Developers Do NOT Understand the POWER Of HTMX

Поділитися
Вставка
  • Опубліковано 17 гру 2024

КОМЕНТАРІ • 65

  • @anthonygg_
    @anthonygg_  8 місяців тому

    ► 33% OFF on my Go + HTMX + Templ Course PRESALE bit.ly/3UFruxO
    ► Join my Discord community for free education discord.com/invite/Ac7CWREe58
    ► Exclusive Lessons, Mentorship, And Videos www.patreon.com/anthonygg_
    ► 60% OFF on my Golang course fulltimegodev.com
    Thanks for watching

  • @JT-mr3db
    @JT-mr3db 8 місяців тому +18

    HTMX is so absurdly simple that it threatens developers who are used to complex technical masturbation.
    It's pretty remarkable how far you can get with HTMX without needing a heavy UI framework.

  • @pythonantole9892
    @pythonantole9892 8 місяців тому +11

    One major problem with the web dev industry is that we have successfully been brainwashed to believe that if something is simple then its wrong, has a catch, is not secure, not safe etc etc. We now believe that a good solution must be complicated. We have developers building websites or apps that will never have more than 10,000 users saying they can't use technology X because technology X can't scale. We have become idiots. I did a Laravel + Livewire site to replace one that was aging and full of bugs from one of those frameworks that gets a new release every time it rains and "senior developers" kept asking how i pulled it off without React. It's like you can't build anything unless you use some hippy shiny, complicated and over engineered tool.

  • @roccociccone597
    @roccociccone597 8 місяців тому +23

    As a guy who hates Js and doesn’t like the whole frontend bs, HTMX is a god send. I can finally make highly reactive apps without or very little JS. I love it.

    • @coffeeintocode
      @coffeeintocode 8 місяців тому +1

      Same. Well said bro 👊

    • @511cvxzlugynskii3
      @511cvxzlugynskii3 7 місяців тому +1

      backends love it, frontend devs are trembling scared to death of losing their precious painting jobs

  • @amadeusm.7108
    @amadeusm.7108 8 місяців тому +13

    I strongly agree, why has everything to be so complicated today. The little Timmies don't even know about the olden ways. XHR, SOAP, etc. and NEVER trust the CLIENT.

  • @picatchumm64
    @picatchumm64 8 місяців тому +2

    Good morning,
    I agree, what is missing in my opinion are opensource examples of projects a little more complex than POCs, to see the full potential of HTMX, and for it to really take off.

  • @vitiok78
    @vitiok78 8 місяців тому +33

    HTMX is literally just HTML forms at its core. If you are a web developer and you don't know how to sanitize data coming from HTML forms you should be fired immediately...

    • @anthonygg_
      @anthonygg_  8 місяців тому +7

      See, we share the same opinions. Unless its error handling from http handlers 😂

    • @vitiok78
      @vitiok78 8 місяців тому +3

      @@anthonygg_ It is boring when all have the same opinions on everything)

    • @rodjenihm
      @rodjenihm 8 місяців тому +1

      How can I know that when I use 17 abstractions on top of it?

    • @vitiok78
      @vitiok78 8 місяців тому

      ​@@rodjenihmGit good)

    • @MrEnsiferum77
      @MrEnsiferum77 8 місяців тому

      I don't know how to sanitize html, but I know, design patterns, domain driven design, data structures etc... should I be fired?

  • @Raphael-jo1rp
    @Raphael-jo1rp 3 місяці тому

    "And if you don't get it, it's time to go back to the Mac Donald's job" 🤣

  • @Grahamaan27
    @Grahamaan27 8 місяців тому +1

    HTMX is just another framework you have to learn that is more limited than JavaScript. I'm personally just fine with lightly using JavaScript in my projects and not worrying about 3rd party imports

  • @damien309
    @damien309 8 місяців тому +1

    Well yes you must validate and sanitize user inputs, but that won’t guarantee your site is XSS proof. Not to mention that sanitizing for database storage is not the same as sanitizing for html output. The potential attack vector for XSS attacks is quite large actually.

