then you may be able to do things like this I think <mesh-card id="card-123" hx-swap-oob="true"> <template shadowrootmode="open"> <link rel="stylesheet" href="/static/css/components/card.css" /> <div class="card"> <div…
Hey alex-moon one feature you had issues was that HTMX does not process server generated shadow DOM content because it uses the standard old DOM parser. Next point release should have…
The bug in 2.0.3 just breaks one default use case and where you pass in no source or target to the api so anyone using this feature their app broke on upgrade to 2.0.3 and they had to set a source explicitly or revert…
Actually this was just a stupid bug I introduced in 2.0.3 which was found soon after 2.0.3 shipped. I fixed a bug that allowed ajax api to target body and blow away your whole page in error if one of the selectors you…
https://github.com/MichaelWest22/htmx-extensions/tree/main/s... one great feature of htmx is how easy it is to understand and develop extensions for. I've just implemented this extension which allows safer handling of…
Yeah the risk here is very low unless they start hosting more complicated content later on. But it is not hosted on S3 and is actually hosted by AWS CloudFront with a S3 origin which now has a built in feature to set…
Lets dig in: Loading malicious fragments: This is in no way related to htmx and is the same for all web implementations because you don't go get possible script code from random untrusted domains you don't trust or…
Checks security headers for web server hosting article and finds a F with no headers set
then you may be able to do things like this I think <mesh-card id="card-123" hx-swap-oob="true"> <template shadowrootmode="open"> <link rel="stylesheet" href="/static/css/components/card.css" /> <div class="card"> <div…
Hey alex-moon one feature you had issues was that HTMX does not process server generated shadow DOM content because it uses the standard old DOM parser. Next point release should have…
The bug in 2.0.3 just breaks one default use case and where you pass in no source or target to the api so anyone using this feature their app broke on upgrade to 2.0.3 and they had to set a source explicitly or revert…
Actually this was just a stupid bug I introduced in 2.0.3 which was found soon after 2.0.3 shipped. I fixed a bug that allowed ajax api to target body and blow away your whole page in error if one of the selectors you…
https://github.com/MichaelWest22/htmx-extensions/tree/main/s... one great feature of htmx is how easy it is to understand and develop extensions for. I've just implemented this extension which allows safer handling of…
Yeah the risk here is very low unless they start hosting more complicated content later on. But it is not hosted on S3 and is actually hosted by AWS CloudFront with a S3 origin which now has a built in feature to set…
Lets dig in: Loading malicious fragments: This is in no way related to htmx and is the same for all web implementations because you don't go get possible script code from random untrusted domains you don't trust or…
Checks security headers for web server hosting article and finds a F with no headers set