Conversation

Notices

1. Embed this notice
   Sexy Moon (moon@shitposter.club)'s status on Tuesday, 08-Aug-2023 04:50:02 JST Sexy Moon
   has anybody used htmx https://htmx.org/ what do you think?
   • Embed this notice
     waka (wakarimasen@shitposter.club)'s status on Tuesday, 08-Aug-2023 04:59:57 JST waka

     in reply to

     @Moon Seems like a potential footgun because it completely bypasses CSP. (They do warn about that in the docs though.)

     Sexy Moon likes this.
   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Tuesday, 08-Aug-2023 05:00:05 JST Sexy Moon

     in reply to

     • waka
     @wakarimasen yeah I am thinking it's not worth it.
   • Embed this notice
     Iridium Zeppelin (bananarama@mstdn.social)'s status on Tuesday, 08-Aug-2023 05:44:00 JST Iridium Zeppelin

     in reply to

     @Moon I think Aral Balkan uses it pretty extensively. I think it's a big improvement and covers almost every single use case of javascript that I used to use. Anything that's more complex than that, I'm writing in WASM now anyway.

     Sexy Moon likes this.
   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Tuesday, 08-Aug-2023 05:44:15 JST Sexy Moon

     in reply to

     • Iridium Zeppelin
     @bananarama wasm, interesting. what kind of things are you doing with wasm specifically?
   • Embed this notice
     Iridium Zeppelin (bananarama@mstdn.social)'s status on Tuesday, 08-Aug-2023 05:59:50 JST Iridium Zeppelin

     in reply to

     @Moon I'm learning it to replace native UIs I would have otherwise written in XAML (WPF/UWP), Tcl/Tk or Qt.

     Sexy Moon likes this.
   • Embed this notice
     Sexy Moon (moon@shitposter.club)'s status on Tuesday, 08-Aug-2023 06:00:50 JST Sexy Moon

     in reply to

     • Iridium Zeppelin
     @bananarama if you happen to have any public code you could share I would love to see it! I am curious about using wasm this way. If not that's fine too though.
   • Embed this notice
     waka (wakarimasen@shitposter.club)'s status on Tuesday, 08-Aug-2023 18:51:45 JST waka

     in reply to

     • 御shp :blobshp:
     @shpuld @Moon In theory yes, in practice it's always easy to accidentally have something slip through (it happened to Pleroma, too!) and that's exactly why CSP exists in the first place. The «alternative» proposed in the docs (hx-disable) is also very easily bypassed.
     
     I'm not saying it's inherently insecure, just that it has footgun potential. It seems like a cool idea otherwise. I kind of want to try it with something like TailwindCSS and see how far I can get only writing HTML.
   • Embed this notice
     御shp :blobshp: (shpuld@shpposter.club)'s status on Tuesday, 08-Aug-2023 18:51:45 JST 御shp :blobshp:

     in reply to

     • waka
     @wakarimasen @Moon yeah same, which pivots me more into backend despite being a frontend guy in general, feels powerful
     Sexy Moon likes this.
   • Embed this notice
     御shp :blobshp: (shpuld@shpposter.club)'s status on Tuesday, 08-Aug-2023 18:51:47 JST 御shp :blobshp:

     in reply to

     • waka
     @wakarimasen @Moon it's pretty overblown it seems, sanitizing any user created html is essential regardless of what you use