@RReverser @slightlylate @mvsamuel @BrendanEich @ErikArvidsson @bradneuberg proposal was to remove the tagless form "to make people think"
-
-
Replying to @wycats
@wycats Hope it's clear now that it doesn't solve anything.@slightlylate@mvsamuel@BrendanEich@ErikArvidsson@bradneuberg2 replies 0 retweets 1 like -
Replying to @RReverser
@wycats And tagless form is about concatenation unrelatedly to DOM.@slightlylate@mvsamuel@BrendanEich@ErikArvidsson@bradneuberg3 replies 0 retweets 1 like -
Replying to @RReverser
@wycats I.e. innerHTML doesn't matter when substituting strings in Node.@slightlylate@mvsamuel@BrendanEich@ErikArvidsson@bradneuberg1 reply 0 retweets 2 likes -
Replying to @RReverser
@RReverser: hahahahahahahaha....oh god it hurts /cc@wycats@mvsamuel@BrendanEich@ErikArvidsson@bradneuberg3 replies 0 retweets 1 like -
Replying to @slightlylate
@slightlylate dude, that’s not ok.@RReverser@wycats@mvsamuel@BrendanEich@ErikArvidsson@bradneuberg1 reply 0 retweets 3 likes -
Replying to @rwaldron
@rwaldron : which, the bit where@RReverser casually ignored how xss & sqli happen in most server environments? Agree.2 replies 0 retweets 1 like -
Replying to @slightlylate
@slightlylate@rwaldron Dunno why you decided so, but of course you can laugh at me instead of asking / discussing / clarifying...1 reply 0 retweets 0 likes -
Replying to @RReverser
@RReverser@rwaldron : i explained myself; string concat leads to xss, sqli, ldapi, etc. There is rarely "just adding strings".2 replies 0 retweets 1 like -
Replying to @slightlylate
@slightlylate@rwaldron `${__dirname}/...`, `[${date}]:$logMsg`, `Assertion failed: ${cond}` etc. - it's all "just adding strings".1 reply 0 retweets 0 likes
@RReverser @rwaldron : which is exactly why the language should keep you from doing that "naked". You should be using a formatter to escape
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.