An enterprise-grade, single-page, offline-first daily task tracker built with pure HTML5, CSS3 & vanilla JavaScript β now with built-in AES-256-GCM encryption for Import/Export. No frameworks, no CDN, no localStorage, no telemetry.
A professional, secure, and fully responsive web application for managing daily work tasks, priorities, statuses, and completion details. The entire app runs locally in your browser with zero external dependencies and zero outbound network calls β and your exported data can now be protected with strong, password-based encryption.
- Overview
- Live Demo
- Screenshots
- Key Features
- π Encryption (AES-256-GCM)
- Security Highlights
- Tech Stack
- Project Structure
- Getting Started
- Usage Guide
- Task ID Format
- Data Persistence
- Keyboard Shortcuts
- Browser Support
- Accessibility
- Roadmap
- Contributing
- License
- Disclaimer
- Author
Daily Work Follow-Up Tracker is a static, single-page web app designed for individuals and teams who want a lightweight, secure, and dependency-free way to track their daily tasks.
Itβs ideal for:
- π Daily standups & personal to-dos
- π§βπΌ Freelancers tracking client work
- π’ Internal corporate task tracking where cloud apps aren't allowed
- π Privacy-conscious users β your data never leaves your browser
- π Users who need encrypted backups of their task data
π Hosted on GitHub Pages:
https://boopathiskv.github.io/daily-work-tracker/
Just open index.html in any modern browser β no build step, no install.
- β Add / Edit / Delete tasks via clean popup modals
- π’ Auto-generated Task IDs from Start Date (
YYYYMMDD##format) - π Search across Task ID, Name, Priority, Category, Status, Remarks
- π― Filter by Priority (P1/P2/P3), Category (Work/Personal/Other), Status, or Overdue
- π Sort by Task ID, Due Date, Priority, or Status
β οΈ Overdue detection β tasks past Due Date with non-Completed status are highlighted
- Summary cards for:
- Total Tasks
- Not Started
- In Progress
- Waiting
- Completed
- Overdue
- π€ Export to JSON β download as plain or encrypted (
.enc.json) file - π₯ Import from JSON β auto-detects encrypted files and prompts for password
- π AES-256-GCM encryption with PBKDF2 key derivation (250,000 iterations)
- π Password strength meter (Weak β Strong) shown live
- ποΈ Clear All β with confirmation popup
- π‘οΈ 5MB import size limit & deep validation of every imported task
- πͺ Popup-based design β all messages, confirmations, and forms shown in modals
- π¨ Color-coded badges for Priority (red/orange/green) and Status (gray/blue/yellow/green)
- β‘ Smooth animations & professional enterprise-grade design
- π± Fully responsive β Desktop, Tablet & Mobile
- β¨οΈ ESC key support to close any modal
- π Dark-themed About / Info modal with full app metadata
This app provides military-grade, password-based encryption for your exported task data β fully client-side using the browser's built-in Web Crypto API. No external libraries, no servers, no compromises.
| Component | Implementation |
|---|---|
| Cipher | AES-GCM (256-bit key, authenticated encryption) |
| Key Derivation | PBKDF2 with SHA-256 |
| PBKDF2 Iterations | 250,000 |
| Salt | 16 bytes, randomly generated per file |
| IV (Nonce) | 12 bytes, randomly generated per file |
| Output Encoding | Base64 inside a portable JSON envelope |
| Tamper Detection | Built-in via AES-GCM authentication tag |
When you choose to encrypt, the exported file is a JSON envelope:
{
"format": "DWT-AES-GCM-1",
"algorithm": "AES-GCM-256",
"kdf": "PBKDF2-SHA256",
"iterations": 250000,
"salt": "base64-encoded-random-salt",
"iv": "base64-encoded-random-iv",
"data": "base64-encoded-ciphertext",
"createdAt": "2026-06-30T07:00:00.000Z"
}- The salt & IV are stored in the envelope (safe to do so)
- The password is NEVER stored anywhere
- The same password + same data will produce different ciphertext each time (because of random salt/IV)
- Open Data Options βΎ β Export JSON
- Tick β π Encrypt with password (AES-256-GCM)
- Enter a password (minimum 6 characters) and confirm it
- Watch the live password strength meter (Weak / Fair / Good / Strong)
- Click Download JSON
- The file is saved as
daily-work-tasks-YYYY-MM-DD.enc.json
- Open Data Options βΎ β Import JSON
- Choose your
.enc.jsonfile - App auto-detects the encrypted format and shows a π banner
- Enter the decryption password
- Click π Decrypt
- On success, the task preview appears β click Import Tasks to load
- π There is NO password recovery. If you forget the password, your encrypted data is permanently inaccessible.
