By @samuel · 2021-10-11 21:08
By @snapey · 2021-10-16 10:56
Perhaps I misunderstood Caleb's post? Talking about serverMemo.data:
This is THE most important security feature in Livewire. Each component payload is signed with a secured checksum hash generated from the entire payload. This way if anything tampers with the data used to send back to the server, the backend will be able to tell that and will throw an exception.
By @samuel · 2021-10-16 13:43
See this: https://twitter.com/archtechx/status/1448758312611233794
Livewire doesn't let you directly change the serverMemo data, since it's verified via that checksum. But you can change anything in data via the JS runtime which pushes the changes using $set.
If you couldn't modify data on the frontend, then the Alpine integration wouldn't work — @entangle couldn't work, the $wire proxy wouldn't work — and you couldn't use $set() in wire:click handlers.
This is a common misunderstanding which is why I covered it in the first part of this series. Everything in the component's data can be modified on the frontend — even if it's not used in any wire:click handlers or other things like that.