A good tool takes up more of my burden than it adds. A good tool does the same for the maintainer who comes after me.
If I know that I don't have to worry about a particular kind of failure, then I no longer bear the burden for avoiding that failure mode.
When an authz module checks that the request is authorized to access the requested resource, I bear no burden for access control.
When an autoescaping template encodes untrusted values for me, then I don't bear the burden for avoiding XSS.
When a library clearly outlines all the exceptions that can happen, my burden for error handling is easily understood.
When a client-side web framework uses eval on data attributes in the DOM, now I have to worry about new XSS vectors, so my burden is increased.
Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink.
Hide child comments as well
Confirm
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
A good tool takes up more of my burden than it adds. A good tool does the same for the maintainer who comes after me.
If I know that I don't have to worry about a particular kind of failure, then I no longer bear the burden for avoiding that failure mode.
When an authz module checks that the request is authorized to access the requested resource, I bear no burden for access control.
When an autoescaping template encodes untrusted values for me, then I don't bear the burden for avoiding XSS.
When a library clearly outlines all the exceptions that can happen, my burden for error handling is easily understood.
When a client-side web framework uses eval on data attributes in the DOM, now I have to worry about new XSS vectors, so my burden is increased.