- π Use a strong, unique password (length β₯ 12, mix of upper, lower, digits, symbols).
- π± Encryption/decryption happens entirely in your browser β the password never leaves your device.
- π‘οΈ The AES-GCM authentication tag will detect any tampering with the encrypted file.
- πΎ Always keep a backup of your encrypted exports in a safe location.
| Score | Label | Meaning |
|---|---|---|
| 1 | Weak | β₯ 8 chars |
| 2 | Fair | β₯ 12 chars |
| 3 | Good | Mix of upper & lower case |
| 4 | Strong | Includes digits & symbols |
This app was built with a security-first mindset:
| Protection | Implementation |
|---|---|
| Content Security Policy (CSP) | Strict meta-tag policy β only self-hosted resources |
| X-Content-Type-Options | nosniff |
| X-Frame-Options | DENY (prevents clickjacking) |
| Referrer-Policy | no-referrer |
| AES-256-GCM Encryption | Optional, password-based, authenticated encryption |
| PBKDF2 / 250K iterations | Strong key derivation to resist brute-force attacks |
No eval() / Function() |
Zero dynamic code execution |
No innerHTML with user data |
All user content rendered via textContent |
| Input sanitization | Trim, length-cap, and whitelist validation |
| Duplicate Task ID prevention | Auto-generated, conflict-checked |
| Safe JSON import | Wrapped in try/catch with strict schema validation |
| Tamper detection | AES-GCM authentication tag rejects modified files |
| Destructive action confirmation | Delete, Clear All, and Import require user confirmation |
| No external dependencies | Zero CDNs, zero third-party scripts |
| No tracking / analytics | Zero outbound network requests |
- HTML5 β semantic markup, ARIA roles, accessible labels
- CSS3 β CSS variables, Grid, Flexbox, responsive layouts, dark-themed modal
- Vanilla JavaScript (ES6+) β no frameworks, no libraries
- Web Crypto API β browser-native AES-GCM & PBKDF2 (no third-party crypto libs)
- JSON β for Import/Export persistence
- MIT License
daily-work-tracker/
βββ index.html # Main HTML file (all markup + modals)
βββ Css.css # Stylesheet (themes, layout, modals, responsive, encryption UI)
βββ encryption.js # AES-GCM encryption helpers (Web Crypto API)
βββ app.js # All application logic (CRUD, validation, IO, crypto integration)
βββ README.md # This file
That's it. No node_modules, no build tools, no config files.
π Important:
encryption.jsmust be loaded beforeapp.jsinindex.html:encryption.js " defer></script>
- Clone or download this repo
- Double-click
index.html - Done. β
# Python 3
python -m http.server 8080
# Node (with http-server installed globally)
npx http-server -p 8080Then open: http://localhost:8080
π‘ The Web Crypto API works on both
http://localhostandhttps://origins. If you serve over a non-secure origin (other than localhost),crypto.subtlewill be unavailable and encryption will fail.
- Push to your GitHub repo
- Settings β Pages β Source:
mainbranch, root folder - Visit
https://github.com/boopathiskv/daily-work-tracker/tree/V5.2
- Click
+ Add New Task(top-right of the header) - Fill in: Task Name, Priority, Category, Start Date, Due Date, Estimated Time, Status, etc.
- Task ID is generated automatically based on your Start Date
- Click Add Task β done!
