essenciary
commented
3 months ago The @in and @out are safety features. They protect against people exposing data unwillingly. So explicit exposing of data is a good safety feature. It's much better to limit data output and realize and fix it, than unwillingly expose your data onto the client. It's similar to how in programming languages functions are private by default. If you can't access it, change the visibility.
As such:
- the change of alias will no longer make it explicit that the data is exposed on the internet, making the users vulnerable to serious data leaks
- as this is a safety feature, it makes no sense to have just input, that would be an artificial limitation and would require yet another macro for input+output. It makes no sense to have a variable that takes input but can not output (again, the key point is protection against accidentally accepting data from the outside world)
- so far I haven't heard this issue from anybody else
- the
@bindmacro is already used and@ioand@stateare nowhere clearer (and much less explicit about what they're doing)
PGimenez
@essenciary @hhaensel
Right now we have
@inand@outto declare read-write and read-only variables. Many times I've declared an@outvariable by mistake and then wondered why the UI component it was bound to wasn't working. I assume this could happen to other people as well.I'd like to have a different macro that would declare read-write variables and is named something other than
@in, to avoid having to think whether the variable is read-only/read-write. Something like@io,@bind,@state.And now that I think about it, given its name,
@inshould only take values from the browser to the backend and not the other way around. But this would be a breaking change for people's apps so let's not do that.