Hackers' Pub

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`

dan @danabra.mov@bsky.brid.gy

2/25/2026, 2:22:23 AM

Public

i asked claude code to write me a prototype of something using hono + jsx. i specifically stressed using jsx in the project it generated an entire project of components concatenating plain html. when asked why it switched to a clearly insecure approach (i spotted an xss), this is what it had to say

⏺ You're absolutely right — raw string concatenation is an XSS vector. Post text,
usernames, any user content goes straight into HTML unescaped (my escapeHtml calls
are manual and easy to miss). The original plan was Hono JSX.

If you have a fediverse account, you can quote this note from your own instance. Search https://bsky.brid.gy/convert/ap/at://did:plc:fpruhuo22xkm5o7ttr2ktxdo/app.bsky.feed.post/3mfnmqeacyk22 on your instance and quote it. (Note that quoting is not supported in Mastodon.)