View · Index

Tcl pages

  • Always use Page Contracts:


    All Tcl-implemented pages should use page contracts such as e.g.:

    ad_page_contract {
        ... purpose ...
        @author ...
        @creation-date ...
    } {
        object_id:naturalnum,notnull
        {verbose:boolean false}
        {color:word ""}
    }
    
  • Constrain arguments passed via query or form variables as strong as possible


    All user provide content is potentially a security thread, since these values might lead to SQL-injection or XSS attacks. Therefore constrain the passed arguments as far as possible (see above), and validate the values further if necesary.

  • Avoid putting in HTML in Tcl scripts


    Try to make use of OpenACS Templating or http://your.openacs/doc/acs-templating/. If you can't avoid it try to isolate the HTML into a proc so editing the layout will be easier.

  • Avoid Quoting Hell


    If programmatic HTML-code generation is required, make sure that everything is quoted sufficiently and use the Tcl command subst to improve readability:

    set href [export_vars -base admin/index -vars {foo bar]
    set html [subst {
       <a href="[ns_quotehtml $href]">Hello world</a>
    }]
    
  • Read the Tcl Style guide


    This is the Tcl styleguide (PDF), try to apply relevant guidelines. In particular chapter 4,5 and 7.

previous December 2024
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31 1 2 3 4

Popular tags

17 , 5.10 , 5.10.0 , 5.10.1 , 5.9.0 , 5.9.1 , ad_form , ADP , ajax , aolserver , asynchronous , bgdelivery , bootstrap , bugtracker , CentOS , COMET , compatibility , CSP , CSRF , cvs , debian , docker , docker-compose , emacs , engineering-standards , exec , fedora , FreeBSD , guidelines , host-node-map
1 registered user in community xowiki
in last 30 minutes
Contributors

OpenACS.org