Pen Settings



CSS Base

Vendor Prefixing

Add External Stylesheets/Pens

Any URL's added here will be added as <link>s in order, and before the CSS in the editor. You can use the CSS from another Pen by using it's URL and the proper URL extention.

+ add another resource


Babel includes JSX processing.

Add External Scripts/Pens

Any URL's added here will be added as <script>s in order, and run before the JavaScript in the editor. You can use the URL of any other Pen and it will include the JavaScript from that Pen.

+ add another resource


Add Packages

Search for and use JavaScript packages from npm here. By selecting a package, an import statement will be added to the top of the JavaScript editor for this package.


Save Automatically?

If active, Pens will autosave every 30 seconds after being saved once.

Auto-Updating Preview

If enabled, the preview panel updates automatically as you code. If disabled, use the "Run" button to update.

Format on Save

If enabled, your code will be formatted when you actively save your Pen. Note: your code becomes un-folded during formatting.

Editor Settings

Code Indentation

Want to change your Syntax Highlighting theme, Fonts and more?

Visit your global Editor Settings.


                Check the console.




 * Generate a secure random string using the browser crypto functions
 * @return {String} A random string
function generateRandomString () {
	var array = new Uint32Array(28);
	return Array.from(array, dec => ('0' + dec.toString(16)).substr(-2)).join('');

 * Calculate the SHA256 hash of the input text
 * @param  {String}  plain The plaintext string
 * @return {Promise}       Resolves as a hash
function sha256 (plain) {
	const encoder = new TextEncoder();
	const data = encoder.encode(plain);
	return window.crypto.subtle.digest('SHA-256', data);

 * Base64-urlencode a string
 * @param  {String} str The unencoded string
 * @return {String}     The encoded string
function base64urlencode (str) {
	// Convert the ArrayBuffer to string using Uint8 array to conver to what btoa accepts.
	// btoa accepts chars only within ascii 0-255 and base64 encodes them.
	// Then convert the base64 encoded to base64url encoded
	// (replace + with -, replace / with _, trim trailing =)
	return btoa(String.fromCharCode.apply(null, new Uint8Array(str)))
		.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');

// Create and store a new PKCE code_verifier (the plaintext random secret)
let rand = generateRandomString();

// Hash and base64-urlencode the secret to use as the challenge
sha256(rand).then(function (hash) {
	let encoded = base64urlencode(hash);
  console.log(rand, hash, encoded);