Web Scripting Languages (was: Re: two-way communication in html)

Fisher Mark (FisherM@is3.indy.tce.com)
Mon, 6 Mar 1995 06:04:04 +0500

One element of modern application programs that has so far pretty much been
neglected in Web client development is the integrated scripting language. I
see at least 3 uses for a Web scripting language:

1) Building extensions for current browsers;

2) A secure substitute for other CGI scripting languages; and

3) Adding intelligent agent capabilities to the Web.

One possible base for this work would be Safe-Tcl, Nathaniel Borenstein's
and Marshall Rose's email scripting extension for John Ousterhout's Tcl/Tk.
Safe-Tcl uses a two-level interpreter, where the outer interpreter supports
a carefully limited set of high-level capabilities. Safe-Tcl is designed
such that:

a) Modifications to the user's system have to be approved by the user in a
reasonably high-level fashion;

b) Email generated has to be approved by the user in, again, a reasonably
high-level fashion; and

c) "Excessive" use of system resources also has to be user-approved.

An additional basic guideline for Web scripting would then be:

d) Modifications to the Web server's system (POST or PUT) would have to be
approved by the user in a reasonably high-level fashion.

I think that (a)-(d) would suffice as constraints for (1) above (browser

A secure substitute for CGI scripting languages ((2) above) for gateway
purposes might be handled via the current CERN server's ability to run CGI
scripts under a separate user ID that has no directory/file write
permissions anywhere except perhaps to a directory for temporary files. If
the gateways can be constructed as one-pass programs, then temporary files
would not be needed by CGI scripts under OSes that support pipelining.

Intelligent Web agents would:

i) Be able to walk the Web on their own (travel from machine to machine);

ii) Via a specific URL at each host, like

iii) Interacting with a specified user ID (like
"webmaster@your.machine.com") who would have the approval authority from
constraints (a)-(d) above.

If the URL "http://your.machine.com/Agent-Entry" did not exist, no agent
could enter that Web. If agents are permitted entry, capability (iii) along
with constraints (a)-(d) should enable each site to formulate an appropriate
policy for agent execution. "Spiders" could really walk the Web...

I suggest the name "Spider" for this Safe-Tcl extension.
Mark Fisher Thomson Consumer Electronics
fisherm@indy.tce.com Indianapolis, IN

"Just as you should not underestimate the bandwidth of a station wagon
traveling 65 mph filled with 8mm tapes, you should not overestimate
the bandwidth of FTP by mail."