Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Documentation improvements. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
38fa4334e3ad601143474c501d800b1d |
User & Date: | drh 2019-04-01 01:57:25.470 |
Context
2019-04-08
| ||
20:14 | For the %string() substitution, encode newlines and carriage returns using backslash escapes. (check-in: 6385090072 user: drh tags: trunk) | |
2019-04-01
| ||
01:57 | Documentation improvements. (check-in: 38fa4334e3 user: drh tags: trunk) | |
01:31 | Fix error in the first example of the "intro.md" page. (check-in: 83e002a08c user: drh tags: trunk) | |
Changes
Changes to README.md.
1 2 3 4 5 6 7 | Wapp - A Web-Application Framework for TCL ========================================== Wapp is a framework for writing web applications in TCL, with the following advantages: * Small and simple API → easy to learn and use | | | < < | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | Wapp - A Web-Application Framework for TCL ========================================== Wapp is a framework for writing web applications in TCL, with the following advantages: * Small and simple API → easy to learn and use * A complete app is a single small file of TCL * Resistant to attacks and exploits * Cross-platform → CGI, SCGI, or a built-in web server * The Wapp framework itself is a single-file TCL script * Easy to embedded in a larger application, if desired * 2-clause BSD license Documentation ------------- * ["Hello World!" App (6 lines of code)](/doc/trunk/docs/helloworld.md) * [Introduction To Writing Wapp Applications](/doc/trunk/docs/intro.md) |
︙ | ︙ |
Changes to docs/debughints.md.
1 2 3 4 5 | Hints For Debugging Wapp Applications ===================================== Here are some suggestions for debugging Wapp applications: | | > | | | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | Hints For Debugging Wapp Applications ===================================== Here are some suggestions for debugging Wapp applications: + If it seems like the [wapp-param](commands.md#wapp-param) command is not working correctly, that might be because the same-origin policy is preventing query parameters from being parsed. Try adding the [wapp-allow-xorigin-parameters](commands.md#allow-xorigin) command to the top of the page generator proc, at least temporarily, to see if that clears the problem. + If parts of your webpage do not appear to be working, that might be due to the restrictive default [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy) that Wapp uses. Try temporarily disabling the CSP using a command like <blockquote><b>wapp-content-security-policy off</b></blockquote> near the top of your page-generator proc. |
︙ | ︙ |
Changes to docs/intro.md.
︙ | ︙ | |||
163 164 165 166 167 168 169 | wapp-trim { <h1>Wapp Environment</h1>\n<pre> <pre>%html([wapp-debug-env])</pre> } } wapp-start $argv | | | 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 | wapp-trim { <h1>Wapp Environment</h1>\n<pre> <pre>%html([wapp-debug-env])</pre> } } wapp-start $argv Many Wapp applications contain an /env page for debugging and trouble-shooting purpose. Examples: <https://sqlite.org/checklists/env> and <https://sqlite.org/search?env=1> 2.1 Binary Resources -------------------- |
︙ | ︙ |
Changes to docs/security.md.
︙ | ︙ | |||
51 52 53 54 55 56 57 58 59 60 61 62 63 | 6. If the application is launched on a command-line with the --lint option, then instead of running the application, Wapp scans the application code looking for constructs that are unsafe. Unsafe constructs include things such as using "[wapp-subst](commands.md#wapp-subst)" with an argument that is not contained within {...}. Part of what makes Wapp easy to use is that it helps free application developers from the worry of accidently introducing security vulnerabilities via programming errors. Of course, no framework is fool-proof. Developers still must be aware of security. Wapp does not prevent every error, but it does help make writing a secure application easier and less stressful. | > > > > > > > > > > > > > > > > > | 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 | 6. If the application is launched on a command-line with the --lint option, then instead of running the application, Wapp scans the application code looking for constructs that are unsafe. Unsafe constructs include things such as using "[wapp-subst](commands.md#wapp-subst)" with an argument that is not contained within {...}. 7. The new (non-standard) SAME\_ORIGIN variable is provided. This variable has a value of "1" or "0" depending on whether or not the current HTTP request comes from the same origin. Applications can use this information to enhance their own security precautions by refusing to provide sensitive information or perform sensitive actions if SAME\_ORIGIN is not "1". 8. The --scgi mode only accepts SCGI requests from localhost. This prevents an attacker from sending an SCGI request directly to the script and bypassing the webserver in the event that the site firewall is misconfigured or omitted. 9. Though cookies, query parameters and POST parameters are accessed using the same mechanism as CGI variables, the CGI variable names use a disjoint namespace. (CGI variables are all upper-case and all others are lower-case.) Hence, it is not possible for a remote attacher to create a fake CGI variable or override the value of a CGI variable. Part of what makes Wapp easy to use is that it helps free application developers from the worry of accidently introducing security vulnerabilities via programming errors. Of course, no framework is fool-proof. Developers still must be aware of security. Wapp does not prevent every error, but it does help make writing a secure application easier and less stressful. |