| Author |
Message |
< Erlyweb mailing list ~ seeking safe side effect free client side/server side langua |
| Guest |
 Posted: Sat Aug 09, 2008 11:05 am |
 |
|
|
Guest
|
Check out Erlang pattern matching.
On Aug 9, 7:37 |
|
|
| Back to top |
|
| jeffm |
| Posted: Sat Aug 09, 2008 1:52 pm |
|
|
|
User
Joined: 29 Sep 2008
Posts: 43
|
Er, I think we've got our wires crossed. In my scenario an untrusted
user is using a web browser to design a form and supplying a validation
function to be run on the server and I wish to make sure it's safe.
Jeff.
Patrick wrote:
> Check out Erlang pattern matching.
>
> On Aug 9, 7:37 am, jm <je...@ghostgun.com> wrote:
>
>> Alright that subject is a mouth full and as clear as mud. Here's a some
>> what better explaination of what I'm trying to get at:
>>
>> I'd like a user to be able to design a form through a web interface and
>> as part of that supply a function that returns a value which will tell
>> whether the form when filled in is valid. For example, a form is created
>> which takes a three options a,b,c combinations A XOR B XOR C XOR (B AND
>> (A XOR C)) are valid, ie you can choose either option a, b, c alone or b
>> in combination with a or c. So, I'd like the user to be able to supply a
>> function to check for valid optons, eg,
>>
>> %% pseudo code
>> function(Form) {
>> A = Form.a
>> B = Form.b
>> C = Form.c
>>
>> return valid if A and not B and not C
>> return valid if not A and B and not C
>> return valid if not A and not B and C
>> return valid if A and B and not C
>> return valid if not A and B and not C
>> return invalid
>>
>> }
>>
>> this is a simple example and is already getting complex which is why I
>> wish to be able to let the user enter it themselves. The trouble is to
>> allow this the language used has to be simple, non-recusive, side effect
>> free, guarranteed to execute in finite time and run on both the server
>> and in the browser. The only implementation I can think of with similar
>> requirments is Sieve (http://www.ietf.org/rfc/rfc3028.txt?number=3028)
>> for mail messages. Is there anything out there that fit this requirement
>> or am I barking up the wrong tree? any suggestions on other ways to this
>> also welcome.
>>
>> Jeff.
>>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "erlyweb" group.
To post to this group, send email to erlyweb@googlegroups.com
To unsubscribe from this group, send email to erlyweb+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/erlyweb?hl=en
-~----------~----~----~----~------~----~------~--~---
Post received from mailinglist |
|
|
| Back to top |
 
|
| Guest |
| Posted: Sat Aug 09, 2008 7:56 pm |
|
|
|
Guest
|
I think you should make validation procedure of what should be
inputted inside, if you don't know what will user input then you can't
know what to validate. Best thing is to do an JavaScript/Ajax form
matrix and form validation process and then with that input check
again in Erlyweb/Erlang code that the input is safe.
On Sat, Aug 9, 2008 at 3:54 PM, jm <jeffm@ghostgun.com> wrote:
>
> Er, I think we've got our wires crossed. In my scenario an untrusted
> user is using a web browser to design a form and supplying a validation
> function to be run on the server and I wish to make sure it's safe.
>
> Jeff.
>
> Patrick wrote:
>> Check out Erlang pattern matching.
>>
>> On Aug 9, 7:37 am, jm <je...@ghostgun.com> wrote:
>>
>>> Alright that subject is a mouth full and as clear as mud. Here's a some
>>> what better explaination of what I'm trying to get at:
>>>
>>> I'd like a user to be able to design a form through a web interface and
>>> as part of that supply a function that returns a value which will tell
>>> whether the form when filled in is valid. For example, a form is created
>>> which takes a three options a,b,c combinations A XOR B XOR C XOR (B AND
>>> (A XOR C)) are valid, ie you can choose either option a, b, c alone or b
>>> in combination with a or c. So, I'd like the user to be able to supply a
>>> function to check for valid optons, eg,
>>>
>>> %% pseudo code
>>> function(Form) {
>>> A = Form.a
>>> B = Form.b
>>> C = Form.c
>>>
>>> return valid if A and not B and not C
>>> return valid if not A and B and not C
>>> return valid if not A and not B and C
>>> return valid if A and B and not C
>>> return valid if not A and B and not C
>>> return invalid
>>>
>>> }
>>>
>>> this is a simple example and is already getting complex which is why I
>>> wish to be able to let the user enter it themselves. The trouble is to
>>> allow this the language used has to be simple, non-recusive, side effect
>>> free, guarranteed to execute in finite time and run on both the server
>>> and in the browser. The only implementation I can think of with similar
>>> requirments is Sieve (http://www.ietf.org/rfc/rfc3028.txt?number=3028)
>>> for mail messages. Is there anything out there that fit this requirement
>>> or am I barking up the wrong tree? any suggestions on other ways to this
>>> also welcome.
