[Owasp-leaders] From a security point of view: Angular or React?

Kim Carter kim.carter at owasp.org
Sun Jun 28 23:21:06 UTC 2015


With Angular: Generally a lot of work for a large non-trivial
application. Angular is pretty much an all or nothing framework.

With React and Flux: As much or as little work as you want it to be.
Many teams use React to replace small pieces at a time. The last client
I used React with I used it to replace the backbone views. Why only the
views? Because there was nothing wrong with the router or models and the
problem with the existing code base was the manual DOM manipulation and
events being in unknown states due to having many teams work on the code
base and all of which did things a different way. By using React to
replace a Backbone view at a time, the work load was very manageable. I
attacked the worst views first, unravelled them and replaced them with
React components. React is essentially a view engine, but can be used
for everything. With React, you can use as little or as much as you like.


Kim Carter

OWASP New Zealand Chapter Leader (Christchurch)

c: +64 274 622 607


On 29/06/15 08:35, Jim Manico wrote:
> JQuery was originally built to help with cross-browser quirks which is
> becoming less of an issue. I see plenty of folks migrating away from
> it to Angular and similar. There are a variety of migration resources
> on the net and it's doable - but migration can be time consuming work.
>
> --
> Jim Manico
> Global Board Member
> OWASP Foundation
> https://www.owasp.org <https://www.owasp.org/>
> Join me at AppSecUSA <http://appsecusa.org/> 2015!
>
> On Jun 28, 2015, at 10:22 AM, johanna curiel curiel
> <johanna.curiel at owasp.org <mailto:johanna.curiel at owasp.org>> wrote:
>
>> From a developer point of view, if I had to replace Jquery with
>> Angular or React how much work is that?
>>
>> Imagine my entire front is completely dependent on Jquery...any
>> instructions or ideas how to achieve this without an excruciating QA?
>>
>> On Sun, Jun 28, 2015 at 4:09 PM, Jim Manico <jim.manico at owasp.org
>> <mailto:jim.manico at owasp.org>> wrote:
>>
>>     Angular is much better for XSS defense today, but React was built
>>     with a much more sound core and is likely to have a better future.
>>
>>     #nuance
>>
>>     --
>>     Jim Manico
>>     Global Board Member
>>     OWASP Foundation
>>     https://www.owasp.org <https://www.owasp.org/>
>>     Join me at AppSecUSA <http://appsecusa.org/> 2015!
>>
>>     On Jun 28, 2015, at 4:21 AM, Dinis Cruz <dinis.cruz at owasp.org
>>     <mailto:dinis.cruz at owasp.org>> wrote:
>>
>>>     Which one makes it easier to write secure code, has more
>>>     features to help security and has better support for
>>>     Security-focused tests?
>>>
>>>     What do you see on the ground?
>>>
>>>     Which one tends to create apps with more vulnerabilities?
>>>
>>>     _______________________________________________
>>>     OWASP-Leaders mailing list
>>>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>     _______________________________________________
>>     OWASP-Leaders mailing list
>>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150629/916fc98a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: owasp_member_EmailSignature.gif
Type: image/gif
Size: 3735 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150629/916fc98a/attachment.gif>


More information about the OWASP-Leaders mailing list