top | item 36089381

(no title)

1lint | 2 years ago

If we don't care about the UX, then it would be more "convenient" for the developer to just not write the program in the first place.

Using string templating makes the DX better without compromising UX, since users just see the rendered output. Implementing bad/nonexistent web security also makes the DX easier since there's simply fewer features to implement, but this obviously has negative consequences on UX when folks have their accounts/credentials easily stolen.

discuss

yencabulator|2 years ago

Using string templating for HTML is bad/nonexistent web security, so by your argument it does compromise UX.

1lint|2 years ago

By your argument, everyone using string templating for HTML has bad/nonexistent web security. I disagree.

tomjakubowski|2 years ago

Not really. Lots of template engines escape and/or sanitize interpolated expressions, according to the context, by default.