Wapp

Check-in [f83e99d413]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Improved documentation of substitution operators. Documentation for the wapp-crash-handler interface.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: f83e99d4133d82f6f01a61bcf4b64999ca88fb6de921a97968ae11d29b836bcd
User & Date: drh 2024-11-07 19:34:47.691
Context
2024-11-09
12:34
Add a makefile for windows. Improvements, including better comments, in existing makefiles. (check-in: b7abbe4090 user: drh tags: trunk)
2024-11-07
19:34
Improved documentation of substitution operators. Documentation for the wapp-crash-handler interface. (check-in: f83e99d413 user: drh tags: trunk)
13:42
Change the wapp-crash-handler interface so that it takes no arguments. (check-in: e5fa3551e4 user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to README.md. 
16
17
18
19
20
21
22

23
24
25
26
27
28
29

-------------

  *  ["Hello World!" App (6 lines of code)](/doc/trunk/docs/helloworld.md)
  *  [Introduction To Writing Wapp Applications](/doc/trunk/docs/intro.md)
  *  [Quick Reference](/doc/trunk/docs/quickref.md)
  *  [Wapp Parameters](/doc/trunk/docs/params.md)
  *  [Wapp Commands](/doc/trunk/docs/commands.md)

  *  [CGI Parameters](/doc/trunk/docs/quickref.md#cgiparams)
  *  [URL Mapping](/doc/trunk/docs/urlmapping.md)
  *  [Security Features](/doc/trunk/docs/security.md)
  *  [How To Compile wapptclsh - Or Not](/doc/trunk/docs/compiling.md)
  *  [Limitations of Wapp](/doc/trunk/docs/limitations.md)
  *  [Example Applications](/file/examples)
  *  [Real-World Uses Of Wapp](/doc/trunk/docs/usageexamples.md)








>








16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

-------------

  *  ["Hello World!" App (6 lines of code)](/doc/trunk/docs/helloworld.md)
  *  [Introduction To Writing Wapp Applications](/doc/trunk/docs/intro.md)
  *  [Quick Reference](/doc/trunk/docs/quickref.md)
  *  [Wapp Parameters](/doc/trunk/docs/params.md)
  *  [Wapp Commands](/doc/trunk/docs/commands.md)
  *  [Text Substitution In Generated HTML](/doc/trunk/docs/subst.md)
  *  [CGI Parameters](/doc/trunk/docs/quickref.md#cgiparams)
  *  [URL Mapping](/doc/trunk/docs/urlmapping.md)
  *  [Security Features](/doc/trunk/docs/security.md)
  *  [How To Compile wapptclsh - Or Not](/doc/trunk/docs/compiling.md)
  *  [Limitations of Wapp](/doc/trunk/docs/limitations.md)
  *  [Example Applications](/file/examples)
  *  [Real-World Uses Of Wapp](/doc/trunk/docs/usageexamples.md)
Changes to docs/commands.md. 
148
149
150
151
152
153
154











  +  **wapp-unsafe** _TEXT_  
     Add _TEXT_ to the web page under construction even though _TEXT_ does
     contain TCL variable and command substitutions.  The application developer
     must ensure that the variable and command substitutions does not allow
     XSS attacks.  Avoid using this command.  The use of "wapp-subst" is 
     preferred in most situations.

















>
>
>
>
>
>
>
>
>

148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163


  +  **wapp-unsafe** _TEXT_  
     Add _TEXT_ to the web page under construction even though _TEXT_ does
     contain TCL variable and command substitutions.  The application developer
     must ensure that the variable and command substitutions does not allow
     XSS attacks.  Avoid using this command.  The use of "wapp-subst" is 
     preferred in most situations.

  +  **wapp-crash-handler**  
     This is technically not an API.  Rather, if this procedure exists in
     the application and a TCL error occurs, then this routine is invoked
     to deal with the error.  It can do things like generate an "Oops!" page
     and/or writing detailed error messages into a log file for later
     analysis.  If the application does not provide this procedure, then
     Wapp generates a standard "Wapp Internal Error" page with a stack trace
     of the TCL error.
Changes to docs/quickref.md. 
38
39
40
41
42
43
44

45
46
47
48
49
50
51

|**wapp-set-cookie** _NAME_ _VALUE_|→|Set cookie _NAME_ to have _VALUE_|
|**wapp-clear-cookie** _NAME_|→|Delete cookie _NAME_|
|**wapp-cache-control** _CONTROL_|→|Set caching behavior of current page|
|**wapp-content-security-policy** _POLICY_|→|Set the CSP for the current page|
|**wapp-debug-env**|→|Return a text description of the Wapp environment|
|**wapp** {_TEXT_}|→|Append _TEXT_ without substitution|
|**wapp-unsafe** _TEXT_|→|Append _TEXT_ that contains nothing that needs to be escaped|



<a name="cgiparams"></a>
3.0 CGI Parameters [(More detail)](params.md#cgidetail)
------------------

>








>








38
39
40
41
42
43
44
45
46
47
48
49
50
51
52

|**wapp-set-cookie** _NAME_ _VALUE_|&rarr;|Set cookie _NAME_ to have _VALUE_|
|**wapp-clear-cookie** _NAME_|&rarr;|Delete cookie _NAME_|
|**wapp-cache-control** _CONTROL_|&rarr;|Set caching behavior of current page|
|**wapp-content-security-policy** _POLICY_|&rarr;|Set the CSP for the current page|
|**wapp-debug-env**|&rarr;|Return a text description of the Wapp environment|
|**wapp** {_TEXT_}|&rarr;|Append _TEXT_ without substitution|
|**wapp-unsafe** _TEXT_|&rarr;|Append _TEXT_ that contains nothing that needs to be escaped|
|**wapp-crash-handler**|&rarr;|Invoked by Wapp, if it exists, when a TCL error occurs|


<a name="cgiparams"></a>
3.0 CGI Parameters [(More detail)](params.md#cgidetail)
------------------

>

92
93
94
95
96
97
98





















    https://wapp.tcl.tk/demo/env.tcl/abc/def/ghi?a=5&b=22.425#point42
    \__________________________________/         \__________/
                   |                                  |
                SELF_URL                         QUERY_STRING

>
    SCRIPT_FILENAME := DOCUMENT_ROOT + SCRIPT_NAME




























>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

    https://wapp.tcl.tk/demo/env.tcl/abc/def/ghi?a=5&b=22.425#point42
    \__________________________________/         \__________/
                   |                                  |
                SELF_URL                         QUERY_STRING

>
    SCRIPT_FILENAME := DOCUMENT_ROOT + SCRIPT_NAME

<a name="subst"></a>
5.0 Substitutions In wapp-subst and wapp-trim
---------------------------------------------

>
|<b>%html(</b><i>EXPR</i><b>)</b>|&rarr;|Escape <i>EXPR</i> for display as HTML|
|<b>%url(</b><i>EXPR</i><b>)</b>|&rarr;|Escape <i>EXPR</i> for use as a URL|
|<b>%qp(</b><i>EXPR</i><b>)</b>|&rarr;|Escape <i>EXPR</i> for use as a URL query parameter|
|<b>%string(</b><i>EXPR</i><b>)</b>|&rarr;|Escape <i>EXPR</i> for use as a JSON string|
|<b>%unsafe(</b><i>EXPR</i><b>)</b>|&rarr;|Render <i>EXPR</i> exacatly - no escaping|

If <i>EXPR</i> contains a ")" character, then use these forms instead:

>
|<b>%html%(</b><i>EXPR</i><b>)%</b>|&rarr;|Escape <i>EXPR</i> for display as HTML|
|<b>%url%(</b><i>EXPR</i><b>)%</b>|&rarr;|Escape <i>EXPR</i> for use as a URL|
|<b>%qp%(</b><i>EXPR</i><b>)%</b>|&rarr;|Escape <i>EXPR</i> for use as a URL query parameter|
|<b>%string%(</b><i>EXPR</i><b>)%</b>|&rarr;|Escape <i>EXPR</i> for use as a JSON string|
|<b>%unsafe%(</b><i>EXPR</i><b>)%</b>|&rarr;|Render <i>EXPR</i> exacatly - no escaping|