Absolutely right, JavaScript on the server side is nuts: The Fall of the House of Node.
Richard Kenneth Eng

I would not go so far as to say that JavaScript is a horrible language, although it does have its quirks (like the fact that “===” is different from “==”).

I think that JavaScript is fine for the client side. Certainly Java has been a complete failure for client side code. JavaScript can be a light weight language, with relatively modest libraries.

But we are obviously in violent agreement when it comes to JavaScript on the server side.

One of the most cracked arguments for JavaScript on the server side is “we can share code” between the client and the server. That’s ridiculous. At least on nderground we do completely different things on the client than on the server.

If you want to build a secure system, you need to limit what you do on the client side, since the client side code can always be hijacked and corrupted.

For example, I do HTML sanitization to avoid JavaScript injection from the nderground client side editor. This is done on the server. Doing this on the client side is doomed to failure, although I know people who try this.

The popularity of Node.js is an example of the herd like behavior of the software community.

http://www.nderground.net — nderground is a social network designed for privacy. We don’t follow the herd.

Show your support

Clapping shows how much you appreciated nderground’s story.