I’ve only ever heard anything “bad” about HTMX and it was here on Lemmy, actually. I ran into someone who was absolutely certain that HTMX was unsafe by design because it leveraged HTML over the wire and was therefore susceptible to HTML injection attacks, specifically by injecting malicious scripts that could be ran from domains you didn’t control. I tried explaining that proper utilization of access-control headers innately prevented this because they worked on the browser level and couldn’t be intercepted or interfered with by HTML injection by design, but he kept insisting it was unsafe while refusing to elaborate. He was very wrong, of course, but also very confident.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !programmerhumor@lemmy.ml
Post funny things about programming here! (Or just rant about your favourite programming language.)
Rules:
Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.
I’ve heard nothing but good things about HTMX. I might have to play around just to get a feel.
I’ve only ever heard anything “bad” about HTMX and it was here on Lemmy, actually. I ran into someone who was absolutely certain that HTMX was unsafe by design because it leveraged HTML over the wire and was therefore susceptible to HTML injection attacks, specifically by injecting malicious scripts that could be ran from domains you didn’t control. I tried explaining that proper utilization of access-control headers innately prevented this because they worked on the browser level and couldn’t be intercepted or interfered with by HTML injection by design, but he kept insisting it was unsafe while refusing to elaborate. He was very wrong, of course, but also very confident.