you'd be surprised at how many libraries do not take the whitelist approach and just remove

onEVENT=

which isn't enough lol.

this is from the mind of the developer that didn't implement that yet

Is there a resource that demonstrates how to implement virtualisation `with HTMX`/`_hyperscript`?

There might be clues to that in any infinite scrolling examples, maybe?

Is there a resource that demonstrates

Thanks for the reply. We are using swap-innterHTML. This prototype is simple page with one button. On every button click we will swap the innterHTML with fragment received from api response. I have attached the prototype index.html, chrome-profile.json and network-capture.har. The following is the snippet from chrome profile capture: 1. First button click - Duration: 41.47 ms (34.37 ms network transfer + 7.10 ms resource loading) 2. Second button click (Same api called as first button click) - Duration: 216.55 ms (29.24 ms network transfer + 187.31 ms resource loading) Second time resource loading is high. But API response/html fragment is same for both the calls refer network-capture.har. Please help. For more information please refer the attached files. I am not able to upload the chrome-profile.json as file. I uploaded as zip file. Thank you !!!

chrome-profile as zip file

Hello everyone! Has anyone successfully accomplished a standalone frontend app with htmx? Like it will consume from hypermedia api, but use auth tokens (JWT) and all? So we can finally drop vue and react???

typically in htmx auth is done on the server side and then a session cookie is maintained

two things: 1) are you doing anything in

htmx:beforeCleanupElement

? 2) can you run this w/ the non-minimized version of htmx?

This is a small-ish application that used to use Vue; the HTML is generated on the server, and all the refreshing / updates are handled via htmx interaction. The server stuff is specific to the .NET / F# environment, but the files under

Views

use something that very closely resembles HTML. https://github.com/bit-badger/myPrayerJournal/tree/main/src/MyPrayerJournal

I also wrote a lot about the initial Vue application... https://bitbadger.solutions/blog/2018/a-tour-of-myprayerjournal/introduction.html

...and changes that I implemented as part of the version that uses htmx. https://bitbadger.solutions/blog/2021/a-tour-of-myprayerjournal-v3/introduction.html

Both use authentication via Auth0 - but, as Carson said, v3 uses a session cookie, while v1 used JWTs.

1) We are not doing anything in the in htmx:beforeCleanupElement 2) I have attached chrome-profile w/ the non-minimized version of htmx

Thanks a lot! Am gonna give it a view!!

hmm, I'm confused by this profile:

it looks like the event dispatch is taking up a ton of time (and calls

cleanupElement

within it)

are you using any extensions?

This looks like chatGPT lol

Seeing as it invented some hx- attributes

duh

It also assumes that you'd allow users to set the value of attribute, which would require some vaguely convoluted JavaScript. Interesting that it correctly pointed out XSS being a possible avenue for attacks, but that the method it proposed is very strange

never, ever take anything a machine says as legit. not even 0 or 1.

htmx is just like any other server-driven approach: you have to escape your content on the server side properly. It's all outlined here: https://htmx.org/docs/#security, which is where our friendly AI grabbed most of this from.

i'm also trying to whip it into writing a mini-htmx

No we are not using extensions. Is there anyway we can swap-innterHTML without performing the cleanupElement? Yes it is pretty straight forward app which does on every button click swap the response/fragment. For testing purpose we are using 10K+ entries in the response/fragment. Even the 10K+ entries at first time faster only sub sequent calls it is slow due the cleanupElement recursive call. I have attached the response(/prizes)/fragment.html for your reference. Main html snippet: Click me

Ah, so this is a huge DOM

OK, that makes some sense

> our friendly AI just you wait when openai will paywall the fuck outta it