Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Add wapp-cache-control. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA3-256: |
815db107739776da02739e8d0c707f33 |
| User & Date: | drh 2018-01-29 21:55:28.892 |
Context
|
2018-01-29
| ||
| 23:42 | Comment changes. Code is unaltered. (check-in: 142baa4cbd user: drh tags: trunk) | |
| 21:55 | Add wapp-cache-control. (check-in: 815db10773 user: drh tags: trunk) | |
| 20:54 | Add the --trace option useful for debugging. (check-in: 7e098c4180 user: drh tags: trunk) | |
Changes
Changes to README.md.
| ︙ | ︙ | |||
306 307 308 309 310 311 312 |
+ **wapp-clear-cookie** _NAME_
Erase the cookie _NAME_.
+ **wapp-safety-check**
Examine all TCL procedures in the application and report errors about
unsafe usage of "wapp".
| | < < < < < | < < < < | < < < < < < < < < < | 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 |
+ **wapp-clear-cookie** _NAME_
Erase the cookie _NAME_.
+ **wapp-safety-check**
Examine all TCL procedures in the application and report errors about
unsafe usage of "wapp".
+ **wapp-cache-control** _CONTROL_
The _CONTROL_ argument should be one of "no-cache", "max-age=N", or
"private,max-age=N", where N is an integer number of seconds.
The following additional interfaces are envisioned, but are not yet
implemented:
+ **wapp-send-hex** _HEX_
Cause the HTTP reply to be binary that is constructed from the
hexadecimal text in the _HEX_ argument. Whitespace in _HEX_ is ignored.
This command is useful for returning small images from a pure script
input. The "wapp-file-to-hex" command can be used at development time
to generate appropriate _HEX_ for an image file.
+ **wapp-etag** _ETAG_
Set the expiration tag for the web page.
+ **wapp-send-file** _FILENAME_
Make the content of the file _FILENAME_ be the HTTP reply.
+ **wapp-send-query** _DB_ _SQL_
|
| ︙ | ︙ | |||
363 364 365 366 367 368 369 370 371 372 373 374 375 376 |
+ **wapp-debug-port** _PORT_
For debugging use only: open a listening TCP socket on _PORT_ and run
an interactive TCL shell on connections to that port. This allows for
interactive debugging of a running instance of the Wapp server. This
command is a no-op for short-lived CGI programs, obviously. Also, this
command should only be used during debugging, as otherwise it introduces
a severe security vulnerability into the application.
6.0 Limitations
---------------
Each Wapp process is single-threaded.
The fileevent command is used to allow accepting multiple simultaneous
HTTP requests. However, as soon as a complete request is received, and
| > > > > > > > > > > > > > > > > > > > > > > | 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 |
+ **wapp-debug-port** _PORT_
For debugging use only: open a listening TCP socket on _PORT_ and run
an interactive TCL shell on connections to that port. This allows for
interactive debugging of a running instance of the Wapp server. This
command is a no-op for short-lived CGI programs, obviously. Also, this
command should only be used during debugging, as otherwise it introduces
a severe security vulnerability into the application.
The following interfaces are deprecated. They currently exist for
compatibility but might disappear at any moment.
+ **wapp-unsafe** _TEXT_
Add _TEXT_ to the web page under construction even though _TEXT_ does
contain TCL variable and command substitutions. The application developer
must ensure that the variable and command substitutions does not allow
XSS attacks. Avoid using this command. The use of "wapp-subst" is
preferred in most situations.
+ **wapp-escape-html** _TEXT_
Add _TEXT_ to the web page under construction after first escaping any
HTML markup contained with _TEXT_. This command is equivalent to
"wapp-subst {%html(_TEXT_)}".
+ **wapp-escape-url** _TEXT_
Add _TEXT_ to the web page under construction after first escaping any
characters so that the result is safe to include as the value of a
query parameter on a URL. This command is equivalent to
"wapp-subst {%url(_TEXT_)}".
6.0 Limitations
---------------
Each Wapp process is single-threaded.
The fileevent command is used to allow accepting multiple simultaneous
HTTP requests. However, as soon as a complete request is received, and
|
| ︙ | ︙ |
Changes to test01.tcl.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
# Invoke as "tclsh test01.tcl" and then surf the website that pops up
# to verify the logic in wapp.
#
source wapp.tcl
proc wapp-default {} {
global wapp
set B [wapp-param BASE_URL]
set R [wapp-param SCRIPT_NAME]
wapp "<h1>Hello, World!</h1>\n"
wapp "<ol>"
wapp-unsafe "<li><p><a href='$R/env'>Wapp Environment</a></p>\n"
wapp-subst {<li><p><a href='%html($B)/fullenv'>Full Environment</a>\n}
set crazy [lsort [dict keys $wapp]]
wapp-subst {<li><p><a href='%html($B)/env?keys=%url($crazy)'>}
wapp "Environment with crazy URL</a>\n"
| > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
# Invoke as "tclsh test01.tcl" and then surf the website that pops up
# to verify the logic in wapp.
#
source wapp.tcl
proc wapp-default {} {
global wapp
set B [wapp-param BASE_URL]
set R [wapp-param SCRIPT_NAME]
wapp-cache-control max-age=15
wapp "<h1>Hello, World!</h1>\n"
wapp "<ol>"
wapp-unsafe "<li><p><a href='$R/env'>Wapp Environment</a></p>\n"
wapp-subst {<li><p><a href='%html($B)/fullenv'>Full Environment</a>\n}
set crazy [lsort [dict keys $wapp]]
wapp-subst {<li><p><a href='%html($B)/env?keys=%url($crazy)'>}
wapp "Environment with crazy URL</a>\n"
|
| ︙ | ︙ |
Changes to wapp.tcl.
| ︙ | ︙ | |||
189 190 191 192 193 194 195 196 197 198 199 200 201 202 |
# Add extra entries to the reply header
#
proc wapp-reply-extra {name value} {
global wapp
dict lappend wapp .reply-extra $name $value
}
# Redirect to a different web page
#
proc wapp-redirect {uri} {
wapp-reply-code {302 found}
wapp-reply-extra Location $uri
}
| > > > > > > > > > > > | 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 |
# Add extra entries to the reply header
#
proc wapp-reply-extra {name value} {
global wapp
dict lappend wapp .reply-extra $name $value
}
# Specifies how the web-page under construction should be cached.
# The argument should be one of:
#
# no-cache
# max-age=N (for some integer number of seconds, N)
# private,max-age=N
#
proc wapp-cache-control {x} {
wapp-reply-extra Cache-Control $x
}
# Redirect to a different web page
#
proc wapp-redirect {uri} {
wapp-reply-code {302 found}
wapp-reply-extra Location $uri
}
|
| ︙ | ︙ | |||
604 605 606 607 608 609 610 |
}
# Transmit the HTTP reply
#
if {$chan=="stdout"} {
puts $chan "Status: [dict get $wapp .reply-code]\r"
} else {
| | | | 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 |
}
# Transmit the HTTP reply
#
if {$chan=="stdout"} {
puts $chan "Status: [dict get $wapp .reply-code]\r"
} else {
puts $chan "HTTP/1.1 [dict get $wapp .reply-code]\r"
puts $chan "Server: wapp\r"
puts $chan "Content-Length: [string length [dict get $wapp .reply]]\r"
puts $chan "Connection: close\r"
}
if {[dict exists $wapp .reply-extra]} {
foreach {name value} [dict get $wapp .reply-extra] {
puts $chan "$name: $value\r"
}
}
set mimetype [dict get $wapp .mimetype]
|
| ︙ | ︙ |