diff --git a/doc/latex/httpd.tex b/doc/latex/httpd.tex index 4d1d286..187bc73 100644 --- a/doc/latex/httpd.tex +++ b/doc/latex/httpd.tex @@ -459,7 +459,7 @@ exported by the \ex{httpd\=basic\=handlers} structure: \item If the path looks like \ex{("cgi-\ob{}bin"\ob{} "calendar")}, pass ("calendar") off to the CGI request handler. \item If the path looks like \ex{("seval"\ob{} \ldots)}, the tail - of the path is passed off to the code-uploading seval path + of the path is passed off to the code-uploading \ex{seval} path handler. \item Otherwise, the whole path is passed to a rooted file handler, who will convert it into a filename, rooted at @@ -564,6 +564,64 @@ structure. \end{itemize} \end{desc} +\section{Scheme-Evaluating Request Handlers} + +The \ex{httpd-seval-handlers} structure contains a handler which +demonstrates how to safely evaluate Scheme code uploaded from the +client to the server. + +\defvar{seval-handler}{request-handler} +\begin{desc} + This request handler is suitable for receiving code entered into an + HTML text form. The Scheme code being uploaded is being \ex{POST}ed + to the server (from a form). The code should be URI-encoded in the + URL as \texttt{program=}$\left<\mathrm{stuff}\right>$. + $\mathrm{stuff}$ must be an (URI-encoded) Scheme expression which + the handler evaluates in a separate subprocess. (It waits for 10 + seconds for a result, then kills the subprocess.) The handler then + prints the return values of the Scheme code. +\end{desc} + +The following structures define environments that are \RnRS without +features that could examine or effect the file system. You can also +use them as models of how to execute code in other protected +environments in \scm. + +\subsection{The \protect{\texttt{loser}} structure} +The \ex{loser} package exports only one procedure: + +\begin{defundesc}{loser}{name}{nothing} + Raises an error like ``Illegal call \var{name}''. +\end{defundesc} + +\subsection{The \protect{\texttt{toothless}} structure} +The \ex{toothless} structure contains everything of \RnRS except +that following procedure cause an error if called: +\begin{itemize} +\item \ex{call-with-input-file} +\item \ex{call-with-output-file} +\item \ex{load} +\item \ex{open-input-file} +\item \ex{open-output-file} +\item \ex{transcript-on} +\item \ex{with-input-from-file} +\item \ex{with-input-to-file} +\item \ex{eval} +\item \ex{interaction-environment} +\item \ex{scheme-report-environment} +\end{itemize} + +\subsection{The \protect{\texttt{toothless-eval}} structure} + +\begin{defundesc}{eval-safely} {expression} {any result} + Creates a brand-new structure, imports the \ex{toothless} structure, + and evaluates \semvar{expression} in it. When the evaluation is + done, the environment is thrown away, so \semvar{expression}'s + side-effects don't persist from one \ex{eval\=safely} call to the + next. If \semvar{expression} raises an error exception, + \ex{eval-safely} returns \sharpf. +\end{defundesc} + %%% Local Variables: %%% mode: latex %%% TeX-master: "man"