Sounds plausible, but the article itself lists a number of downsides to this, including a statement about potential security problems with a somewhat wishy washy "The input is almost never user-controlled". That "almost never" is a big red flag to me - sounds like there are known security holes that are being glossed over.
So my question is whether there are any real-world scenarios where the performance gains will make a difference to the end customer? Because if not, this framework would bring on the known downsides without a compelling reason for doing so aside from bragging rights of "we're the fastest"
> Sucrose read the code without executing it by using Function.toString() then perform our own custom pattern-matching to extract useful information about what parts of the request are actually needed by the route handler.
Sounds plausible, but the article itself lists a number of downsides to this, including a statement about potential security problems with a somewhat wishy washy "The input is almost never user-controlled". That "almost never" is a big red flag to me - sounds like there are known security holes that are being glossed over.
So my question is whether there are any real-world scenarios where the performance gains will make a difference to the end customer? Because if not, this framework would bring on the known downsides without a compelling reason for doing so aside from bragging rights of "we're the fastest"
> Sucrose read the code without executing it by using Function.toString() then perform our own custom pattern-matching to extract useful information about what parts of the request are actually needed by the route handler.
Hmm.