|
|
|
|
|
|
by weavejester
1728 days ago
|
|
|
If the compiler is separating server-side code from client-side code, then it's also separating out symbol bindings as well. So it knows where symbols are bound, and where they are referenced, and it can use this to limit information flow. For example: (client
(let [token (get-client-token)]
(server
(let [username (get-username db token)]
(client
(dom/p "Hello " username))))))
The compiler can infer that token is defined on the client, then sent to the server, which in turn defines username and sends that back to the client.It's the same system you'd use in normal server/client architecture, just inlined. |
|
|
That does mean you are trusting the library to implement these macros correctly. In that sense, data security for these symbol bindings is a responsibility of the library, and therefore a risk, as is called out lower on the page.
Once the library is complete however, and a larger part of the community has been able to inspect it, this type of bug should not be an issue. It's one of the most fundamental concerns of the library.