-
-
Notifications
You must be signed in to change notification settings - Fork 5.9k
Open
Labels
type/proposalThe new feature has not been accepted yet but needs to be discussed first.The new feature has not been accepted yet but needs to be discussed first.
Description
htmx is fun and handy for a small project, but it doesn't work well for a large one.
I can see some fundamental problems due to its fragile design:
- It supports automatically sending POST methods, but it doesn't support CSP nonce.
- It makes the website under the XSS-like risk, attacker can inject and execute tags with
hx-xxx
attributes even if the CSP nonce is used
- It makes the website under the XSS-like risk, attacker can inject and execute tags with
- It has unclear behaviors, e.g.: when reading a
hx-xxx
on an element, we are not able to know what happens in its parentshttps://github.com/bigskysoftware/htmx/issues/2515
- Its loading & initialization behavior is quite strange, and unlikely to be fixed
https://github.com/bigskysoftware/htmx/pull/3365
- Its "hx script" support is fragile and unable to lint
- Developers should always remember to call
htmx.process
when modifyinginnerHTML/outerHTML
, but it is frequently forgotten- Fix various Fomantic UI and htmx problems #33851
- I added the
htmx.process
in Partially refresh notifications list #35010 (a646b32)
And its size is similar to jQuery (not trivial), in Gitea's code base, we only use very a few of htmx's features, which can be implement by ourselves with a better design.
lunny, lafriks, silverwind and hiifongstuzer05 and lafriks
Metadata
Metadata
Assignees
Labels
type/proposalThe new feature has not been accepted yet but needs to be discussed first.The new feature has not been accepted yet but needs to be discussed first.