Illya Klymov
@javascript.ninja
Staff frontend engineer @ GitLab | GDE in Web-Technologies | Vue.js and HTMX adept
All right I guess according to vote results
November 8, 2024 at 10:13 AM
All right I guess according to vote results
However, I still need to be AWARE of the issue.
I've tried to add "always ensure you're following security practices and generate safe and secure code" but again - I've received problematic code very quickly
With magic taste of "quick problem solving" a huge security risks are coming
I've tried to add "always ensure you're following security practices and generate safe and secure code" but again - I've received problematic code very quickly
With magic taste of "quick problem solving" a huge security risks are coming
November 7, 2024 at 7:01 PM
However, I still need to be AWARE of the issue.
I've tried to add "always ensure you're following security practices and generate safe and secure code" but again - I've received problematic code very quickly
With magic taste of "quick problem solving" a huge security risks are coming
I've tried to add "always ensure you're following security practices and generate safe and secure code" but again - I've received problematic code very quickly
With magic taste of "quick problem solving" a huge security risks are coming
After pointing that "hey, I need to stay logged in" a session was generated, but... It was just storing user id in unsigned cookie - huge security flaw
Abd this is my probably biggest concern on AI-generated code - I was able to easily spot this risk, and LLM even improved the code after request
Abd this is my probably biggest concern on AI-generated code - I was able to easily spot this risk, and LLM even improved the code after request
November 7, 2024 at 6:59 PM
After pointing that "hey, I need to stay logged in" a session was generated, but... It was just storing user id in unsigned cookie - huge security flaw
Abd this is my probably biggest concern on AI-generated code - I was able to easily spot this risk, and LLM even improved the code after request
Abd this is my probably biggest concern on AI-generated code - I was able to easily spot this risk, and LLM even improved the code after request
Praise to next.js 15 team for doing that, great DX!
The code generated performed magic link validation (using correct ORM which was figured via passed package.json) but didn't create any session - just redirected to / If everything was ok
The code generated performed magic link validation (using correct ORM which was figured via passed package.json) but didn't create any session - just redirected to / If everything was ok
November 7, 2024 at 6:58 PM
Praise to next.js 15 team for doing that, great DX!
The code generated performed magic link validation (using correct ORM which was figured via passed package.json) but didn't create any session - just redirected to / If everything was ok
The code generated performed magic link validation (using correct ORM which was figured via passed package.json) but didn't create any session - just redirected to / If everything was ok
It was interesting that both 4o, o1-mini and sonnet proposed this one
After asking to fix (I've continued with sonnet) it was fixed and was almost correct
Why almost? Because If next.js 15 params should be awaited
However there was a transparent error message in that and even codemod
After asking to fix (I've continued with sonnet) it was fixed and was almost correct
Why almost? Because If next.js 15 params should be awaited
However there was a transparent error message in that and even codemod
November 7, 2024 at 6:57 PM
It was interesting that both 4o, o1-mini and sonnet proposed this one
After asking to fix (I've continued with sonnet) it was fixed and was almost correct
Why almost? Because If next.js 15 params should be awaited
However there was a transparent error message in that and even codemod
After asking to fix (I've continued with sonnet) it was fixed and was almost correct
Why almost? Because If next.js 15 params should be awaited
However there was a transparent error message in that and even codemod
For example I tend to treat component + micro-store as a single unit. Because as long as store is not shared across components I do not care that much about store api and treat this as an implementation details
November 5, 2024 at 5:32 PM
For example I tend to treat component + micro-store as a single unit. Because as long as store is not shared across components I do not care that much about store api and treat this as an implementation details
while for real we should speak about:
* what to mock
* test environment (jsdom, the ugly child of dom and node.js - I'm looking at you)
* what to test - which part of the system under test we are considering "contract" (is it "virtual dom" output? Pure html? Something else?)
* what to mock
* test environment (jsdom, the ugly child of dom and node.js - I'm looking at you)
* what to test - which part of the system under test we are considering "contract" (is it "virtual dom" output? Pure html? Something else?)
November 5, 2024 at 5:30 PM
while for real we should speak about:
* what to mock
* test environment (jsdom, the ugly child of dom and node.js - I'm looking at you)
* what to test - which part of the system under test we are considering "contract" (is it "virtual dom" output? Pure html? Something else?)
* what to mock
* test environment (jsdom, the ugly child of dom and node.js - I'm looking at you)
* what to test - which part of the system under test we are considering "contract" (is it "virtual dom" output? Pure html? Something else?)