> It happened with Next.js as well It's the same vulnerabilities because Next uses the vul...

rounce • last Friday at 1:13 AM • 1 reply • view on HN

> It happened with Next.js as well

It's the same vulnerabilities because Next uses the vulnerable parts of React.

Your rational is quite poor as I can write an isomorphic web app in C or Rust or Go and run parts in the browser, what then? Look, many of us also strongly dislike JavaScript but generally that distaste is based on its actual shortcomings and failures, you don't have to invent new ones plenty already exist.

Replies

ashishb • last Friday at 1:49 AM

> I can write an isomorphic web app in C or Rust or Go and run parts in the browser, what then?

If you have a single codebase for Go-based code running in an untrusted browser (the "toilet") and a trusted backend (the "kitchen"), then the same contamination is highly likely.

alt Hacker News

Replies