it is easier to be insecure than secure. To get security we need to change that.
-
-
Replying to @slekies @kkotowicz and
we should make insecure things hard/impossible and secure ways easy and convenient.
1 reply 0 retweets 2 likes -
Replying to @slekies @kkotowicz and
remove everything that causes vulns (innerHTML) and provide good alternatives
2 replies 0 retweets 1 like -
Replying to @slekies @kkotowicz and
I vote for an innerHTML with ES6 templates: somediv.setInnerHTML`<b data-x=${x}>${someText}</b>`
3 replies 1 retweet 1 like -
(I mostly meant this as "IMO this is how the API should look to make it easy to understand+use")
1 reply 0 retweets 0 likes -
Replying to @tehjh @kkotowicz and
alternative: e.setInnerHTML("<b>$1</b>", hi) where the string is compile-time constant or a safe type
2 replies 0 retweets 0 likes -
Replying to @slekies @kkotowicz and
IMO, from experience with printf() in C, format strings are ugly, especially with multiple elements
1 reply 0 retweets 0 likes -
gets hard to keep track of which placeholder corresponds to which argument if you have many
1 reply 0 retweets 0 likes -
Replying to @tehjh @kkotowicz and
agreed. It could also be an HTML builder instead.
1 reply 0 retweets 0 likes -
Replying to @slekies @kkotowicz and
HTML builder? you mean like .appendFixed(), .appendDynamic(), ...?
2 replies 0 retweets 0 likes
I think that wouldn't be used much. I've used innerHTML in the past because the code is so dense.
-
-
Replying to @tehjh @kkotowicz and
yes, I guess this requires some thoughts.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.