- Click Edit on any row β form pre-fills β make changes β Update Task
- Click Delete on any row β confirmation popup β Delete
- Click Data Options βΎ β Export JSON
- (Optional) Tick π Encrypt with password (AES-256-GCM)
- Enter & confirm a password (min 6 chars)
- Watch the live strength meter
- Click Download JSON
- Plain file:
daily-work-tasks-YYYY-MM-DD.json - Encrypted file:
daily-work-tasks-YYYY-MM-DD.enc.json
- Plain file:
- Click Data Options βΎ β Import JSON
- Choose any
.jsonor.enc.jsonfile - App auto-detects encryption:
- Plain file β preview appears instantly
- Encrypted file β π banner + password field appear
- For encrypted files: enter password β click π Decrypt
- Review preview β click Import Tasks
β οΈ This replaces the current in-memory data.
- Click Data Options βΎ β Clear All β confirmation β done.
- Click the β icon in the header to view app version, features, security, license, etc.
Task IDs are auto-generated from the Start Date in the format:
YYYYMMDD + 2-digit sequence
Example: 2026063001, 2026063002, 2026063003, ...
- Up to 99 tasks per Start Date
- IDs are unique and conflict-checked
- Editing a task preserves its original ID
β οΈ Important: This app uses in-memory storage only β data is NOT saved tolocalStorage, cookies, or any server.
| Action | Effect |
|---|---|
| Refresh page | β All tasks are cleared |
| Close tab/browser | β All tasks are cleared |
| Export JSON | β Saves data as a plain or encrypted file |
| Import JSON | β Restores data (auto-decrypts if needed) |
π‘ Workflow: Import β Work β Export (encrypted, for safety)
A beforeunload warning will alert you if you try to close the tab with unsaved tasks.
| Key | Action |
|---|---|
ESC |
Close any open modal / dropdown |
Tab |
Navigate between form fields |
Enter |
Submit form in Add/Edit modal |
Enter |
Decrypt file (when password field focused) |
Tested and working on the latest versions of:
- β Google Chrome
- β Microsoft Edge
- β Mozilla Firefox
- β Apple Safari
- β Opera
- β Brave
Internet Explorer is not supported (Web Crypto API is not available). The encryption feature requires a browser with
crypto.subtlesupport β all modern browsers since 2017+ support it.
- Semantic HTML5 structure (
<header>,<main>,<section>,<footer>) - ARIA roles for modals, dropdowns, dialogs, and live regions
- Screen-reader-only labels (
.sr-only) on every input - Keyboard-friendly (ESC, Tab, Enter)
- Color choices meet WCAG AA contrast guidelines
- Password show/hide toggle for accessibility
Possible future enhancements:
- Optional
localStoragetoggle (opt-in, with encryption-at-rest) - Drag-and-drop import
- CSV export support (plain + encrypted)
- Bulk edit / bulk delete
- Multi-language (i18n)
- Print-friendly view
- Recurring tasks
- Custom categories & priorities
- PWA / Service Worker for full offline install
- Key-file (instead of password) encryption mode
- Argon2id support (modern KDF alternative)
Contributions, issues, and feature requests are welcome!
- Fork the repo
- Create a feature branch:
git checkout -b feature/awesome-feature - Commit your changes:
git commit -m 'Add awesome feature' - Push to the branch:
git push origin feature/awesome-feature - Open a Pull Request
Please ensure your code:
- Has no console errors
- Uses
addEventListener(no inline handlers) - Avoids
innerHTMLwith user input - Never logs passwords or plaintext to console
- Follows the existing code style
This project is released under the MIT License β see LICENSE for details.
MIT License β Free for personal and commercial use.
Software provided "AS-IS", without warranty of any kind.
This software is provided "AS-IS", without warranty of any kind, express or implied.
The author assumes no liability for:
- β Data loss (including loss due to forgotten encryption passwords)
- β Security breaches
- β Damages arising from use or misuse
You are solely responsible for:
- πΎ Backing up your JSON exports
- π Remembering your encryption passwords
- π Storing encrypted files in secure locations
π Cryptography disclaimer: While this app uses industry-standard algorithms (AES-256-GCM, PBKDF2), no encryption can protect against weak passwords. Always use a strong, unique password.
Boopathi Subramanian
- πΌ Role: Software Engineer
- π Location: Bengaluru, India
- π GitHub: @boopathiskv
- π¬ LinkedIn: linkedin.com/in/boopathiskv
If this project helped you, please consider giving it a β on GitHub β it means a lot!
Made with β€οΈ using pure HTML, CSS, JavaScript & Web Crypto API β no frameworks, no compromises.