🧼 Why the Sanitizer API Is Just `setHTML()`
A sharp look into modern web security evolution—showing how browser vendors tackle XSS at the standards level. Essential reading for developers dealing with HTML sanitization or web platform security.
Frederik Braun explains the design choices behind the browser’s native Sanitizer API and its decision to use `setHTML()` instead of returning sanitized strings like DOMPurify. Traditional sanitization often introduces new XSS risks through repeated parsing, while this approach keeps context-aware safety by directly sanitizing and replacing DOM nodes. The result is a cleaner, faster, and safer way to handle user-generated HTML in browsers.
🔗 Read more 🔗
🌀 Rediscovering Forth: The Enduring Power of a Minimalist Language
A passionate reflection on Forth’s elegance and independence—both a technical deep dive and a cultural call for simplicity and creative autonomy in programming.
Lee’s essay revisits Forth, the stack-based language celebrated for its simplicity and self-sufficiency. By contrasting it with modern, bloated ecosystems like LLVM-based languages, he highlights Forth’s bootstrappable design, portability, and unique blend of low-level control and high-level abstraction. Historical insights and examples reveal how Forth remains a timeless tool for experimentation and systems programming.
🔗 Read more 🔗
🧊 The Gerrit Code Review Iceberg: Unseen Work Beneath the Surface
A candid look at the unseen side of open-source—where volunteer energy and consistency determine whether innovation sinks or sails. Insightful and motivating for maintainers and contributors alike.
This Haiku OS post reveals the hidden backlog of 358 unreviewed commits lingering in its Gerrit system—some untouched since 2018. By exploring abandoned patches and stalled proposals, it highlights how open-source projects struggle with review bottlenecks and community participation. The article calls developers to revisit and revive these dormant contributions.
🔗 Read more 🔗