1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
+
+
+
+
+
+
+
+
|
#!/usr/bin/wapptclsh
#
# This script demonstrates a Wapp application that can display a copy
# of itself using a font color selected by a query parameter.
#
# The foreground color is whatever value is given by the color= query
# parameter. The color is inserted into a style= attribute on the
# <pre> element using the %url(...) substitution mechanism of Wapp,
# so it is safe from XSS injections. Try it! You won't be able to
# slip in any unwanted HTML, but you can use %23 to get a # for
# an RGB color, like this:
#
# ?color=%23003f7f
#
# Notice that the "wapp-content-security-policy" command had to be used
# to enable in-line CSS. In-line CSS is off by default.
#
# Also notice that the "wapp-allow-xorigin-params" command had to be used
# to enable users to manually add new color= query parameters.
#
package require wapp
proc wapp-default {} {
wapp-content-security-policy {default_src 'self' 'inline'}
wapp-allow-xorigin-params
set fd [open [wapp-param SCRIPT_FILENAME] rb]
set script [read $fd]
|