time matching • Pattern validation • Performance testing • Group capture display |
| Tool | Standards | Key Features |
|---|---|---|
| Aspect Ratio Calculator | N/A |
• Bidirectional ratio calculation • Width/height from ratio • Responsive design helper • Common aspect ratios (16:9, 4:3, etc.) |
| Px to Rem Converter | WCAG |
• Accessible typography • Custom base font size • Bulk conversion • Reverse conversion (rem → px) |
| QR Code Generator | ISO/IEC 18004 |
• Error correction levels (L, M, Q, H) • SVG/PNG export • WiFi/vCard/URL formats • Customizable size & color |
| Lorem Ipsum Generator | N/A |
• Configurable paragraphs/words • HTML tag injection • Layout testing • Copy-to-clipboard |
| Tool | Standards | Key Features |
|---|---|---|
| Character Reference | Unicode |
• Search by name/code • Category filtering • HTML entities, decimal, hex • Copy-to-clipboard |
| Emoji Reference | Unicode, W3C |
• Categorized emojis • HTML entities • Unicode codepoints • Searchable database |
🔍 Need something else?
Request a new tool • View Roadmap
WebDev-Tools adheres to established industry specifications to ensure reliability and interoperability:
- RFC 4648 — Base64 Data Encoding
- RFC 8259 — JSON Data Interchange Format
- RFC 4122 — UUID URN Namespace (v1, v4)
- RFC 9562 — UUID Formats (v6, v7, v8)
- RFC 7519 — JSON Web Token (JWT)
- RFC 3986 — Uniform Resource Identifier (URI) Generic Syntax
- RFC 3492 — Punycode (IDNA)
- ISO/IEC 18004 — QR Code Bar Code Symbology Specification
- SP 800-63B — Digital Identity Guidelines (Authentication and Lifecycle Management)
- WCAG 2.1 — Web Content Accessibility Guidelines
- HTML5 — Entity references and encoding
- ECMAScript — JavaScript language specification for regex and APIs
- FIPS 180-4 — Secure Hash Standard (SHA family)
- CSPRNG — Web Crypto API (
crypto.getRandomValues())
Validation: All implementations have been audited against their respective specifications. See our Technical Audit Report for detailed conformity analysis.
As part of an external review, four critical issues were identified and addressed:
- UUID v1 Security:
- Math.random was replaced with crypto.getRandomValues (CSPRNG)
- Unsafe fallbacks were removed and errors are surfaced in the UI
- Manifest Generator BASE_PATH:
- BASE_PATH is now read dynamically from
config.phpor via the CLI - URLs are validated and corrected for production environments
- BASE_PATH is now read dynamically from
- YAML→JSON Top-Level Lists:
- The parser now supports YAML lists at the root level
- Indentation issues were fixed
- JSON→CSV Empty Arrays:
- Validation and error handling were added for empty arrays
- Crash protection and clear error messages implemented
Key Takeaways:
- Never use
Math.randomfor security-sensitive functionality - Input validation and robust error handling are essential
- Build scripts must be environment-aware
- Automated checks help prevent regressions
All fixes have been implemented, tested, and documented. See the Code Review Report for details.
