Let’s take a look back at where we came from and where we are
- HTML was TeX with hyperlinks. Do a compare/contrast table. Point out HTML’s key differentiators
- CSS was the answer for people who cared about data presentation, even though HTML (like TeX) was designed to fundamentally disregard data presentation
- When did HTTP add verbs like PUT? I wonder if even that was a concession to people who wanted to misuse HTML
- HTML+CSS+JS are slowly becoming more application-friendly, but they’re fundamentally what they always were
- Server-side languages are – hang on, there are no server-side languages
- Most of the security problems in webapps stem from all this concatenation – it puts injection vulnerabilities everywhere. String validation and escaping is monkey-patching. Why don’t we separate data from logic?
- The other security problems stem from the fact that the HTML stack was never meant to be a secure system that can run government systems and world banks – it was a document library with convenient inter-document references!