[Ur] serving css from urweb
Zach Tatlock
ztatlock at cs.ucsd.edu
Wed Jun 22 17:06:49 EDT 2011
On Wed, Jun 22, 2011 at 9:00 AM, Adam Chlipala <adamc at impredicative.com>wrote:
> Zach Tatlock wrote:
>
>> I do not think this is a pressing issue either; I can distribute
>> sqlite with an app and, as you point out, just have some wrapper
>> script orchestrate the whole system.
>>
>>
>
> And, if you are distributing binaries, static linking will already
> accomplish what I think you're asking for. (Just for the database side of
> things)
Oh I see. I didn't realize that sqlite was just a lib. Ur/Web already does
exactly what I want here :)
Sorry that I misunderstood your earlier response.
Right now, CSS styling itself is intentionally outside the scope of Ur/Web.
> To allow CSS styling to appear in Ur/Web apps, I'd want to do a proper
> syntax embedding, not provide an easy way to interpret strings as CSS.
>
> It's important to me that, by default, an Ur/Web application has access to
> no built-in way of interpreting strings as code in any language. This makes
> it easy to see that there are no code injection vulnerabilities.
That is clearly a better solution.
However, in the short term, before the CSS embedding is done, it seems that
making a standalone app requires some sort of string-as-CSS kludge. As
long as the CSS string is literal, this should be as immune to code
injection as using an external server for CSS, correct?
To handle the name update issue: Since styles are first class (and assuming
they have an equality test), one could manually build a style-to-name
dictionary and use that when writing the css. That's getting really ugly
though. At least if you change the style, the compiler will warn you to
change the dictionary too.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.impredicative.com/pipermail/ur/attachments/20110622/83d45ef8/attachment.html>
More information about the Ur
mailing list