I'm officially looking around, if anybody needs a Go software engineer with a very strong background in web security lmk.
I also know a fair share of frontend dev and was a SWE/SE for Google and Microsoft.
I'm looking for security-sensitive dev projects and security reviews.
I'm here! Come by for a chat.
5/
Note: there's more to come — in particular some way to automatically include injected values without building a Go binary, but these should provide a foundation for that.
4/
Proposal: Tagged String Literals
github.com/cue-lang/cue...
Context-aware string interpolation: tag functions control escaping of interpolated values, preventing injection vulnerabilities in shell, SQL, HTML, etc.
#cuelang
3/ Proposal: CUE Value Injection
github.com/cue-lang/cue...
A mechanism for Go programs to supply values to CUE source via `@inject` attributes, letting CUE packages declare external dependencies explicitly.
#cuelang
2/ Proposal: User-Provided Functions and Validators
github.com/cue-lang/cue...
A simple Go API for wrapping Go functions as CUE-callable functions and validators — extending CUE's evaluation with custom logic.
#cuelang
1/ I've just published three orthogonal but related CUE proposals. #cuelang 🧵
Are you still hiding if no one is looking?
People aren't reading the code at all—they'd see the weird decoder+eval—and machines can see that and also the private use code points.
Also, it's been public since May 2025 and GitHub/NPM/Microsoft have done nothing.
www.aikido.dev/blog/glasswo...
A great example of how the Google #golang team put thousands of lines of ultra-technical code in service of an incredibly easy-to-use and useful tool. If you ever deprecate code, you really should know about the go:inline directive!