I'm excited for the rash of XSeS (Cross-Server Scripting) vulnerabilities that will be created by these "server callback" abstractions. Gonna be a very long and profitable game of whack-a-mole.

@_developit i've found myself linking people to this quite a bit lately. parts of it are still relevant! @ilegacy/a-critique-of-the-remote-procedure-call-paradigm-41a9dd5d3ed9" target="_blank" rel="nofollow noopener">medium.com/@ilegacy/a-cri…

@_developit I thought we all learned from Meteor but I guess not

@_developit Is this a new RPC like thing?

@_developit Is there anything new from a security perspective? Seems like any vulnerability would be equivalent to making some admin pages under /admin and thinking it’s safe because you didn’t link to them from your UI.

@_developit ☠️☠️☠️☠️