#!/usr/bin/w3tclsh
#
# This script demonstrates a W3 application that can display a copy
# of itself using a font color selected by a query parameter.
#
# The foreground color is whatever value is given by the color= query
# parameter. The color is inserted into a style= attribute on the
# <pre> element using the %url(...) substitution mechanism of W3,
# so it is safe from XSS injections. Try it! You won't be able to
# slip in any unwanted HTML, but you can use %23 to get a # for
# an RGB color, like this:
#
# ?color=%23003f7f
#
# Notice that the "w3-content-security-policy" command had to be used
# to enable in-line CSS. In-line CSS is off by default.
#
# Also notice that the "w3-allow-xorigin-params" command had to be used
# to enable users to manually add new color= query parameters.
#
package require w3
proc w3-default {} {
w3-content-security-policy {default-src 'self' 'unsafe-inline'}
w3-allow-xorigin-params
set fd [open [w3-param SCRIPT_FILENAME] rb]
set script [read $fd]
close $fd
set self [w3-param SELF_URL]
w3-trim {
<html>
<head>
<link href="%url([w3-param SCRIPT_NAME]/style.css)" rel="stylesheet">
<title>W3 Self-Display Demo</title>
</head>
<body>
<p>The box below shows the W3 script that generated this page.
Change the foreground color using the color= query parameter.
Examples:</p>
<ul>
<li><a href='%url($self?color=red)'>%html($self?color=red)</a>
<li><a href='%url($self?color=green)'>%html($self?color=green)</a>
<li><a href='%url($self?color=blue)'>%html($self?color=blue)</a>
<li><a href='%url($self)?color=%23003f7f'>%html($self?color=%23003f7f)</a>
</ul>
</p>
<pre style='color: %url([w3-param color black]);'>%html($script)</pre>
}
}
proc w3-page-style.css {} {
w3-mimetype text/css
w3-cache-control max-age=3600
w3-trim {
pre {
border: 1px solid black;
padding: 1ex;
}
}
}
w3-start $argv