If lenny-ui is already using a JSX based library (InfernoJS), why not use it? I can't believe they construct HTML manually like that without a hint of escaping or stripping. Sure, many markdown renderers tell you to just slap it in __html or dangerouslySetInnerHtml but there are many that just parse the MD and let you render it with JSX!

I also can't believe there's no CSP that stopped this. Sure, it's a pain in the ass to configure with a nonce but this is literally the kind of thing it's made to block!

Thanks, good to know! I had no idea about the tags. Looks like there's a lot more variables available.

I just reread the docs on the log drivers - they mentioned that as of docker 20.x local logs now work with all drivers as it buffers the logs locally as well. I think this is probably why I hadn't explored the other drivers before - couldn't use docker-compose logs.

The biggest footgun I encounter every time I set up a raspberry pi or other linux host for a side project is forgetting that Docker doesn't do log rotation for containers' logs by default, which results in the service going down and seeing a sweat inducing ENOSPC error when you ssh in to check it out.

You can configure this by creating /etc/docker/daemon.json and either setting up log rotation with log-opts or using the local logging driver (it defaults to json) if you're not shipping container logs anywhere and just read the logs locally. The local driver compresses the logs and automatically does log rotation:

{
  "log-driver": "local",
  "log-opts": {
     "max-size": "10m",
     "max-file": "3"
  }
}

I somehow feel like there's an allergy of sort towards classes in general in JavaScript/TypeScript. Many projects I've worked on gravitate towards more functional/plain-old-objects sort of paradigm and it feels like classes are avoided just because they don't feel like idiomatic JS.