« Return to Thread: Not quite getting it.
Re: Not quite getting it.
by Phillip Gawlowski
::
Rate this Message:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Roger Alsing wrote:
|> In a sane way: Once the potential gets realized, the code gets adjusted.
|>
|> Or do you guard against XSS when your application isn't supposed to be
|
| Absolutely, I'm all with you on that one.
|
| BUT:
|
| The chance that others than yourself will be interacting with your code
| is fairly big if you do anything else than hobby coding for your self.
Call me naive, but I think that developers are able to read
documentation, unit-tests and example code.
| Thus, preventing others from messing up is good practice in pretty much
| every case.
Oh no, I cannot anticipate every kind of error somebody might make, nor
every environment my code's being used. If it is a genuine bug or
misbehaving feature, I accept patches (or fix it myself).
While some sanity checks on data are certainly a Good Thing, going over
board doesn't help.
I mean: feeding hpricot something else than HTML or XML isn't hpricot's
problem, but the *users* problem. Of course hpricot should be so
courteous to throw an exception if it gets data it cannot process.
- --
Phillip Gawlowski
Twitter: twitter.com/cynicalryan
Blog: http://justarubyist.blogspot.com
~ - You know you've been hacking too long when...
...you want to wash your hair and think: awk -F"/neck" '{ print $1 }' |
shower
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkgxIrwACgkQbtAgaoJTgL+HDQCgi3G5TVmAkIyibwVdfhCH587g
sWMAnjZEm7xuk0ZkbsVhB8hKPeIHbGBj
=OQqz
-----END PGP SIGNATURE-----
Hash: SHA1
Roger Alsing wrote:
|> In a sane way: Once the potential gets realized, the code gets adjusted.
|>
|> Or do you guard against XSS when your application isn't supposed to be
|
| Absolutely, I'm all with you on that one.
|
| BUT:
|
| The chance that others than yourself will be interacting with your code
| is fairly big if you do anything else than hobby coding for your self.
Call me naive, but I think that developers are able to read
documentation, unit-tests and example code.
| Thus, preventing others from messing up is good practice in pretty much
| every case.
Oh no, I cannot anticipate every kind of error somebody might make, nor
every environment my code's being used. If it is a genuine bug or
misbehaving feature, I accept patches (or fix it myself).
While some sanity checks on data are certainly a Good Thing, going over
board doesn't help.
I mean: feeding hpricot something else than HTML or XML isn't hpricot's
problem, but the *users* problem. Of course hpricot should be so
courteous to throw an exception if it gets data it cannot process.
- --
Phillip Gawlowski
Twitter: twitter.com/cynicalryan
Blog: http://justarubyist.blogspot.com
~ - You know you've been hacking too long when...
...you want to wash your hair and think: awk -F"/neck" '{ print $1 }' |
shower
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkgxIrwACgkQbtAgaoJTgL+HDQCgi3G5TVmAkIyibwVdfhCH587g
sWMAnjZEm7xuk0ZkbsVhB8hKPeIHbGBj
=OQqz
-----END PGP SIGNATURE-----
« Return to Thread: Not quite getting it.
| Free embeddable forum powered by Nabble | Forum Help |
