Proposal: drop htmx

[wxiaoguang]

htmx is fun and handy for a small project, but it doesn't work well for a large one.

I can see some fundamental problems due to its fragile design:

1. It supports automatically sending POST methods, but it doesn't support CSP nonce.
   • It makes the website under the XSS-like risk, attacker can inject and execute tags with hx-xxx attributes even if the CSP nonce is used
2. It has unclear behaviors, e.g.: when reading a hx-xxx on an element, we are not able to know what happens in its parents
   • https://github.com/bigskysoftware/htmx/issues/2515
3. Its loading & initialization behavior is quite strange, and unlikely to be fixed
   • https://github.com/bigskysoftware/htmx/pull/3365
4. Its "hx script" support is fragile and unable to lint
5. Developers should always remember to call htmx.process when modifying innerHTML/outerHTML, but it is frequently forgotten
   • Fix various Fomantic UI and htmx problems #33851
   • I added the htmx.process in Partially refresh notifications list #35010 (a646b32)

And its size is similar to jQuery (not trivial), in Gitea's code base, we only use very a few of htmx's features, which can be implement by ourselves with a better design.

[stuzer05]

Is it possible te make entire UI in vue as single app?

[lunny]

Is it possible te make entire UI in vue as single app?

I think it’s reasonable to use SPA for settings and admin pages, but not for publicly accessible pages, for the following key reasons:

• SPA increases initial loading time, which can negatively affect user experience.
• It’s not SEO-friendly, making public content harder to index and discover.
• It requires significant effort, but the benefits are unclear.

Therefore, I suggest we rewrite the current HTMX-based components using Vue - but only for these pages, not the entire site.

[wxiaoguang]

cc @silverwind @yardenshoham

[yardenshoham]

I think it adds enough value to the end-user to be worth the maintenance burden. I also recognize there is a maintenance burden, and it looks like I am the only one comfortable with it. For that reason, I will not block an htmx removal effort.

[wxiaoguang]

Yep, it does add enough value, and I think "which can be implement by ourselves with a better design", then no maintenance burden.

[silverwind]

I never liked it. It's designed for the use case of js-less apps, but we have js and we can do better.