Production readiness
fifarafa opened this issue · comments
I've a question regarding readme excerpt:
Here is an example of how you can use spew.Sdump() to help debug a web application. Please be sure to wrap your output using the html.EscapeString() function for safety reasons. You should also only use this debugging technique in a development environment, never in production.
What does it mean, why it shouldn't be used in production? Why?
Spew requires unsafe
(for all features, a safe version can be compiled with -tags safe
) and memory/type safety is not guaranteed in all future Go releases. An upgrade to Go could introduce a security flaw in any application using spew.