  • @Qixiano
    @Qixiano 8 місяців тому

    What about CSRF protection? Could you share an example implementing this protection?
    Thanks

    • @jeffreysmith9837
      @jeffreysmith9837 7 місяців тому +1

      You can use hx-vals or hx-headers to send the csrf token

  • @Greemjou23
    @Greemjou23 8 місяців тому +7

    My man casually leaks creds

    • @anthonygg_
      @anthonygg_  8 місяців тому +10

      You can help debug the staging with us now

  • @licokr
    @licokr 7 місяців тому

    They may get a wrong idea coming from updating the whole html of htmx. The point is that the frontend is cooperation with a trustful team member, not with a stranger. If you're working with go, templ and they're one proj. Sanitization is supposed to be done from the server side. Nowadays, there are lots of double works by dividing two sides, frontend and backend. It might be needed depending on some factors, teams, people or whatever. I guess there might be some projects sanitization is done in front side and the api responses then the full data, maybe that's why they think that, you know they only see onside..or they're just confused the concept. I could imagine one situation, the backend is broke down by some hacks and the code was changed and responded the vulnerable code to the clients. Somehow, the frontend code is saved, only the backend is broke down. Let's say the two parts were dividing from different servers. Hmm.... then ja maybe... If you‘re writing the whole code in a project like golang templ stack, it would not be consideration though. Let's say there are pure htmx client project and go lang server... somehow the server is broken and some body changed the code to hijacking clients' data without them knowing. So.. vulnerable html code is loaded to client's side and they're hacked and no body knows... and could say it's XSS vulnerability..... no.. it's wrong from the first place. There are so many considerations cause it's already broke down it's not about htmx, it's the problem regarding security. I made myself complicated lol. Thanks for the video. I subscribed 👍 I was thinking of using htmx for the next project and that you've done your service with htmx gives me a lot of trust to htmx. Thanks! I will go look for a Mcdonald's job.

  • @RA-xx4mz
    @RA-xx4mz 8 місяців тому +1

    I’ve been using HTMX/Templ/Golang to construct an MVP for an ad tech platform.
    It’s a very clean way to make things.
    It’s nice not to have to write a whole state management cycle. If I want to update something, I can update it and just target the dom element I want to swap with the new data.
    You forgot the hx-trigger on the button btw.
    :p

    • @SandraWantsCoke
      @SandraWantsCoke 8 місяців тому

      Hey, can you tell me: I have huge troubles with auto imports into templ files (I need types for the props the component receives). They basically almost never work. I have to literally type them in manually. It's just pain in the azz to use it seems. Did you have a similar experience?

    • @RA-xx4mz
      @RA-xx4mz 8 місяців тому

      @@SandraWantsCoke auto imports are handled by your editor. Make sure you have the right plugins installed to help with that.
      I have trouble with some auto imports because I have similarly named packages/subpackages. Not always a problem, but sometimes. 🤷‍♀️

    • @SandraWantsCoke
      @SandraWantsCoke 8 місяців тому

      @@RA-xx4mz I have the right tools installed, I only have problems inside .templ files. They are not .go files and hence are probably handled differently? And I've had these problems on different machines

    • @RA-xx4mz
      @RA-xx4mz 8 місяців тому

      @@SandraWantsCoke Couldn’t really tell you. 🤷‍♀️

  • @zevo92
    @zevo92 8 місяців тому +1

    I love the brutal honesty:X

  • @dulranga_2
    @dulranga_2 8 місяців тому +1

    cheers grandma!!

