Post Ay3GyaRqmUfHW3ctl2 by enobacon@urbanists.social
 (DIR) More posts by enobacon@urbanists.social
 (DIR) Post #Ay3FuJvu8uD3BN5NdA by ricci@discuss.systems
       2025-09-10T04:11:06Z
       
       0 likes, 0 repeats
       
       How in the name of all that is unholy did we build a world where it is easier to get *code* into your browser (via <script src="''>..., whatever, YOLO) than *data* (have to fetch JSON through a function call, CORS applies, etc.)
       
 (DIR) Post #Ay3G5qzVZcvstbGr0y by enobacon@urbanists.social
       2025-09-10T04:13:15Z
       
       0 likes, 0 repeats
       
       @ricci 1st world localhost CORS problems LMAO
       
 (DIR) Post #Ay3GH6AFV4fZ8kem1Y by ricci@discuss.systems
       2025-09-10T04:15:17Z
       
       0 likes, 0 repeats
       
       @enobacon if its a goddamn javascript file I just include it with <script src=".."> and it loads fine, whether I'm loading the HTML directly from a file, via a local webserver, on the live site, whatever. But OH NO if it's JSON now I have to fetch it! No fetching from the filesystem, of course!
       
 (DIR) Post #Ay3GXa6Lxio8cch5qC by nickzoic@aus.social
       2025-09-10T04:18:13Z
       
       0 likes, 0 repeats
       
       @ricci Oh it's easy to get JSON data in, you just prepend "var my_data =" and include it with a <script src=""> ...
       
 (DIR) Post #Ay3Gbz3d7NqDBEWGzw by ricci@discuss.systems
       2025-09-10T04:19:03Z
       
       0 likes, 0 repeats
       
       @nickzoic Yes, exactly. It has to be goddamn code, data is not good enough WHY
       
 (DIR) Post #Ay3GyaRqmUfHW3ctl2 by enobacon@urbanists.social
       2025-09-10T04:23:08Z
       
       0 likes, 0 repeats
       
       @ricci that json's syntax is restricted to what works via eval in js, :chefskiss: 😆
       
 (DIR) Post #Ay3H3e2AsOhS5M1pKa by alxlg@mastodon.social
       2025-09-10T04:24:03Z
       
       0 likes, 0 repeats
       
       @ricci @nickzoic HTML is data, no need for JSON at all
       
 (DIR) Post #Ay3HTKPcS7OMl5F1to by ricci@discuss.systems
       2025-09-10T04:28:43Z
       
       0 likes, 0 repeats
       
       @alxlg @nickzoic ah yes, client side html includes, a thing that we famously never did
       
 (DIR) Post #Ay3JCjOoUwPPEv4ue0 by ricci@discuss.systems
       2025-09-10T04:48:06Z
       
       0 likes, 0 repeats
       
       @EndlessMason @nickzoic Sure, let's just wrap eval() around all our "data" what could go wrong
       
 (DIR) Post #Ay3JKVMKaAoq0ncjh2 by nickzoic@aus.social
       2025-09-10T04:49:30Z
       
       0 likes, 0 repeats
       
       @ricci @alxlg "I have done ... questionable things."
       
 (DIR) Post #Ay3NLXtV2hWpyptF0C by ricci@discuss.systems
       2025-09-10T05:34:30Z
       
       0 likes, 0 repeats
       
       @EndlessMason @nickzoic You know what xmlhttprequest can't do?load a json file from the local filesystem.You know what *can* load from the local filesystem?The <script> tag
       
 (DIR) Post #Ay3dPKCdUGTVwTfHDE by agowa338@chaos.social
       2025-09-10T08:34:26Z
       
       0 likes, 0 repeats
       
       @ricci doesn't CORS also apply to script tags "self" and such?
       
 (DIR) Post #Ay3dWgGdqkcuOx2ulU by ricci@discuss.systems
       2025-09-10T08:35:49Z
       
       0 likes, 0 repeats
       
       @agowa338 I mean, in terms of what the script can access, sure. But what the browser will let you load? Data: gotta pass CORS to even get to it. Code that's gonna be stuck in a big eval()? Come on in!
       
 (DIR) Post #Ay3dpc5ZbrLKwateVM by agowa338@chaos.social
       2025-09-10T08:39:14Z
       
       0 likes, 0 repeats
       
       @ricci you can always just stuff it into a scripts tag or a custom html tag...
       
 (DIR) Post #Ay3dwbr2sZb6FDRB7A by ricci@discuss.systems
       2025-09-10T08:40:31Z
       
       0 likes, 0 repeats
       
       @agowa338 > you can always just stuff it into a scripts tagMy point exactly. We have somehow architected the web such that if you want data, the easiest thing to do  is to convert it into code
       
 (DIR) Post #Ay3eDA2XXwQItyhqTY by agowa338@chaos.social
       2025-09-10T08:43:29Z
       
       0 likes, 0 repeats
       
       @ricci to be fair JSON is literally JavaScript Object Notation and also valid javascript.Also the script tag is not just for javascript either. It is designed as:```<script type="MIMETYPE">//<<![CDATA[//]]></script>```Where as the two in the middle are for XHTML compatibility and to allow XML parsers to parse your HTML file.
       
 (DIR) Post #Ay3eJGYWEYbWqcZing by ricci@discuss.systems
       2025-09-10T08:44:37Z
       
       0 likes, 0 repeats
       
       @agowa338 Yes, I know all of this, it is exactly my point
       
 (DIR) Post #Ay3eLrH2ghHvJ2dXPc by agowa338@chaos.social
       2025-09-10T08:45:05Z
       
       0 likes, 0 repeats
       
       @ricci to be fair JSON is literally JavaScript Object Notation and also valid javascript.Also the script tag is not just for javascript either. It is designed as:```<script type="MIMETYPE">//<<![CDATA[//]]></script>```Where as the two in the middle are for XHTML compatibility and to allow XML parsers to parse your HTML file.See: https://www.w3schools.com/Tags/tag_script.aspDefault CSS is also "display: none;" so once you add an additional style attribute to overwrite it...
       
 (DIR) Post #Ay3oHT6RbzZIizE0wK by alxlg@mastodon.social
       2025-09-10T10:36:19Z
       
       0 likes, 0 repeats
       
       @ricci @nickzoic The issue here is "client side", almost everything client side is anti-REST and anti-hypermedia