@slightlylate I'm sure you told someone so (a trait we share :-|) but what about security? Cc: @mvsamuel @ErikArvidsson @bradneuberg @wycats
-
-
Replying to @BrendanEich
@BrendanEich: that's the point. I'm already seeing innerHTML = .... bugs in sample code. /cc@mvsamuel@ErikArvidsson@bradneuberg@wycats4 replies 1 retweet 2 likes -
Replying to @slightlylate
@slightlylate@mvsamuel@ErikArvidsson@bradneuberg@wycats Withholding tagless template strings would've meant they'd do same with strings.2 replies 0 retweets 3 likes -
Replying to @BrendanEich
@BrendanEich : but now the *new* feature isn't any safer by default. /cc@mvsamuel@ErikArvidsson@bradneuberg@wycats1 reply 0 retweets 1 like -
Replying to @slightlylate
@slightlylate@mvsamuel@ErikArvidsson@bradneuberg@wycats Rejecting tagless template strings wouldn't reduce InnerHTML bugs. (I repeat.)3 replies 0 retweets 0 likes -
Replying to @BrendanEich
@BrendanEich: yes, repeatedly, without evidence; then advocated the fail-open choice /cc@mvsamuel@ErikArvidsson@bradneuberg@wycats1 reply 0 retweets 0 likes -
Replying to @slightlylate
@slightlylate@mvsamuel@ErikArvidsson@bradneuberg@wycats Evidence: your employer *mandates* tools to audit InnerHTML uses, no matter RHS.2 replies 0 retweets 0 likes -
Replying to @BrendanEich
@BrendanEich: I get paid to think about more than googler's interests. /cc@mvsamuel@ErikArvidsson@bradneuberg@wycats1 reply 0 retweets 2 likes -
Replying to @slightlylate
@slightlylate@mvsamuel@ErikArvidsson@bradneuberg@wycats that's dodging the argument. Why does Google mandate *innerHTML* auditing?2 replies 0 retweets 0 likes -
Replying to @BrendanEich
@brendaneich@slightlylate@mvsamuel@erikarvidsson@bradneuberg@wycats actually no auditing. We don't allow new usages at all.2 replies 1 retweet 2 likes
@cramforce @BrendanEich @slightlylate @mvsamuel @ErikArvidsson @bradneuberg exactly. People should use templates, not innerHTML.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.