<< , >> , Title

8 Extending WWW


External Viewers

Access to WWW can be achieved by using a client such as NCSA Mosaic to display HTML documents and inline images in GIF format. However the World-Wide Web is an extensible system: clients can access information which is in other formats than HTML.

When a client receives a file from a server it checks on the file type. If the file type indicates that it is an HTML document, the file will be displayed by the browser. Otherwise the browser's configuration file can specify an external viewer which can be used to display the file. A list of widely used external viewers is given in Table 8-1.


File Format         Viewer                             
JPEG                LVIEW (MS Windows) xv (X Windows)  
Postscript          Ghostview                          
DVI                 xdvi (X Windows)                   
MPEG                mpeg_play (X Windows and MS        
                    Windows)
Table 8-1 Popular Viewers.

The association between the file type and the viewer is given in the browser's configuration file. A typical configuration file for Mosaic for Windows is given in Figure 8-1.

[Viewers]
TYPE0="audio/wav"
TYPE1="application/postscript"
TYPE2="image/gif"
TYPE3="image/jpeg"
TYPE4="video/mpeg"
TYPE5="video/quicktime"
TYPE6="video/msvideo"
TYPE7="application/x-rtf"
TYPE8="audio/x-midi"
TYPE9="audio/basic"
TYPE10="image/x-action"
TYPE11="application/x-w3launch"
application/postscript="L:\winapps\ghost\gsview %ls"
application/x-w3launch="n:\windept\bmb\w3launch\w3launch %ls"
image/gif="L:\winapps\mosaic2\lview %ls"
image/x-action="n:\windept\bmb\action25\playact %ls"
image/jpeg="L:\winapps\mosaic2\lview %ls"
video/mpeg=""
video/quicktime=""
video/msvideo=""
audio/wav=""
audio/x-midi="mplayer %ls"
application/x-rtf="write %ls"
Figure 8-1 Part of a MOSAIC.INI File.

Running Client Applications

If a Postscript file is retrieved from a WWW server the browser program normally responds "I don't know what to do with a Postscript file - but I know a program that does. I'll pass the Postscript file on to the Ghostview program". If, for example, an Excel spreadsheet is retrieved from a WWW server the client could be configured to respond "I don't know what to do with an Excel spreadsheet file - but I know a program that does. I'll pass the spreadsheet file on to the Excel program". This technique extends the functionality of the World-Wide Web from acting as a distributed file viewer to acting as a distributed program manager.

Security Implications

Unfortunately there are a number of security concerns with such an approach. For example an application developed using the Toolbook authoring system could be delivered using WWW. The application could then be launched using a local copy of Toolbook. The application could have a button marked Start. Clicking this button could then result in files held on the local machine being deleted! Even associating a word processed document with Word For Windows holds dangers, as many Microsoft applications, including Word For Windows, support the use of macros, including autostart macros, which could also cause files to be deleted.

As a general principle there are dangers in automatically invoking applications from WWW clients.

Implementing Security - W3Launch

There are security problems in using a WWW browser to download and run software from the Internet. It is generally not considered wise to configure a browser so that it recognises file types which contain programs. Jon Maber, Biochemistry and Molecular Biology, University of Leeds has developed a launching program for the Bionet TLTP project which provides a simple and secure method of launching only authorised software.

Further details on the W3Launch program is available at the URL http://www.leeds.ac.uk/bionet/student/pre-stud.htm


Figure 8-2 W3Launch.

It should be noted that W3Launch is an application developed at the University of Leeds - it is not part of WWW itself.

Server-side Extensions

Example

The previous section described how it is possible to run applications on the client machine. It is also possible to run software on the server. A simple application running on the server is shown in Figure 8.3.

#!/bin/sh
echo Content-type: text/html
echo
if [ $# = 0 ]
then
echo "<HEAD>"
echo "<!-- Script written by Brian Kelly --!>"
echo "<TITLE>Search University Phone Directory</TITLE>"
echo "<ISINDEX>"
echo "</HEAD>"
echo "<BODY>"
echo "<H1>Phone Directory</H1>"
echo "Enter surname of the person you are searching for.<P>"
echo "Script written by <A HREF=http://www.leeds.ac.uk/ucs/people/BKelly/bk.html>Brian Kelly</A>."
echo "</BODY>"
else
echo "<HEAD>"
echo "<TITLE>Results Of Search</TITLE>"
echo "</HEAD>"
echo "<BODY>"
echo "<H1>Results of Search for $* </H1>"
echo "<PRE><TT>"
grep -i "$*" /apps/data/Telephone_Directory
echo "</PRE></TT>"
echo "</BODY>"
fi
Figure 8-3 Script To Generate An HTML Document.

The program, which is a C shell script which runs on the Unix server system, can be executed by selecting the URL http://www.leeds.ac.uk/cgi-bin/ucs/phone

When the URL is selected since no arguments are provided, the first part of the if statement is run. This will generate the following HTML document:

<HEAD>
<!-- Script written by Brian Kelly --!>
<TITLE>Search University Phone Directory</TITLE>
<ISINDEX>
</HEAD>
<BODY>
<H1>Phone Directory</H1>
Enter surname of the person you are searching for.<P>
Script written by <A HREF=http://www.leeds.ac.uk/ucs/people/BKelly/bk.html>Brian Kelly</A>.
</BODY>
Figure 8-4 Virtual HTML Document.

The <ISINDEX> tag generates a search dialogue box. The HTML document is rendered as shown below.


Figure 8-5 Running The Script.

When text is entered in the Search box and the <Enter> key pressed, the script in Figure 8.4 is executed again. This time, since the program will be given an argument, the second part of the if statement will be executed. This will generate the HTML tags and then invoke the Unix grep command to search a file for lines containing the search string.


Figure 8-6 Output From The Script.

CGI Programs

The example described above is known as a CGI program. CGI stands for the Common Gateway Interface. It is a standard which has been adopted by a number of server developers (primarily developers of the CERN and NCSA server software) for running programs on the server machine.

Further information on CGI is available at the locations given below:

A definition of CGI is available at the URL http://hoohoo.ncsa.uiuc.edu/cgi/examples.html

Examples of the use of CGI programs are available at the URL http://hoohoo.ncsa.uiuc.edu/cgi/examples.html and http://paulina.elkraft.unit.no/ncsa/cgi/overview.html

A tutorial on CGI is available at the URL http://www.charm.net/~web/Tutorial/CGI/

A tutorial on Learn How To Write CGI Forms is available at the URL http://www.catt.ncsu.edu/users/bex/www/tutor/index.html

The Web Developer's Virtual Library: CGI is available at the URL http://www.charm.net/~web/Vlib/Providers/CGI.html

A CGI Programmer's Reference is available at the URL http://www.halcyon.com/hedlund/cgi-faq/

An archive of useful CGI programs is available at the URL ftp://ftp.ncsa.uiuc.edu/Web/httpd/Unix/ncsa_httpd/cgi/

Pointers to CGI resources are available at the URL http://www.yahoo.com/Computers/World_Wide_Web/CGI_Common_Gateway_Interface/

Forms

Forms are often used to collect information from a user which is used as input to a CGI program. A description of forms is given below.

Creating A Form

A form consists of areas of the screen in which the user can input data. The data is sent to the HTTP server, which can run a script or program to process the data in some way. One common use of forms is to provide feedback on a WWW service. Input to the form can be emailed to the service administrator. Forms can also be used to input search criteria to be input to a search engine, or to specify parameters for distributed teaching and learning services.

A form is defined by the <FORM ...> and </FORM> HTML tags. The <FORM> tag has the syntax:

<FORM METHOD="method" ACTION="url">

For example:

<FORM METHOD="post" ACTION="http://leeds.ac.uk/ucs/cgi-bin/myscript">

will send the input data to be processed by myscript.

An example of a form is shown below:

<TITLE>Fill-Out Form Example #7</TITLE>
<H1>Fill-Out Form Example #7</H1>
This is another fill-out form example, with toggle buttons. <P>
<HR>
<FORM METHOD="POST" ACTION="http://hoohoo.ncsa.uiuc.edu/htbin-post/post-query">
<H2>Godzilla's Pizza -- Internet Delivery Service, Part II</H2>
Type in your street address: <INPUT NAME="address"> <P>
Type in your phone number: <INPUT NAME="phone"> <P>
Which toppings would you like? <P>
<OL>
<LI> <INPUT TYPE="checkbox" NAME="topping" VALUE="pepperoni">
Pepperoni.
<LI> <INPUT TYPE="checkbox" NAME="topping" VALUE="sausage"> Sausage.
<LI> <INPUT TYPE="checkbox" NAME="topping" VALUE="anchovies">
Anchovies.
</OL>
How would you like to pay? Choose any one of the following: <P>
<OL>
<LI> <INPUT TYPE="radio" NAME="paymethod" VALUE="cash" CHECKED> Cash.
<LI> <INPUT TYPE="radio" NAME="paymethod" VALUE="check"> Check.
<LI> <I>Credit card:</I>
<UL>
<LI> <INPUT TYPE="radio" NAME="paymethod" VALUE="mastercard"> Mastercard.
<LI> <INPUT TYPE="radio" NAME="paymethod" VALUE="visa"> Visa.
<LI> <INPUT TYPE="radio" NAME="paymethod" VALUE="americanexpress">
American Express.
</UL>
</OL>
Would you like the driver to call before leaving the store? <P>
<DL>
<DD> <INPUT TYPE="radio" NAME="callfirst" VALUE="yes" CHECKED> <I>Yes.</I>
<DD> <INPUT TYPE="radio" NAME="callfirst" VALUE="no"> <I>No.</I>
</DL>
To order your pizza, press this button: <INPUT TYPE="submit"
VALUE="Order Pizza">. <P>
</FORM>
Figure 8-7 HTML Document Defining A Form.

This example is available at the URL http://www.ncsa.uiuc.edu/SDG/Software/Mosaic/Docs/fill-out-forms/example-7.html

The way in which form is displayed is illustrated below.


Figure 8-8 Using A Form.

Processing A Form

Once the form is submitted the data which has been entered is appended to the end of the URL given in the ACTION attribute of the FORM tag. This information is then processed by the script.

Further Information About Forms

Forms tutorials are available at the URL http://www.ncsa.uiuc.edu/SDG/Software/Mosaic/Docs/fill-out-forms/overview.html , http://hoohoo.ncsa.uiuc.edu/docs/cgi/forms.html, http://www.webcom.com/html/tutor/forms/start.html and http://kuhttp.cc.ukans.edu/info/forms/forms-intro.html

A forms testing suite is available at the URL http://www.research.digital.com/nsl/formtest/home.html


<< , >> , Title