re: Todo-MVP: Or 'Why You Shouldn't Use A Web Framework' - The Revenge VIEW POST

FULL DISCUSSION
 

Your node.js implementation doesn't sanitize static file path, allowing an attacker to load any file from disk. Framework would have likely prevented that :)

That said, I also prefer to plug in individual libraries into my own architecture rather than hack around some framework's quirks or, God forbid, try to glue several of them together. Especially in the node ecosystem, which lacks real batteries included mega-frameworks a-la .NET.

Your approach in that todomvc code of doing everything from scratch is going a bit too far for my taste, though.

 

Your node.js implementation doesn't sanitize static file path, allowing an attacker to load any file from disk. Framework would have likely prevented that :)

Totally! It's definitely going too far. I'd probably add in a routing library too.

I'd love to see a pull request to add your Node implementation if you're up for it!

 

Sorry, it's not worth fixing IMO.

A framework that parses incoming requests and calls your code is exactly the right choice for the problem of responding to web requests at multiple endpoints. Not for every problem, but for this one, yes.

code of conduct - report abuse