The whole isomorphic framework trend has always scared the poo out of me. I feel like it's just asking for security issues.
For people who commonly use these frameworks -- is it common to have issues where data or code intended only for server execution makes its way onto the client? Or are there good safeguards for this?
Next.js has introduced some keywords such as 'use server' and 'use client' that you enter in the file at the top. Much like 'use strict'. If you attempt to use server code in a client file for example, it will get caught by the ts compiler / Linter.
But for sure the lack of clear lines for where the server ends and the client begins has always been a pain of these kinds of framework offerings.
Not just accidental inclusion but intentional insecure inclusion. FE developer gets a BE ticket (because why not that's the whole point right?) and forces something through all proper-channels leading to trusted (server) code running on the client.
For people who commonly use these frameworks -- is it common to have issues where data or code intended only for server execution makes its way onto the client? Or are there good safeguards for this?