You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This was brought up in our discussion of @openinf/util-md-table (as an example) where we have a function that transforms some arbitrary user-provided text in string form. The project's security support has expired, and there are minimal users (even fewer in production, if any), so feel free to speak freely and frankly about any security weaknesses or product defects, etc.
In the Twitter thread that sparked this issue, i mentioned that i was torn btwx two competing function naming conventions:
textTransform
safeTextTransform
… where the safeTextTransform rendition of the API would perform (at minimum) additional string normalization string retokenization for the passed input while the fast rendition of this API would only perform the same run-time type checking of arguments as its secure counterpart. This is a very simple example but would like to get this issue opened sooner rather than later and intend to add additional examples and competing schools of thought shortly.
This was brought up in our discussion of @openinf/util-md-table (as an example) where we have a function that transforms some arbitrary user-provided text in string form. The project's security support has expired, and there are minimal users (even fewer in production, if any), so feel free to speak freely and frankly about any security weaknesses or product defects, etc.
In the Twitter thread that sparked this issue, i mentioned that i was torn btwx two competing function naming conventions:
textTransform
safeTextTransform
… where the
safeTextTransform
rendition of the API would perform (at minimum) additionalstring normalizationstring retokenization for the passed input while the fast rendition of this API would only perform the same run-time type checking of arguments as its secure counterpart. This is a very simple example but would like to get this issue opened sooner rather than later and intend to add additional examples and competing schools of thought shortly.Thanks!
/cc @LeaVerou @cynthia
The text was updated successfully, but these errors were encountered: