So your assertions here are the following:

• religion functions by 1) lying to people about the fundamental nature of reality in order to 2) manipulate them into doing bad things and that central to this is the idea that doing point 1 actively enables or facilitates point 2.
• religion constitutes a “static model of reality” to which people are emotionally attached, which is fundamentally dangerous.
• religion does not “determine” good or bad.
• Religious violence is a thing that exists.
• You’re queer and religion bothers you.

So, point by point:

• many religions make complex assertions about the metaphysical nature of the universe, often including the existence of supernatural phenomena, individuals, locations, etc. I’m not going to try to argue for the existence of any mystical element of any particular faith, but I will challenge the innately reductive analysis of religion you’ve provided. Most religions, particularly the very old ones, incorporate historical, philosophical, artistic, communal, and ethical traditions. You seem to center your understanding of religious faith around the metaphysical or supernatural components and have asserted that these components warp the underlying perception of reality of its participants for the express purpose of making people behave in such a way as to “do awful shit” and act against your “conscience and general interest.” In making a causal assertion of this kind, however, you really need to be able to support that assertion with something that proves a causal link between what you describe as a belief in “blatantly magical bullshit” and a specific pattern of behavior. Why is it the belief in the supernatural and not, for example, hierarchical organizations of power, something that has existed as a component of organized religion for millennia, but also in virtually all political and dominant social institutions for just as long? Perhaps people are more inclined towards mob mentality or to fall behind powerful and charismatic leaders, regardless of the institution from which they’re working. For example, the Soviet Union under Stalin was a brutally repressive society that actively criminalized both organized religion and LGBT persons. The absence of religion did not magically produce a society devoid of people unwilling to brutally oppress their fellow countrymen.
• you seem to be working with terms that don’t really carry a lot of significance or meaning for anyone other than yourself. What, exactly, do you think constitutes a “static model of reality?” And what, exactly, is problematic about that? Because in my mind, most people operate with a fairly static understanding of reality. Not to say it’s the same understanding of reality. Ideologies are as complex and different as the people that internalize them, and they inform our personal understanding of the world we inhabit. For most people, altering these beliefs about the world is non-trivial. As a staunch leftist, someone would have a hard time selling me on the merits of laissez-faire capitalism as an effective mechanism of distributing wealth in a society. My understanding of the fundamental nature of economics, human nature, and reality itself precludes this. Am I working from an overly static and inflexible model of reality?
• religion is deeply concerned with the nature of good and evil. Admittedly, these are things you might not actually believe in. Perhaps you’re a moral relativist. Perhaps not. If you are, I don’t have much to say to you about this. You believe good and evil are culturally determined moral concepts and nothing else, from a personal perspective, beyond socially conditioned behavior.
• religious violence, or “Holy Wars” as you’ve put it, are virtually all fought for the same purpose as any other war: the primitive acquisition of wealth and the expansion of a nation or nations hegemony. If you think what’s going on in Palestine is not driven by Israel’s desire for Palestinian land, then I have a bridge to sell you.
• your experiences are both tragic and common. I’ve personally been physically and emotionally abused by members of specific religious organizations, for reasons and in ways I don’t feel comfortable sharing with strangers on the internet, and by people who were sociopaths that used religion as a cudgel to bully and control others. But I’ve also been comforted and treated kindly by other people for whom their religious faith was an important part of their lives - people who were sick and in pain their entire lives, but who found serenity and comfort through their beliefs and shared that with people around them who were also suffering. History is full of people who used religion as an excuse to do terrible things, but history also has a tendency to amplify monsters and forget the decent people whose faith may have driven them to have a more positive impact on the world.

If you want to hate religion because you’re bitter, that’s fine. You can feel about religion any way that you want. But don’t be offended when you bring it up out of nowhere and someone tells you that your comments are irrelevant to the current discussion.

The world doesn’t revolve around your personal bitterness.

A lot of it probably comes from deeply negative personal experiences, combined with a general propensity for people to apply a categorical belief to particular experiences. People who were treated badly by a particular group of Christians, or people who see and hear about certain Christians advocating for some terrible politician or political goal, are applying a generalized belief to how all Christians act, and potentially to all religion in general. It’s much harder to accept that the world is a deeply complicated and messy place and that religion and religious belief is a much more complex element of human civilization, culture, and personal identity than what many people would care to acknowledge.

