Discussion on: Todo-MVP: Or 'Why You Shouldn't Use A Web Framework' - The Revenge

gypsydave5 profile image
David Wickes Author

Your node.js implementation doesn't sanitize static file path, allowing an attacker to load any file from disk. Framework would have likely prevented that :)

Totally! It's definitely going too far. I'd probably add in a routing library too.

I'd love to see a pull request to add your Node implementation if you're up for it!

panta82 profile image

Sorry, it's not worth fixing IMO.

A framework that parses incoming requests and calls your code is exactly the right choice for the problem of responding to web requests at multiple endpoints. Not for every problem, but for this one, yes.