@slightlylate @mvsamuel @ErikArvidsson @bradneuberg @wycats Evidence: your employer *mandates* tools to audit InnerHTML uses, no matter RHS.
-
-
Replying to @BrendanEich
@slightlylate@mvsamuel@ErikArvidsson@bradneuberg@wycats No safe-by-design in rejecting tagless, only less usability/same InnerHTML risk.1 reply 0 retweets 2 likes -
Replying to @BrendanEich
@BrendanEich : you keep saying that; I'll keep collecting instances of this#fail. Fair? /cc@mvsamuel@ErikArvidsson@bradneuberg@wycats4 replies 0 retweets 0 likes -
Replying to @slightlylate
@slightlylate@BrendanEich@mvsamuel@ErikArvidsson@bradneuberg@wycats I.e. String.raw`string: ${string}` *is* tagged, but you know...1 reply 2 retweets 2 likes -
Replying to @RReverser
@RReverser: You had to work to do that wrong. Friction matters. /cc@BrendanEich@mvsamuel@ErikArvidsson@bradneuberg@wycats1 reply 0 retweets 2 likes -
Replying to @slightlylate
@slightlylate Nope. It's rather work to find tag that *would* escape HTML.@BrendanEich@mvsamuel@ErikArvidsson@bradneuberg@wycats3 replies 0 retweets 0 likes -
Replying to @RReverser
@RReverser@slightlylate@BrendanEich@ErikArvidsson@bradneuberg@wycats See …http://js-quasis-libraries-and-repl.googlecode.com/svn/trunk/index.html …1 reply 1 retweet 2 likes -
Replying to @mvsamuel
@mvsamuel Oh cool, so it does exist on some internal page in the internet :)@slightlylate@BrendanEich@ErikArvidsson@bradneuberg@wycats1 reply 0 retweets 0 likes -
Replying to @RReverser
@mvsamuel But it's still work to do that right, not wrong.@slightlylate@BrendanEich@ErikArvidsson@bradneuberg@wycats2 replies 0 retweets 0 likes -
Replying to @RReverser
@RReverser: you missed the point: the tech designer's job is to rig the scales.@mvsamuel@BrendanEich@ErikArvidsson@bradneuberg@wycats2 replies 0 retweets 0 likes
@slightlylate @RReverser @mvsamuel @BrendanEich @ErikArvidsson @bradneuberg and HTML templates do that far better than string tags.
-
-
Replying to @wycats
@wycats : which is a fine answer; but not all will get there /cc@RReverser@mvsamuel@BrendanEich@ErikArvidsson@bradneuberg0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.