Techly NewsGet the app

Get the latest tech news

htmx Web Security Basics


htmx gives you access to AJAX, CSS Transitions, WebSockets and Server Sent Events directly in HTML, using attributes, so you can build modern user interfaces with the simplicity and power of hypertext htmx is small (~14k min.gz’d), dependency-free, extendable, IE11 compatible & has reduced code base sizes by 67% when compared with react

Only call routes you control Always use an auto-escaping template engine Only serve user-generated content inside HTML tags If you have authentication cookies, set them with Secure, HttpOnly, and SameSite=Lax LanguageTemplate EngineEscapes HTML by default?JavaScriptNunjucksYesJavaScriptEJSYes, with<%= %> PythonDTLYesPythonJinja Sometimes(Yes, in Flask)RubyERBYes, with<%= %> PHPBladeYesGohtml/templateYesJavaThymeleafYesRustTeraYesThe kind of vulnerability this prevents is often called a Cross-Site Scripting (XSS) attack, a term that is broadly used to mean the injection of any unexpected content into your webpage. Don’t call untrusted routes Use an auto-escaping template engine Only put user-generated content inside HTML tags Secure your cookies

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Web Security Basics

Web Security Basics

« Why Star Fox co-creator Takaya Imamura left Nintendo and created Omega 6 | interview
Infisical (YC W23) Is Hiring Developers Who Love Writing »