Methodology & how each tool works
Every DevToolbox tool computes its result entirely in your browser using documented web standards and built-in JavaScript APIs — there is no server-side processing, so your input is never transmitted or stored. The table below names the exact standard or browser API behind each tool; results therefore match what your browser's own engine produces.
Data as of 2026-06-13.
Standards behind each tool
| Tool | Underlying standard / browser API |
|---|---|
| Base64 Encode / Decode | btoa / atob over UTF-8 bytes (TextEncoder/TextDecoder); RFC 4648 |
| JSON Formatter & Validator | JSON.parse + JSON.stringify (ECMA-404 / RFC 8259) |
| URL Encode / Decode | encodeURIComponent / encodeURI per the WHATWG URL standard |
| UUID v4 Generator | crypto.randomUUID() / crypto.getRandomValues(); RFC 4122 |
| Unix Timestamp Converter | JavaScript Date over the Unix epoch (seconds/milliseconds) |
| SHA Hash Generator | Web Crypto SubtleCrypto.digest (SHA-1/256/384/512), FIPS 180-4 |
| Slugify | Unicode NFKD normalization + diacritic stripping |
| JWT Decoder | Base64URL decode of header/payload (RFC 7519); no signature check |
Source: published specifications (RFC 4648, RFC 4122, RFC 7519, RFC 8259/ECMA-404, FIPS 180-4) and the WHATWG/W3C web platform APIs. Verified 2026-06-13.
Privacy model
Because all logic is client-side, the text you paste into a tool stays on your device. We do not log, transmit, or store tool input. Optional cookieless analytics may record anonymous page views only.
External data sources
None. The tools are purely client-side and depend on no external datasets or APIs at build time or run time.
Limitations
Tools depend on your browser's implementation of these APIs, so very old browsers may behave
differently or lack a feature (for example crypto.randomUUID). The JWT decoder does
not verify signatures, and the SHA generator is for integrity and fingerprinting, not for
password storage. See our disclaimer.