I already mentioned that shoehorning criticism of religion into conversations that were unrelated came across as bitter and myopic. Your point was, essentially, that a lot of people are bitter towards Christianity, which is implied by my own observation. If you have nothing to add beyond restating what was already said by the person to whom you are replying, then I would suggest saving yourself the time in the future and just clicking the up arrow. Or doing literally nothing. Either of those are fine options.

Sure, and that’s terrible, but from a different perspective, most of these beliefs and behaviors you’ve identified would persist without religious institutions and their proponents formalizing them as policy. Religion can give people a way to justify a lot of the terrible beliefs that they had internalized anyway, because it’s part of the dominant culture. But misogyny, racism, homophobia, transphobia, classism, xenophobia, and moral hypocrisy aren’t caused by religion or religious beliefs, any more so than atheism or agnosticism causes people to be tolerant or accepting of others in spite of their differences. And that’s a foundational premise to many of the criticisms of religion I see on Lemmy. But it’s just objectively wrong. If you want to look at a historical example of the productive power of religion, look no further than the SCLC (Southern Christian Leadership Conference), which was one of, if not the most significant, political and religious organizations of the Civil Rights movement. It helped to organize people into a fighting force for real progressive change and it did so by way of lines of communication between black congregations across the country. For even more examples of religion as a tool of social progress, I recommend the wikipedia page on Liberation Theology.

You don’t even need to involve churches.

There are plenty of valid complaints about (many) American religious institutions, but the constant shoe-horning in of complaints about religion in unrelated posts that I see on Lemmy comes across as bitter and myopic.

This is a good question. The answer is probably “a few years old” at the least. I went hunting for the UPC code on the back label and found this website, which indicates its last recorded scan was some time in 2021. It’s likely this product is simply no longer manufactured and sold by them. Probably by virtue of a lack of demand or other considerations.

Yeah, I didn’t know that until very recently, and that was because of an anime I was watching.

Oh boy a semantic argument

It turns out the language you use can be semantically ambiguous or misleading if you phrase it incorrectly. Today you learned.

And any web dev who remotely understands the point of CSP and why it was created, should instantly have alarm bells going off at the concept of triggering arbitrary ajax via html attributes.

Oh, did you finally manage to fucking Google how HTMX works so you could fish for more reasons to say it’s unsafe? What you’re describing is not a particular concern to HTMX. If an attacker can inject HTML into your page (for example, through an XSS vulnerability), they could potentially set up HTMX attributes to make requests to any endpoint, including endpoints designed to collect sensitive information. But, and this is very important, this is not a unique issue to HTMX; it’s a general security concern related to XSS vulnerabilities and improper CSP configurations.

Do you know what the correct cure for that is?

PROPER CSP CONFIGURATION.

“HTMX doesn’t bypass CSP! It just (proceeds to describe the exact mechanism by which it bypasses CSP)”

Do you genuinely not understand that CSP works on the browser API level? It doesn’t check to see if your JavaScript contains reference to disallowed endpoints and then prevents it from running. I don’t know how you “think” CSP operates, but what happens is this: The browser exposes an API to allow JavaScript to make HTTP requests - specifically XMLHttpRequest and fetch(). What CSP does is tell the browser “Hey, if you get an API request via XMLHttpRequest or fetch to a disallowed endpoint, don’t fucking issue it.” That’s it. HTMX does not magically bypass the underlying CSP mechanism, because those directives operate on a level beyond HTMX’s (or any JS library’s) influence BY DESIGN. You cannot bypass if it if’s properly configured. Two very serious questions: what part of this is confusing to you? And, have you ever tested this yourself in any capacity to even see if what you’re claiming is even true? Because I have tested it and CSP will block ANY HTMX issued request that is not allowed by CSP’s connect-src directive, assuming that’s set.

CSP works on the browser API level - all HTMX does is what you could do yourself with any AJAX: send an HTTP request to an endpoint. If the CSP disallows that endpoint, it will fail.

