« Previous 1 2 3 4 Next »
Haskell framework for the web
Speaking in Tongues
Clever Compiler
When user input reaches the server, Yesod checks it for JavaScript injections by testing the data with JavaScript commands, such as <script>
… </script>
, and disarms the threat. For example, Yesod replaces <
with <
. Following the same principle, Yesod protects the database against SQL injections [16].
The Haskell compiler checks the function type when compiling, which rules out type violations. It also checks the templates created in a template language from the Shakespearean family for syntax errors, ruling out any surprises during operation.
Cookies
Yesod is a RESTful application, but sometimes the framework has to save session data when interacting with clients (e.g., when using a shopping cart). The clientsession
package uses encryption and signatures to provide data in cookies. On the one hand, this ensures that the user does not manipulate the data; on the other hand, the signature prevents man-in-the-middle attacks.
The developer determines how long a cookie is valid. To use cookies, use the Foundation.hs
file to define where Yesod stores the cookie on the server. Listing 12 shows a session cookie. Firefox accepts such cookies, even in private mode (Figure 6), so you do not need to do without them. Cookies also hide sensitive data related to the URL.
Listing 12
<My project>/Foundation.hs (Extract)
01 [...] 02 instance Yesod App where 03 makeSessionBackend _ = Just <$> defaultClientSessionBackend 04 -- timeout in minutes 05 120 06 "<Path/to/Cookie>.aes"
Recycling Code
Modularity means, among other things, reusability of code in other projects, which can be implemented under Yesod using subsites. These subsites are standalone programs (e.g., a chat application that occurs in several software projects). You only need to copy the folder that contains the subsite to the new project.
When implementing subsites, it should be noted that, although Snoyman has some examples in his book [14], not much useful information is available on the web; therefore, you need to teach yourself or gather information from different sources.
Another example of modularity with Yesod is Haskell programs or Haskell modules. For example, a game written in Haskell can be imported into a Yesod project, which the user accesses from the browser.
« Previous 1 2 3 4 Next »
Buy this article as PDF
(incl. VAT)