@zens@merveilles.town I think the ppl saying "Dev experience" actually mean "corpo manager experience".

The frameworks do have benefits; they allow us to shed legacy and rename / deprecate things that have been named wrong for decades. For example, in react, `element.innerHTML` was renamed to `dangerouslySetInnerHTML`. Honestly this is the single best feature of react.

None of this matters if you are just trying to make a single user web tool or a blog. But if you're a corporate manager and you want to throw whatever programmers you can manage to retain at a problem, react is the obvious choice. Chances are you arent gonna get the budget it would take to hire ppl who have the 2-5 years of in-depth web platform experience that it seems to take to be able to really do complex web apps in vanilla js without accidentally creating arbitrary code execution from user-provided content.

I've helped a few folks with their first frontend projects outside of work, and I've found trivial xss every single time.

Yes there are tons of ways to mitigate xss, but none of them really shut the door on it with an ultimate eternal sealing spell like react does.