Message from JavaScript discussions

November 2018

— Easy to see when things are done overly complex and wrong


I do not understand how you can say that without knowing what I'm doing or anything ... If you had given some solution like this so simple that I just put maybe would allow you to judge me, but you gave me no solution, you only thought blindly without contributing anything .

— But it does not matter, thanks for trying. 👍🏻

— 1. There is no reason for a server to unescape HTML while sending it through a websocket to be processed by JS

2. There is no reason why it would encode double quotes into single quotes during a proper unescaping process.

3. Sending HTML through websockets suggests you have more problems, like constructing DOM elements post pageload from strings, which have serious performance problems.

Message permanent page

— 4. There is no reason for the HTML to have been stored as escaped HTML in the first place on the server, suggests huge input validation problems that stem from when this HTML was originally collected or entered.

Message permanent page

— And because of 1 AND because of 4, it's an obvious call to assume that ALL the stored HTML is unsafe and cannot be used for displaying, especially not if it contains any type of user-entered data

Message permanent page

— 1 and 4 is like painting your walls blue because you're gonna paint them red later

— Doesn't make sense

— Or like buying an apple and wrapping it in paper so you can unwrap it after

— And 2 is like wrapping it in a shitty way, so half of the apple is still showing

— Well what I see is that you judge colors with the ear.

— My ears are tuned with experience