I do a lot of systems and backend programming and HTMX is the only way I can actually be productive with frontend work when I have to do it. It’s so simple and straightforward.
Gotcha! I’ll have to look into it. I heard of it being used with Rust, which is probably the only lang I want to use for backend anymore. If it minimizes JS boilerplate, that’s a big win.
I’ve only ever heard anything “bad” about HTMX and it was here on Lemmy, actually. I ran into someone who was absolutely certain that HTMX was unsafe by design because it leveraged HTML over the wire and was therefore susceptible to HTML injection attacks, specifically by injecting malicious scripts that could be ran from domains you didn’t control. I tried explaining that proper utilization of access-control headers innately prevented this because they worked on the browser level and couldn’t be intercepted or interfered with by HTML injection by design, but he kept insisting it was unsafe while refusing to elaborate. He was very wrong, of course, but also very confident.
my favorite JS framework is HTMX for making me write less JS or even none at all.
I do a lot of systems and backend programming and HTMX is the only way I can actually be productive with frontend work when I have to do it. It’s so simple and straightforward.
Me too! I’ve been working with JS for more than 10 years but HTMX + Go has been a welcome transition.
Wait are people writing Go for frontend code now? Or do you mean just replacing the node back end with Go?
I was specifying my backend of choice to pair with HTMX.
Gotcha! I’ll have to look into it. I heard of it being used with Rust, which is probably the only lang I want to use for backend anymore. If it minimizes JS boilerplate, that’s a big win.
I’ve heard nothing but good things about HTMX. I might have to play around just to get a feel.
I’ve only ever heard anything “bad” about HTMX and it was here on Lemmy, actually. I ran into someone who was absolutely certain that HTMX was unsafe by design because it leveraged HTML over the wire and was therefore susceptible to HTML injection attacks, specifically by injecting malicious scripts that could be ran from domains you didn’t control. I tried explaining that proper utilization of access-control headers innately prevented this because they worked on the browser level and couldn’t be intercepted or interfered with by HTML injection by design, but he kept insisting it was unsafe while refusing to elaborate. He was very wrong, of course, but also very confident.