Мне нравится направление, в котором движутся React и Next.js: нативные формы, Server Actions, меньше клиентского JavaScript, больше progressive enhancement.На уровне идеи это очень красиво.Но как только форма становится сложнее, чем одно поле email, выясняется, что вокруг нее снова появляется много однотипного glue code. Читать далее
«We set up a telephone connection between us and the guys at SRI...», Kleinrock… said in an interview: «We typed the L and we asked on the phone, „Do you see the L?“» «Yes, we see the L,» came the response. «We typed the O, and we asked, „Do you see the O.“» «Yes, we see the O.» «Then we typed the G, and the system crashed»… Yet a revolution had begun... The beginning of the internet. Читать дальше →
Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and…
neos/forms is an open source framework to build web forms. By crafting a special `GET` request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form Finishers cause side effects even if no form values have been sent. Form Finishers can be adjusted in a way that they only execute an action if the submitted form contains some expected data. Alternatively a…