What is the future of XF?

back

Active member
I feel that XF is getting bloated now. How will management make sure that it will be future proof? Are there plans to make the software run faster or make it headless?

Personally I would like to see a JS frontend which supports native streaming threads like Facebook or Twitter.
 
You could turn XenForo into an SPA if you wanted to. With the APIs and ability to extend controllers to return JSON, this can happen. I've built certain pages and functionality of my app to be mini-SPAs sprinkled in with the standard request/server-load capabilites.

Maybe I should put this in the title, "XenForo can be customized to do anything you want -- The more you know. 🌟"
 
Javascript heavy is not the future because JS is an insecurity factor.
What kind of insecurity factor is JavaScript exactly?

The times when JavaScript gave you virtually free reign over a machine are long over and plenty of security mechanisms have been put in place by browser and ad block manufacturers.

Xenforo makes very heavy use of it already, and while a bunch of it may still work without it, a lot of functionality becomes unavailable when you disable it.
 
What kind of insecurity factor is JavaScript exactly?
One of many examples...
To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.
Xenforo makes very heavy use of it already, and while a bunch of it may still work without it, a lot of functionality becomes unavailable when you disable it.
That's right, but it doesn't make JavaScript any better.
 
One of many examples...
To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.
Your video is showcasing a classic XSS vulnerability that is happening when a backend doesn't properly escape user input, and can occur in any backend programming language. Its got nothing to do with JavaScript other than JS being the delivery method of the attack. In the same form you could blame SQL for being a "security risk", since with the right XSS vulnerability, you can execute malicious SQL code. :rolleyes:
 
If you want Twitter, go to Twitter.
If you want Facebook, go to Facebook.
If you want a blog or CMS, get Joomla or WordPress.
If you want a forum, get XenForo and sleep soundly.
If you want XenForo version 3, you probably suffer from anxiety and are trying to pass it on to others.
If for some reason, you still have doubts and can't fly in the web world, you probably either have the wrong business or it's the right time, to check your content that you publish in your pages.
 
Your video is showcasing a classic XSS vulnerability that is happening when a backend doesn't properly escape user input, and can occur in any backend programming language. Its got nothing to do with JavaScript other than JS being the delivery method of the attack. In the same form you could blame SQL for being a "security risk", since with the right XSS vulnerability, you can execute malicious SQL code. :rolleyes:
By default, JavaScript is an additional security hole that is constantly present and not as necessary to run a forum as SQL.
So these comparisons are inappropriate. :rolleyes:
Then you overlooked the client side, there too a security hole arises with activated JavaScript, which can be avoided if you don't use JavaScript in the first place or at least use NoScript add-on.
 
By default, JavaScript is an additional security hole that is constantly present and not as necessary to run a forum as SQL.
So these comparisons are inappropriate. :rolleyes:
Then you overlooked the client side, there too a security hole arises with activated JavaScript, which can be avoided if you don't use JavaScript in the first place or at least use NoScript add-on.
Javascript is not inherently anymore insecure than any other technology.

You clearly did not read the article you linked because... It literally covers what @Lukas W. was talking about in regards to JS security measures that have been added over the last 20 years.

If you're scared of every possible exploit, do not use computers or technology, do not use any smart device, do not use modern credit cards, do not use modern cars 🤷‍♂️. All of those can be exploited if an attack vector is discovered, and you clearly do not want people knowing your scandalous toaster habits.
 
Magic 8 Ball Wow GIF by pammypocket
 
Top Bottom