Removed by mod

Just to be clear, are you talking about some kind of templating library that literally transpiles all the htmx logic and instead packs it into individual ajax logic in js files “per element”, such that you don’t need to serve htmx client side and instead you pre-transpile all the ajax logic out to separate files?

My brother in Christ, what the fuck are you talking about “transpiling HTMX” and “serving HTMX client side?” You don’t “serve” HTMX and there’s nothing to “transpile into JavaScript.” It is JavaScript. That’s like saying you “serve React client side” and “transpile JavaScript into more JavaScript.” Jesus, I feel like I’m taking crazy pills.

Cause the very start of my statements was that if we had something like that then HTMX would be fine, as a templating lib that transpiled out to html+js.

Oh, okay, so you don’t actually know what HTMX is or how it works, then? Because HTMX (https://htmx.org/) is a JavaScript library. Like, literally just a JavaScript library. It’s like…4000 lines of JavaScript. In fact you can read the source code for it here: https://github.com/bigskysoftware/htmx/blob/master/src/htmx.js. For some…insane reason you seem to think HTMX is its own language. It’s not. It’s…just a JavaScript library. There is no other language called HTMX. There is no other mechanism or tool called HTMX. No implementation or protocol or ANYTHING else. It’s just a small JavaScript library.

invoke arbitrary logic with html attributes

Once again, HTMX enhances HTML with various attributes declaratively. It utilizes custom data attributes in HTML (like hx-get, hx-post) to specify how elements on the page should behave - essentially, how and where to fetch data or submit forms without a full page reload. This is a form of declarative programming that tells the htmx.js library (which is just doing fucking AJAX) what to do when certain events occur (e.g., a click or a form submission). The actions (like the actual requesting of data from an endpoint) are performed by the code in htmx.js.

This is a fancy way of saying “if you stick an hx-get attribute on a button, then you can just say where you want a GET request to go to and what element you want updated with the HTML returned from it and htmx.js will parse that out on page load and set an event listener for the button click to know when to initiate an AJAX request to the defined endpoint.” If you had an hx-get attribute in an element in a page and that page didn’t have the htmx.js library loaded it would do literally nothing.

And, once again, HTMX, being a JavaScript library, operates under the same security constraints as any JavaScript executed in the browser. This means that:

1. HTMX’s scripts themselves must be loaded from sources allowed by the script-src CSP directive.
2. Any dynamic requests to load content or submit data initiated by HTMX are subject to CSP’s connect-src directive.

HTMX enables arbitrary invocation of ANY api endpoint with cookies included, through html attributes, which inherently can’t be covered by Content Security Policy

I want you to please explain how HTMX bypasses the Content Security Policy connect-src directive, or any -src directive, for that matter, assuming it is specified (which it should be). Because I’m genuinely curious why the HTMX dev team would include a section on CSP in their docs if it did literally nothing, as you say.

Actually, as an even more basic question…you do know that HTMX is literally just an AJAX library, right? It doesn’t actually “do” anything via HTML attributes. The additional HTMX attributes, like hx-get, hx-post, etc. just tells HTMX where and how to make the API requests. These requests are executed by the browser’s native fetch or XMLHttpRequest APIs, depending on compatibility and implementation. Therefore, HTMX is subject to the same security constraints and policies as any other JavaScript-based operation that makes HTTP requests. Which also, by definition, means that it adheres to the Content Security Policy directives configured for that website.

In other words, an HTML button element with hx-get=“https://www.some-endpoint.com/” on it would eventually translate into

const xhr = new XMLHttpRequest();
xhr.open("GET", "https://www.some-endpoint.com/");
xhr.send();

on click.

You do understand that, right?

deleted by creator

Honestly, the internet was at its best when it was the fever dream of stoned, sexually frustrated grad students at Berkley. Infinite potential - it could’ve been anything. Could’ve. But wouldn’t. The real thing, after it became fully saturated in everyday American life, was always going to be some mediocre, watered down corporate cesspool of lowest common denominator, hyper-sanitized garbage. Because that’s what people like. They like safe, familiar, predictable, and uncomplicated. Well, most people.