loading...

Discussion on: Todo-MVP: Or 'Why You Shouldn't Use A Web Framework' - The Revenge

Collapse
panta82 profile image
panta82

Your node.js implementation doesn't sanitize static file path, allowing an attacker to load any file from disk. Framework would have likely prevented that :)

That said, I also prefer to plug in individual libraries into my own architecture rather than hack around some framework's quirks or, God forbid, try to glue several of them together. Especially in the node ecosystem, which lacks real batteries included mega-frameworks a-la .NET.

Your approach in that todomvc code of doing everything from scratch is going a bit too far for my taste, though.

Collapse
gypsydave5 profile image
David Wickes Author

Your node.js implementation doesn't sanitize static file path, allowing an attacker to load any file from disk. Framework would have likely prevented that :)

Totally! It's definitely going too far. I'd probably add in a routing library too.

I'd love to see a pull request to add your Node implementation if you're up for it!

Collapse
panta82 profile image
panta82

Sorry, it's not worth fixing IMO.

A framework that parses incoming requests and calls your code is exactly the right choice for the problem of responding to web requests at multiple endpoints. Not for every problem, but for this one, yes.