The platform provides complete localization across all tools and documentation:
| Language | Code | Scope |
|---|---|---|
| English | en |
Default language |
| German | de |
Full translation |
| Spanish | es |
Full translation |
| Portuguese | pt |
Full translation |
| French | fr |
Full translation |
| Italian | it |
Full translation |
- Static Content: Translated using GPT-5 Codex for technical accuracy
- Cultural Content: Translated using Claude Sonnet 4.5 for nuanced, contextually appropriate language
- Consistency: Centralized translation files ensure terminology consistency
- Quality Assurance: Manual review by native speakers for critical pages
Frontend:
├── Bootstrap 5.3.0 # UI framework (chosen for stability over Tailwind)
├── Bootstrap Icons 1.11.0 # Icon system
├── Vanilla JavaScript # No framework dependencies
└── Web Crypto API # Secure random number generation
Backend:
├── PHP 7.4+ # Server-side routing and templating
├── Apache 2.4+ # Web server with mod_rewrite
└── Client-side processing # No backend data processing
Architecture:
├── Responsive Design # Mobile-first approach
├── Progressive Enhancement # Works without JavaScript (where applicable)
├── Modular Components # Centralized tool template (partials/tool-base.php)
└── SEO Optimized # Dynamic sitemaps, meta tags
/var/www/html/WebDev-Tools/
├── index.php # Homepage
├── config/
│ ├── tools.php # Tool registry
│ ├── language-handler.php # i18n routing
│ ├── security-headers.php # CSP and security policies
│ └── i18n/ # Translation files
├── partials/
│ ├── tool-base.php # Centralized tool template
│ ├── header.php # Global header
│ └── footer.php # Global footer
├── assets/
│ ├── css/ # Stylesheets
│ ├── js/ # JavaScript utilities
│ └── img/ # Static assets
├── [tool-name]/
│ └── index.php # Individual tool (18 tools)
├── de/, es/, pt/, fr/, it/ # Language-specific directories
├── CHANGELOG.md # Version history
├── SECURITY.md # Security documentation
└── README.md # This file
Strict CSP enforced to prevent XSS attacks:
default-src 'self';
script-src 'self' 'nonce-{random}';
style-src 'self' 'nonce-{random}';
img-src 'self' data:;
font-src 'self';
connect-src 'none';
No inline scripts — All JavaScript uses nonce-based execution.
WebDev-Tools was developed using a hybrid human-AI approach that combines the efficiency of AI code generation with rigorous human oversight.
- Claude Sonnet 4.5 (Anthropic) — Primary coding assistant
- GitHub Copilot — Code completion and suggestion
- GPT-5 Codex (OpenAI) — Code review and translation
- Adversarial Review: Different AI models cross-review each other's code
- Human Architecture: All design decisions made by human developer
- Version Control: Git-based workflow with rollback capability (
git reset --hard) - Manual Testing: Comprehensive QA across all 108 tool instances (18 tools × 6 languages)
- Standards Validation: Conformity checks against RFC/ISO specifications
| Challenge | Mitigation |
|---|---|
| AI Hallucinations | Multiple AI models review each other's output |
| Framework Bias | Switched from Tailwind to Bootstrap for stability |
| Code Complexity | Enforced modular architecture with centralized templates |
| Translation Quality | Model selection based on content type (technical vs. cultural) |
Philosophy: "Done over Perfect" — Pragmatic choices favoring maintainability and reliability over cutting-edge trends.
NOTE: To keep the core project lightweight and focused on the tool collection, developer artifacts are located under /dev. Historical development harnesses have been removed from this repository.
This repository contains a small set of developer utilities and helper scripts under /dev used for optional local tasks. These utilities are intended solely for developers and do not affect production assets.
- Web Server (production): Apache/Nginx with PHP support — the live site (https://webdev-tools.info/) runs entirely as a PHP/Apache site and does not require Node.js or npm. All production assets are static/PHP and safe for hosting environments without Node.
- Local development (optional): Node.js/npm are useful convenience tools for developers (local servers, scripts) but are not required for the site to run in production. Use the PHP CLI or the
dev/start-server.shrouter for local testing when Node isn't available. - PHP: Version 7.4 or higher (8.x recommended)
- Browser: Modern browser with JavaScript enabled
-
Clone the repository:
git clone https://github.com/yourusername/WebDev-Tools.git cd WebDev-Tools -
Configure Apache: Ensure
.htaccessis enabled andmod_rewriteis active:<Directory /var/www/html/WebDev-Tools> AllowOverride All Require all granted </Directory>
-
Set permissions:
chmod -R 755 /var/www/html/WebDev-Tools
-
Access the platform: Navigate to
http://localhost/or your configured domain.
- Base URL: Set in
config/config.php(if exists) - Languages: Modify
config/language-handler.phpto add/remove languages - Tools: Register new tools in
config/tools.php
# Start local development server (PHP built-in)
php -S localhost:8000
# Or use the helper script
./dev/start-server.sh| Browser | Minimum Version | Notes |
|---|---|---|
| Chrome | 90+ | Fully supported |
| Firefox | 88+ | Fully supported |
| Safari | 14+ | Fully supported |
| Edge | 90+ | Fully supported |
| Opera | 76+ | Fully supported |
Requirements:
- JavaScript enabled
- Web Crypto API support (for CSPRNG tools)
- ES6+ support (modern JavaScript features)
Progressive Enhancement: Basic functionality available without JavaScript where applicable.
