[Ur] typechecker rejects form handler

Sergey grrwlf at gmail.com
Tue Jan 7 15:03:27 EST 2014 

>> I am sure that most of the people would try to use a basic functional 
>> trick here:
>>
>> (* Version 1 *)
>> fun validate_and_apply f = return {}
>> fun handler u f = validate_and_apply f ; redirect u
>> fun form (u:url) : transaction xbody = reutrn <xml><form>...<submit 
>> action={handler u}/></form></xml>
>> fun viewA (idx:int) = template ( f<- form (url (viewA idx)); return 
>> <xml>{f}</xml>)
>> fun viewB (idx:int) = template ( f<- form (url (viewB idx)); return 
>> <xml>{f}</xml>)
>> ...
>> The "Input to exported function 'FormBug3/handler' involves one or 
>> more types that are disallowed for page handler inputs: Basis.url" 
>> will appear.
>
> You can get around this issue by using type [string] instead of 
> [url].  Use [show] to convert [url] to [string], then use [bless] to 
> convert back.  I've done this before for various sites.  You can even 
> use [Basis.currentUrl] to get the current URL, without forcing each 
> caller of the redirecting function to construct the URL explicitly.
>
> Note that this is _not_ a case of unjustifiable draconian behavior by 
> the compiler, since [bless] will do run-time checking that URLs follow 
> the policy you've configured in .urp files.

Well, for some reason I didn't take into account that 'show' instance is 
defined for the url type. I agree, this approach should work for now. 
But this way we handle basic cases only. For example, if I add one  
trivial requirement to my login forms task - "views should print errors 
in case of invalid login attempt"  - then `form' function will need 
(string -> url) function argument rather than constant url and, thus, 
specializations. I can't see stable solution, that is why I'm so nervous 
about this problem.

By the way, you mentioned other frameworks which assigns urls to 
continuations. I suppose it makes it possible to attack such servers by 
forcing it into creating more and more continuations. But it is 
interesting to read how the authors reason about the security. Could you 
point me to some reading about this?

More information about the Ur mailing list