Y
Hacker News
new
|
ask
|
show
|
jobs
by
hombre_fatal
248 days ago
Though that's like adding `<div>{escapeHtml(value)}</div>` everywhere you ever display a value in html to avoid xss.
If you have to opt in to safe usage at every turn, then it's an unsafe way of doing things.
1 comments
stonogo
248 days ago
I don't disagree but "it's not possible for xxx to be used securely" is a long way from "it's cumbersome and tedious to use xxx securely"
link
rendaw
247 days ago
If using it securely requires you to never ever forget, even once, I'd agree with GP.
link
JasonSage
248 days ago
But "it's not possible for xxx to be used securely" is a better premise if it deflects people who can't do it correctly.
link
stonogo
248 days ago
Lying to people because you think you're smarter than them is bad policy.
link