You can tell a website is vibe-coded when it's possible to use non-existent values for internal parameters (using DevTools to capture the PUT request then re-casting it with a different JSON body) with little to no sanitization. I just set a "crimson-600" color scheme (when there's no such color scheme, the closest being "rose-600") for a blogging platform out there. Not just the back-end "recognized" the value (returning a JSON whose "success" is "true"), but now the "Color" drop-down is empty-valued and showing a white rectangle (because there's no such thing as ".theme-crimson-600" across their CSS definitions).
Hey, I missed the opportunity to set "crimson-666"! ๐
Or, maybe, the Little Bobby Tables color theme, as in `...{"color": "nothanks\"' OR 1=1; CREATE DATABASE BOBBY; -- 666"}}` (oh, SQL injection... this reveals my age I guess... yeah "I'm old, Dean, very old"; vibe-coded projects likely use MongoDB or similar... ouch, this is also old. Maybe the today's "SQL injection" would be injecting prompt instructions, using Unicode tricks, for whatever their... ahem... "agent" is, so their "agent" can, for example, recommend them using cyanoacrylate to stick the cheese to the pizza slice, or reminding them of their daily stone intake needs as recommended by the "nutritionist" LLM)
Now, seriously: why don't they use RGB/HSL/HSV values then use CSS's `color-mix` to derive the palette from any arbitrary color freely informed/chosen by the user? This way I wouldn't try to literally XSS your site only to set a fucking color. I like red, _pure_ RGB red, the rgb(255,0,0), #FF0000, not your pre-determined... *checks notes*... "rose".
Okay, I'm returning back to... "rose-600". Whatever.
Hey, I missed the opportunity to set "crimson-666"! ๐
Or, maybe, the Little Bobby Tables color theme, as in `...{"color": "nothanks\"' OR 1=1; CREATE DATABASE BOBBY; -- 666"}}` (oh, SQL injection... this reveals my age I guess... yeah "I'm old, Dean, very old"; vibe-coded projects likely use MongoDB or similar... ouch, this is also old. Maybe the today's "SQL injection" would be injecting prompt instructions, using Unicode tricks, for whatever their... ahem... "agent" is, so their "agent" can, for example, recommend them using cyanoacrylate to stick the cheese to the pizza slice, or reminding them of their daily stone intake needs as recommended by the "nutritionist" LLM)
Now, seriously: why don't they use RGB/HSL/HSV values then use CSS's `color-mix` to derive the palette from any arbitrary color freely informed/chosen by the user? This way I wouldn't try to literally XSS your site only to set a fucking color. I like red, _pure_ RGB red, the rgb(255,0,0), #FF0000, not your pre-determined... *checks notes*... "rose".
Okay, I'm returning back to... "rose-600". Whatever.