  • @manfrombritain6816
    @manfrombritain6816 8 місяців тому +3

    "why are you going to over-complicate it?"
    cos of the people who pay for the product and the people who pay the salaries 😂

  • @doichev-kostia
    @doichev-kostia 8 місяців тому

    But we’re doing the same thing right now. The API sends you JSON, you map the data to JS objects with a fancy name JSX, and then in runtime those JS objects are inserted in DOM as HTML elements
    Same thing, but with quite some steps :)
    You can send CSV files from the API, if your client can handle it, the question is why?

  • @jugurtha292
    @jugurtha292 8 місяців тому +1

    what if someone’s purpose to attack the client not the server?

    • @Ry4nWTF
      @Ry4nWTF 8 місяців тому

      tf u mean attack the client?? google chrome??

    • @damien309
      @damien309 8 місяців тому +1

      With XSS attacks, the client is the main target

    • @jugurtha292
      @jugurtha292 8 місяців тому

      Clients are the main target of xss attacks not servers

  • @pythic-nl
    @pythic-nl 8 місяців тому +2

    .. it's time to get back to the MC Donalds job ... hahahaha ... lekker man ..

  • @anticaleksandar8708
    @anticaleksandar8708 8 місяців тому +2

    Hi Anthony, youre not 100% right about xss, its not only the Backend that need so be safe. Can we make a deal, i will teach you xss techniques and you can teach me Golang interfaces. 🤗 best regards, Aleks

  • @javadahmadian7782
    @javadahmadian7782 8 місяців тому +2

    💯 yeah that's right

  • @brickmastertube
    @brickmastertube 8 місяців тому

    5:47 😂😂😂

  • @axMf3qTI
    @axMf3qTI 8 місяців тому +3

    Htmx is not that hard to understand. It's like html frames back in the days.. have the nav in one frame and have it load the content in an other frame by doing a get request.

  • @naranyala_dev
    @naranyala_dev 8 місяців тому

    req: in-depth htmx and golang

  • @Omniwoof
    @Omniwoof 8 місяців тому +1

    McDonald's said they won't take me back. :(

  • @hjnp
    @hjnp 8 місяців тому +1

    💯 agree

  • @jibreelkeddo7030
    @jibreelkeddo7030 7 місяців тому

    I love HTMX too, but you are being a little too dismissive of the XSS risk. You can deploy the safest possible backend API sanitizer today in 2024, retire tomorrow, and then have 20 XSS exploits discovered about your backend of choice in the next year leading to all of your customers having their payment information stolen and ruining your business. I hope we can start seeing more advanced client-side security validation features for future versions HTMX.

  • @eduardabramovich1216
    @eduardabramovich1216 8 місяців тому

    Anthony, have you tried Elm before? If not, would you consider exploring the language in one of your videos?

  • @nick_ap
    @nick_ap 8 місяців тому

    That is very interesting, thanks, Anthony

  • @krispekla
    @krispekla 8 місяців тому

    HTMX is definitely powerful but! I still cannot recommend it because of whole UI libs that exist in React, Vue etc. ecosystem that make my life easier as I don't want to write everything from scratch (I don't think here about simple cmpnts like btns, inputs but more complex, see for example prime-react lib ).

    • @steven11101010
      @steven11101010 8 місяців тому +3

      Do you have examples of the UI libs that make your life easier? I'd wager they make your life easier because you are using React in the first place. Whereas, if you don't use it, you won't need a lib to fix its unnecessary complexity.

    • @krispekla
      @krispekla 8 місяців тому

      @@steven11101010 I mentioned prime react for ui lib. I am not fond of implementing autocomplete, date-pickers, table etc. I much prefer out of the box sane defaults + creating wrapper components. I am interested in htmx, how would you approach creating all this components if you don’t have much time, lets say autocomplete

  • @meyou118
    @meyou118 8 місяців тому

    a script hijacks "hx-get"?

    • @WinterWeaver
      @WinterWeaver 8 місяців тому

      How are you going to get that script into the page? no. 1 rule of thumb is to never trust user data, which is why we sanitize on the backend.