WebDev-Tools has undergone comprehensive third-party technical auditing:
✅ Functional Integrity: All 18 tools generate RFC/ISO-compliant output
✅ Security Architecture: Client-side-only execution verified
✅ Cryptographic Security: CSPRNG usage confirmed for sensitive operations
✅ Standards Adherence: Explicit referencing of normative specifications
✅ Development Quality: Modern QA processes with version control and code review
Classification: Industry-Standard Compliant / Safe for Professional Use
For detailed audit findings, see the technical reports in /docs/audit/ (if published).
We welcome contributions from the community! Here's how you can help:
- 🐛 Bug Reports: Found an issue? Open a GitHub issue with reproduction steps
- 🌐 Translations: Improve existing translations or add new languages
- 🔧 New Tools: Propose or implement additional developer utilities
- 📚 Documentation: Enhance README, add tutorials, improve code comments
- ♿ Accessibility: Improve WCAG compliance and screen reader support
- Fork the repository
- Create a feature branch:
git checkout -b feature/your-feature-name - Follow coding standards:
- Use Bootstrap classes for styling
- Maintain client-side-only architecture
- Add appropriate comments and documentation
- Verify thoroughly: Verify across multiple browsers and languages
- Submit a Pull Request with a clear description of changes
- All PRs reviewed for security implications
- Standards compliance verification
- Cross-browser testing
- Translation accuracy (for i18n changes)
As the sole maintainer of this repository, you can keep changes lightweight while remaining safe and traceable. We recommend the following minimal workflow:
- CI & Local checks: GitHub Actions workflows and in-repo CI files have been removed (see cleanup PR). For local verification, continue to use
./bin/checkwhich performs PHP syntax checks and a lightweight phar-based style check (no Composer required). Node/npm support has been removed from the repository. - Trivial changes (docs, typos): Commit directly to
mainafter running./bin/check:git add -A git commit -m "docs: fix typo" ./bin/check git push origin main - Code changes (recommended): Use a feature branch and a quick self-review PR. This keeps your change history clean and reversible:
git checkout -b feat/your-change ./bin/check git add -A git commit -m "feat: add ..." git push --set-upstream origin feat/your-change gh pr create --title "feat: add ..." --body "Short description"
- Merge policy: For most changes, merge PRs yourself once you're confident after running
./bin/checkand a quick smoke check in the browser. - Self-hosted runner (optional): If you want CI without GitHub minutes, consider a self-hosted runner (local machine or server you control). See
.github/NO_GITHUB_ACTIONS.md.
This workflow keeps friction low while ensuring code quality and traceability.
Detailed technical documentation is available in the /docs directory:
- Sitemap Generation - How sitemaps are automatically generated from tool configurations
- Code Splitting - Strategy for optimizing large tools (1000+ LOC)
- Logger Migration - Guide for unified error handling and logging
- JSDoc Status - Type annotations and documentation standards
- Test Suite - Comprehensive testing documentation
- Note: Legacy E2E test harnesses were archived in the
archive/legacy-scriptsbranch to keep the main repository lightweight.
- Development Server - Local development setup
- i18n Translations - Internationalization guide
See docs/README.md for the complete documentation index.
- Dark Mode (Theme switching)
- PWA Support (Offline-first Progressive Web App)
- More Tools: XML Formatter, Markdown Previewer, Diff Checker
- API Mode: Command-line interface for CI/CD integration
- Export/Import: Save tool configurations
See CHANGELOG.md for detailed version history.
This project is licensed under the MIT License.
MIT License
Copyright (c) 2025 WebDev-Tools.info
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
- Bootstrap Team — For the robust UI framework
- MDN Web Docs — For comprehensive web standards documentation
- IETF & ISO — For maintaining open, accessible technical standards
- Anthropic (Claude) — Primary development assistant
- OpenAI (GPT-5) — Code review and translation
- GitHub Copilot — Code completion support
- All users who provided feedback and bug reports
- Open-source community for libraries and frameworks
- Standards organizations for maintaining interoperability
- Website: https://webdev-tools.info/
- Issues: GitHub Issues
- Email: Contact Form
- Documentation:
Built with ❤️ using AI-assisted development
Privacy-First • Standards-Based • Developer-Focused