Programmer Humor

32078 readers

289 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

cat_programmer@lemmy.ml

482

Single-Page Application (lemmy.ml)

submitted 7 months ago by Ephera@lemmy.ml to c/programmerhumor@lemmy.ml

117 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] fuzzzerd@programming.dev 2 points 7 months ago (1 children)

I felt like I had a good understanding of both htmx and csp, but after this discussion I'm going to have to read up on both because both of you are making a logically sound argument to my mind.

I'm struggling to see how htmx is more vulnerable than say react or vue or angular, because with csp as far as I can tell I can explicitly lock down what htmx can do, despite any maliciously injected html that might try to do otherwise.

Thanks for this discussion 🙂

[–] rwhitisissle@lemmy.world 1 points 7 months ago

CSP works on the browser API level - all HTMX does is what you could do yourself with any AJAX: send an HTTP request to an endpoint. If the CSP disallows that endpoint, it will fail.