Y
Hacker News
new
|
ask
|
show
|
jobs
by
max_
435 days ago
How does this compare to HTMX (security wise)?
2 comments
sudodevnull
435 days ago
Same, you control your signals and fragments. So you are responsible for proper escaping and thoughtful design.
link
j13n
435 days ago
You can disable all use of eval with htmx. The tradeoff is one has to write a bit more JavaScript.
https://news.ycombinator.com/item?id=43650921
link
sudodevnull
435 days ago
I have thoughts about a fully compliant CSP middleware, problem is it's per language so I'd probably only make for Go (maybe PHP & TS)
link
geoka9
435 days ago
Hashes or nonces?
link
sudodevnull
435 days ago
Hashed script content
link
geoka9
435 days ago
Thank you for doing this. Is it possible to follow the work somewhere?
link
sudodevnull
434 days ago
Not right now. CSP in a Datastar context is mostly a red herring. If an enterprise wants it to check a box then please reach out.
link