@surreal.analysis has joined the channel
set the channel topic: https://www.kickstarter.com/projects/1346708779/arachne-rapid-web-development-for-clojure
@luke has joined the channel
@borkdude has joined the channel
@niwinz has joined the channel
Here a link for the context: https://funcool.github.io/catacumba/latest/
@roberto has joined the channel
@mccraigmccraig has joined the channel
set the channel topic: Project Page: http://arachne-framework.org/ Kickstarter: https://www.kickstarter.com/projects/1346708779/arachne-rapid-web-development-for-clojure
@mccraigmccraig has left the channel
@anmonteiro has joined the channel
@sveri has joined the channel
@jethroksy has joined the channel
@r0man has joined the channel
@russell_whitaker has joined the channel
@glenjamin has joined the channel
Whatever you do for HTML generation, please escape content by default simple_smile
@niwinz @surreal.analysis I am not familiar with those, but I’ll definitely check them out - I certainly want to build on the best thing out there.
And it’s likely you’ll be able to swap out the implementation simply by using a different module anyway.
@glenjamin: don’t worry, Arachne apps will be secure by default. I plan to get a professional security audit of the default setup at some point later on when things stabilize.
just wanted to mention that early, major footgun in hiccup simple_smile
@luke nice, the pluggable backend is nice, but catacumba is pretty high level, is not a "ring" impl. It a complete toolkit "a la pedestal" that I think it has simplier approach and better documentation
I’m going to be replacing the “programmer interface" layer of Pedestal with something easier and more usable, anyway - part of how Arachne abstracts all the facts about an application (routes, migrations, resources, dependency-injected components, etc) into a central configuration.
I’ll definitely look at Catacumba though - at the very least for inspiration and ideas of how to make a nice UI, whether or not I use it as (one possible) backend.
by UI I mean programmer UI
😉 nice
other security things I can think of that I believe are hard to retrofit would be:
if there are any secret strings (eg. for signed cookies) ensure lein templates etc generate unique values
if you have models with a merge(new-data) type interface, make it easy to whitelist attrs
if you have models, ideally make it easy to have a 1-many relationship with resources (edit-profile vs admin-user for eg)
@gjnoonan has joined the channel
@amashi has joined the channel
@ul has joined the channel
@logbot has joined the channel
@ul has left the channel
Really a nice approach. Totally appreciate that. If you are looking for inspiration, I put together this template: https://github.com/sveri/closp based on luminus and there are some things I consider fundamental for developing web stuff like authorization and authentication, captcha support, email support, complete reloadability during development and some more. I think if you want to succeed across the clojure world you will have to deliver that and much more.
Considering that when RoR was coming out only few people gave a thing about Ruby and it surely is not much better today. It could be the same for a clojure web framework if we can show the advantages of the JVM.
@jetmind has joined the channel
@tjg has joined the channel
@zane has joined the channel
@trylobot has joined the channel
Hey @luke love that you're endeavoring to make web development (aka distributed systems engineering!) easier. I'd love to contribute materially with pull requests whene'er y'all ready to set it loose
@taylor.sando has joined the channel
@yogidevbear has joined the channel
@lopalghost has joined the channel
@mihaelkonjevic has joined the channel
@michaelporter has joined the channel
@serioga has joined the channel
@martinklepsch has joined the channel
@curtis.summers has joined the channel
@donaldball has joined the channel
@jase has joined the channel
@juhoteperi has joined the channel
@alexmiller has joined the channel
@lumengxi has joined the channel
@devth has joined the channel
Thanks! It’s coming along well - expect a public code drop in the next few weeks
@senorflor has joined the channel
@seancorfield has joined the channel