>>>
>>> Jeff.
>>>
>> >
>>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "erlyweb" group.
To post to this group, send email to erlyweb@googlegroups.com
To unsubscribe from this group, send email to erlyweb+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/erlyweb?hl=en
-~----------~----~----~----~------~----~------~--~---
Post received from mailinglist |
|
|
| Back to top |
|
| Guest |
| Posted: Wed Aug 13, 2008 6:48 am |
|
|
|
Guest
|
Why don't you design a simple language to express those rules and
translate it into web forms whose parameters you'll pass to a backend
execution engine? Then language is very simple with just a few
operators ('and', 'or', 'xor', etc). It shouldn't be that hard to
implement if you only need to process simple rules.
On Fri, Aug 8, 2008 at 10:37 PM, jm <jeffm@ghostgun.com> wrote:
>
> Alright that subject is a mouth full and as clear as mud. Here's a some
> what better explaination of what I'm trying to get at:
>
> I'd like a user to be able to design a form through a web interface and
> as part of that supply a function that returns a value which will tell
> whether the form when filled in is valid. For example, a form is created
> which takes a three options a,b,c combinations A XOR B XOR C XOR (B AND
> (A XOR C)) are valid, ie you can choose either option a, b, c alone or b
> in combination with a or c. So, I'd like the user to be able to supply a
> function to check for valid optons, eg,
>
> %% pseudo code
> function(Form) {
> A = Form.a
> B = Form.b
> C = Form.c
>
> return valid if A and not B and not C
> return valid if not A and B and not C
> return valid if not A and not B and C
> return valid if A and B and not C
> return valid if not A and B and not C
> return invalid
> }
>
> this is a simple example and is already getting complex which is why I
> wish to be able to let the user enter it themselves. The trouble is to
> allow this the language used has to be simple, non-recusive, side effect
> free, guarranteed to execute in finite time and run on both the server
> and in the browser. The only implementation I can think of with similar
> requirments is Sieve (http://www.ietf.org/rfc/rfc3028.txt?number=3028 )
> for mail messages. Is there anything out there that fit this requirement
> or am I barking up the wrong tree? any suggestions on other ways to this
> also welcome.
>
>
> Jeff.
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "erlyweb" group.
To post to this group, send email to erlyweb@googlegroups.com
To unsubscribe from this group, send email to erlyweb+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/erlyweb?hl=en
-~----------~----~----~----~------~----~------~--~---
Post received from mailinglist |
|
|
| Back to top |
|
| jeffm |
| Posted: Wed Aug 13, 2008 7:05 am |
|
|
|
User
Joined: 29 Sep 2008
Posts: 43
|
I was hoping someone had done the hard yards already do it at least
in/for javascript then I'd only have to re-implement their grammar, etc
for the erlang on the server side. It's going to get complicated if I
ever get around to it, as the full version would have to handle
arithmetic as well as straight option validation rules. I left this out
of the original posting to keep it simple. I previously found this
http://compilers.iecc.com/crenshaw/
on a blog post somewhere (the pdf version is 391 pages) which may help
me in this and may be of interest to others out there. If I ever get
anything done in this area I'll have to remember to post the results.
At the moment I'm attempting to learn dojo between doing stuff for my
day job (the other post about JS frameworks has been interesting even if
I don't a reply to that thread).
Jeff.
Yariv Sadan wrote:
> Why don't you design a simple language to express those rules and
> translate it into web forms whose parameters you'll pass to a backend
> execution engine? Then language is very simple with just a few
> operators ('and', 'or', 'xor', etc). It shouldn't be that hard to
> implement if you only need to process simple rules.
>
> On Fri, Aug 8, 2008 at 10:37 PM, jm <jeffm@ghostgun.com> wrote:
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "erlyweb" group.
To post to this group, send email to erlyweb@googlegroups.com
To unsubscribe from this group, send email to erlyweb+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/erlyweb?hl=en
-~----------~----~----~----~------~----~------~--~---
Post received from mailinglist |
|
|
| Back to top |
|
|
|
All times are GMT
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum
|
|
|
Digg It
Del.icio.us
Reddit
Facebook
Stumble Upon
Technorati
