zlacker

[parent] [thread] 5 comments
1. _el1s7+(OP)[view] [source] 2025-12-03 19:38:38
Next.js/RSC has become the new PHP :)

I guess now we'll see more bots scanning websites for "/_next" path rather than "/wp-content".

replies(2): >>ivanje+LJ >>Vinnl+sU1
2. ivanje+LJ[view] [source] 2025-12-03 23:35:28
>>_el1s7+(OP)
Inevitable when the line between the client and the server is blurred this much. RCE in a UI library is not a phrase you hear often.
replies(1): >>jacque+wV
◧◩
3. jacque+wV[view] [source] [discussion] 2025-12-04 01:03:03
>>ivanje+LJ
Maybe one day we'll look back at JavaScript and conclude it was a gigantic mistake ship unaudited executable code to a few billion people every day.
replies(1): >>rglove+Ef2
4. Vinnl+sU1[view] [source] 2025-12-04 11:20:39
>>_el1s7+(OP)
I have seen a number of attempts at exploiting this on our deployment already. Luckily I saw and was able to apply the patch last night, but as a European, it wasn't great to only get the announcement after dinner time.
◧◩◪
5. rglove+Ef2[view] [source] [discussion] 2025-12-04 13:50:07
>>jacque+wV
JavaScript is fine, it's what and how people build with it that's the problem. It was never meant to be a systems language but we're desperate to make it one.
replies(1): >>jacque+mj2
◧◩◪◨
6. jacque+mj2[view] [source] [discussion] 2025-12-04 14:13:01
>>rglove+Ef2
In light of this discussion:

>>46141771

that is an interesting observation.

[go to top]