Skip to content

Proposal: drop htmx #35059

@wxiaoguang

Description

@wxiaoguang

htmx is fun and handy for a small project, but it doesn't work well for a large one.

I can see some fundamental problems due to its fragile design:

  1. It supports automatically sending POST methods, but it doesn't support CSP nonce.
    • It makes the website under the XSS-like risk, attacker can inject and execute tags with hx-xxx attributes even if the CSP nonce is used
  2. It has unclear behaviors, e.g.: when reading a hx-xxx on an element, we are not able to know what happens in its parents
    • https://github.com/bigskysoftware/htmx/issues/2515
  3. Its loading & initialization behavior is quite strange, and unlikely to be fixed
    • https://github.com/bigskysoftware/htmx/pull/3365
  4. Its "hx script" support is fragile and unable to lint
  5. Developers should always remember to call htmx.process when modifying innerHTML/outerHTML, but it is frequently forgotten

And its size is similar to jQuery (not trivial), in Gitea's code base, we only use very a few of htmx's features, which can be implement by ourselves with a better design.

Metadata

Metadata

Assignees

No one assigned

    Labels

    type/proposalThe new feature has not been accepted yet but needs to be discussed first.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions