Re: [AOLSERVER] New modules on aolserver.am.net; also we are looking to hire a full-time AOLserver programmer
This reminds me of the Smarty for PHP. Has anyone looked at porting Smarty to ADP? It's pretty PHP-specific but the syntax, like Tom's stuff below, is pretty convenient. http://smarty.php.net/ -Jim On Sep 25, 2007, at 10:50 AM, Tom Jackson wrote: Jeff, I developed a templating system which is safe for untrusted users. Actually that was one of the main goals. The sources, somewhat messy are at: http://rmadilo.com/m2/servers/rmadilo/modules/tcl/twt/packages/view/ The templates are 'compiled' into a Tcl script. The template compiler is a C program using flex/bison. Here is a simple example of a template: table border=1 [foreach num $MoveCards /] tr [set k 0] [set Cards $CardList($num) /] [foreach Card $Cards /] th$Cardbr / [if {$num == $MoveCount} /] [if {$k 0} /] Move: 1input type=radio name=move value=$k [expr ($k - 1) /] [/if/] [if {$k 2} /] 3input type=radio name=move value=$k [expr ($k - 3) /] [/if/] [/if/] /th [incr k /] [/foreach/] /tr [/foreach/] /table This is taken from an start.tmpl under: http://rmadilo.com/m2/servers/rmadilo/pages/optimistic/ The live version, to see the resulting html is here: http://rmadilo.com/optimistic/ If there is a syntax error in the script, you get a compile time error, it is pretty easy to track down the error by trying to compile it on the command line. The compiler aborts at the error. The compiler itself has only a limited number of commands, each with a form similar to a tcl command: [command args ] ... ?[/command]? Anything not in [ ] is turned into text. Parsing is not yet 100% perfect and sometimes messes up if there are some combination of and {. Any variables found in the text, outside of [ ] are also handled. The compiled script, although ugly is just a series of commands which eventually boil down to a series of [append]s, but they are also easy to debug if some problem shows up. The safety comes from only supporting a limited set of safe commands and variable forms. For instance, you can't have an array variable like $a([rm - rf /]). Also, the for and while loop are not available because they execute code. The main extension mechanism is the [resource] tag. Before a template is run, you can add resources, giving them a name. If the resource is in the template, it is executed, possibly passing through arguments. For instance, you could give the template the ability to open a particular file. It would be nice to have another tag which could do something to the contents of the tag (the stuff between [tag] [/tag]), but I haven't given this any thought yet. This is hardly a perfect system, but the main goal of establishing a safe exection environment seems to be met. The way I use this is to have a .tcl file setup all the data and then use ::view::return to find and handle the similarly named .tmpl file. However, the data could be setup from some other source, in a filter or registered proc, or the template itself could be anywhere, like a database or outside of pageroot, or passed in via a form. tom jackson On Monday 24 September 2007 12:54, Jeff Rogers wrote: Thanks for sharing this with the community. It's been somewhat depressing to see every php system include a simple templating system but nothing really solid under AOLserver. (I know OpenACS has a templating system but I didn't look at it long enough to grok all the complexity therin, not to mention that it is tightly tied to OpenACS.) One thought I had while looking at it is that it isn't really suitable for letting untrusted users upload arbitrary master pages for layout/styling/etc, as the users could then run scripts in the pages. I thought to myself, wouldn't a controlled environment for ADPs be nice? So I started looking at what it would take to add in a safe adp execution mode, and I was happy to find that although it's not documented, it already exists! So a suggestion: it would be a nice enhancement to allow for untrusted master pages that are run in safe mode. I'm not entirely sure what behavior makes the most sense (i.e., what can and can not be in safe mode) but the implementation should be pretty simple :) -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to [EMAIL PROTECTED] with the body of SIGNOFF AOLSERVER in the email message. You can leave the Subject: field of your email blank. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to [EMAIL PROTECTED] with the body of SIGNOFF AOLSERVER in the email message. You can leave the Subject: field of your email blank.
Re: [AOLSERVER] New modules on aolserver.am.net; also we are looking to hire a full-time AOLserver programmer
On 2007.09.27, Jim Davidson [EMAIL PROTECTED] wrote: This reminds me of the Smarty for PHP. Has anyone looked at porting Smarty to ADP? It's pretty PHP-specific but the syntax, like Tom's stuff below, is pretty convenient. http://smarty.php.net/ Wow, Jim--I'm surprised to hear that you like Smarty. :-) It should be possible to write a Smarty template parser to use instead of the ADP parser. Smarty's tight coupling to PHP makes this a bad idea, though--i.e., without the ability to evaluate PHP code in a Smarty template, most PHP pages that use Smarty won't work out of the box in a Smarty template parser for AOLserver. Still, if someone wanted to take on this kind of work, I'd love to see it demonstrated. -- Dossy -- Dossy Shiobara | [EMAIL PROTECTED] | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on. (p. 70) -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to [EMAIL PROTECTED] with the body of SIGNOFF AOLSERVER in the email message. You can leave the Subject: field of your email blank.
Re: [AOLSERVER] New modules on aolserver.am.net; also we are looking to hire a full-time AOLserver programmer
Wow that is pretty interesting, lots of good ideas. In my example below, there are places where you see a tag like [/if/], the ending /] means that following whitespace should be removed completely. It looks like smarty has a tag {strip} which is essentially an html type normalization. All whitespace is condensed to a single whitespace. I added my whitespace remover so that the template code could produce whatever output was intended, so if several template tags appear next to each other, you can place them on separate lines, or whatever. Looking at this, makes me think I should add a [space] tag, or [wspace {...}] type tag. One of the basic ideas of smarty is to separate data creation from presentation, something I was hoping to achieve. One relatively big difference between my templating system and smarty is that templating/compiling are independent of the Tcl environment. You could use it in a regular tcl script. Caching, etc. are not built in, but can be easily added in any number of ways (including http caching). Using the concept of a named resource, you can include a header using this: [resource header] Assuming that prior to running the template, you did something like this: ::resource::add header resource::include $header_file_name So, ::resource::add is similar to assign, but it adds procs with/without args. Note, that resource::include is not executed until the template is executed. tom jackson On Thursday 27 September 2007 14:51, Jim Davidson wrote: This reminds me of the Smarty for PHP. Has anyone looked at porting Smarty to ADP? It's pretty PHP-specific but the syntax, like Tom's stuff below, is pretty convenient. http://smarty.php.net/ -Jim On Sep 25, 2007, at 10:50 AM, Tom Jackson wrote: Jeff, I developed a templating system which is safe for untrusted users. Actually that was one of the main goals. The sources, somewhat messy are at: http://rmadilo.com/m2/servers/rmadilo/modules/tcl/twt/packages/view/ The templates are 'compiled' into a Tcl script. The template compiler is a C program using flex/bison. Here is a simple example of a template: table border=1 [foreach num $MoveCards /] tr [set k 0] [set Cards $CardList($num) /] [foreach Card $Cards /] th$Cardbr / [if {$num == $MoveCount} /] [if {$k 0} /] Move: 1input type=radio name=move value=$k [expr ($k - 1) /] [/if/] [if {$k 2} /] 3input type=radio name=move value=$k [expr ($k - 3) /] [/if/] [/if/] /th [incr k /] [/foreach/] /tr [/foreach/] /table This is taken from an start.tmpl under: http://rmadilo.com/m2/servers/rmadilo/pages/optimistic/ The live version, to see the resulting html is here: http://rmadilo.com/optimistic/ If there is a syntax error in the script, you get a compile time error, it is pretty easy to track down the error by trying to compile it on the command line. The compiler aborts at the error. The compiler itself has only a limited number of commands, each with a form similar to a tcl command: [command args ] ... ?[/command]? Anything not in [ ] is turned into text. Parsing is not yet 100% perfect and sometimes messes up if there are some combination of and {. Any variables found in the text, outside of [ ] are also handled. The compiled script, although ugly is just a series of commands which eventually boil down to a series of [append]s, but they are also easy to debug if some problem shows up. The safety comes from only supporting a limited set of safe commands and variable forms. For instance, you can't have an array variable like $a([rm - rf /]). Also, the for and while loop are not available because they execute code. The main extension mechanism is the [resource] tag. Before a template is run, you can add resources, giving them a name. If the resource is in the template, it is executed, possibly passing through arguments. For instance, you could give the template the ability to open a particular file. It would be nice to have another tag which could do something to the contents of the tag (the stuff between [tag] [/tag]), but I haven't given this any thought yet. This is hardly a perfect system, but the main goal of establishing a safe exection environment seems to be met. The way I use this is to have a .tcl file setup all the data and then use ::view::return to find and handle the similarly named .tmpl file. However, the data could be setup from some other source, in a filter or registered proc, or the template itself could be anywhere, like a database or outside of pageroot, or passed in via a form. tom jackson On Monday 24 September 2007 12:54, Jeff Rogers wrote: Thanks for sharing this with the community. It's been somewhat depressing to see every php system include a simple templating system but nothing really solid under AOLserver. (I know
Re: [AOLSERVER] New modules on aolserver.am.net; also we are looking to hire a full-time AOLserver programmer
Jeff, I developed a templating system which is safe for untrusted users. Actually that was one of the main goals. The sources, somewhat messy are at: http://rmadilo.com/m2/servers/rmadilo/modules/tcl/twt/packages/view/ The templates are 'compiled' into a Tcl script. The template compiler is a C program using flex/bison. Here is a simple example of a template: table border=1 [foreach num $MoveCards /] tr [set k 0] [set Cards $CardList($num) /] [foreach Card $Cards /] th$Cardbr / [if {$num == $MoveCount} /] [if {$k 0} /] Move: 1input type=radio name=move value=$k [expr ($k - 1) /] [/if/] [if {$k 2} /] 3input type=radio name=move value=$k [expr ($k - 3) /] [/if/] [/if/] /th [incr k /] [/foreach/] /tr [/foreach/] /table This is taken from an start.tmpl under: http://rmadilo.com/m2/servers/rmadilo/pages/optimistic/ The live version, to see the resulting html is here: http://rmadilo.com/optimistic/ If there is a syntax error in the script, you get a compile time error, it is pretty easy to track down the error by trying to compile it on the command line. The compiler aborts at the error. The compiler itself has only a limited number of commands, each with a form similar to a tcl command: [command args ] ... ?[/command]? Anything not in [ ] is turned into text. Parsing is not yet 100% perfect and sometimes messes up if there are some combination of and {. Any variables found in the text, outside of [ ] are also handled. The compiled script, although ugly is just a series of commands which eventually boil down to a series of [append]s, but they are also easy to debug if some problem shows up. The safety comes from only supporting a limited set of safe commands and variable forms. For instance, you can't have an array variable like $a([rm -rf /]). Also, the for and while loop are not available because they execute code. The main extension mechanism is the [resource] tag. Before a template is run, you can add resources, giving them a name. If the resource is in the template, it is executed, possibly passing through arguments. For instance, you could give the template the ability to open a particular file. It would be nice to have another tag which could do something to the contents of the tag (the stuff between [tag] [/tag]), but I haven't given this any thought yet. This is hardly a perfect system, but the main goal of establishing a safe exection environment seems to be met. The way I use this is to have a .tcl file setup all the data and then use ::view::return to find and handle the similarly named .tmpl file. However, the data could be setup from some other source, in a filter or registered proc, or the template itself could be anywhere, like a database or outside of pageroot, or passed in via a form. tom jackson On Monday 24 September 2007 12:54, Jeff Rogers wrote: Thanks for sharing this with the community. It's been somewhat depressing to see every php system include a simple templating system but nothing really solid under AOLserver. (I know OpenACS has a templating system but I didn't look at it long enough to grok all the complexity therin, not to mention that it is tightly tied to OpenACS.) One thought I had while looking at it is that it isn't really suitable for letting untrusted users upload arbitrary master pages for layout/styling/etc, as the users could then run scripts in the pages. I thought to myself, wouldn't a controlled environment for ADPs be nice? So I started looking at what it would take to add in a safe adp execution mode, and I was happy to find that although it's not documented, it already exists! So a suggestion: it would be a nice enhancement to allow for untrusted master pages that are run in safe mode. I'm not entirely sure what behavior makes the most sense (i.e., what can and can not be in safe mode) but the implementation should be pretty simple :) -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to [EMAIL PROTECTED] with the body of SIGNOFF AOLSERVER in the email message. You can leave the Subject: field of your email blank.
Re: [AOLSERVER] New modules on aolserver.am.net; also we are looking to hire a full-time AOLserver programmer
Alex Hisen wrote: We've just finished a complete overhaul of http:// http://aolserver.am.net/ aolserver.am.net/ and our entire company web site. A much better look, better navigation and better organization of content. We've also taken the opportunity to release some new C and Tcl modules: * ADP Master Pages Tcl Module http://aolserver.am.net/code/modules/masterpages.adpx - implements ASP.NET 2.0-style Master Pages under AOLserver 4.0 Thanks for sharing this with the community. It's been somewhat depressing to see every php system include a simple templating system but nothing really solid under AOLserver. (I know OpenACS has a templating system but I didn't look at it long enough to grok all the complexity therin, not to mention that it is tightly tied to OpenACS.) One thought I had while looking at it is that it isn't really suitable for letting untrusted users upload arbitrary master pages for layout/styling/etc, as the users could then run scripts in the pages. I thought to myself, wouldn't a controlled environment for ADPs be nice? So I started looking at what it would take to add in a safe adp execution mode, and I was happy to find that although it's not documented, it already exists! So a suggestion: it would be a nice enhancement to allow for untrusted master pages that are run in safe mode. I'm not entirely sure what behavior makes the most sense (i.e., what can and can not be in safe mode) but the implementation should be pretty simple :) -J -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to [EMAIL PROTECTED] with the body of SIGNOFF AOLSERVER in the email message. You can leave the Subject: field of your email blank.
[AOLSERVER] New modules on aolserver.am.net; also we are looking to hire a full-time AOLserver programmer
We've just finished a complete overhaul of http:// http://aolserver.am.net/ aolserver.am.net/ and our entire company web site. A much better look, better navigation and better organization of content. We've also taken the opportunity to release some new C and Tcl modules: * ADP Master Pages Tcl Module http://aolserver.am.net/code/modules/masterpages.adpx - implements ASP.NET 2.0-style Master Pages under AOLserver 4.0 * URL Alias module http://aolserver.am.net/code/modules/alias.adpx - Implements the ability to map virtual url paths to any location on the filesystem (i.e. /long/path/outside/of/pageroot = c:/mydir) - this functionality was in AOLserver 2.1 and this module is a slightly modified version of an AOLserver 2.0 C module sample. * amattributes2set C module http://aolserver.am.net/code/modules/amattributes2set.adpx with these Tcl commands: am_attributes2set - takes a string like {a=b c='d' e=f selected} and turns it into an ns_set; also am_unquotehtml and am_quotehtml Also, we are hiring - here is our posting to the AOLserver_Jobs Wiki page: 2007-09-19 - Web Application Developer Tired of corporate management layers? Ready for a new challenge? Want a job that keeps you learning something new every day? How about getting paid to contribute to AOLserver as a web development platform? Want to work with people who are really smart and knowledgeable and create market-leading award-winning web applications? We are looking to fill an immediate opening for a full time programmer to develop web-based software using AOLserver. Permanent position in Santa Rosa, California. Partial (but not complete) tele-commuting possible. Flexible hours. H1-B transfer possible. Relocation assistance. We are looking for a well-organized, smart and hard-working person. In addition to working on interesting and challenging projects, you'll also be contributing to our own AOLserver Framework (that we've been developing since 1995 and that has over 500 procs) and helping with releasing it as an open source project. $100,000-$130,000 am.net/Careers http://am.net/careers/ -- Alex HisenSolitex Networks mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 350 E Street, Ste 301 (707) 579-2010 Fax: (707) 579-2059 Santa Rosa, CA 95404 (800) 579-2018http://am.net http://am.net The Source for Advanced Computing Solutions -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to [EMAIL PROTECTED] with the body of SIGNOFF AOLSERVER in the email message. You can leave the Subject: field of your email blank.