Re: SSI and other HTML server-side scripting languages

Albert Lunde (Albert-Lunde@nwu.edu)
Mon, 8 Jan 1996 20:17:39 -0600 (CST)


Message-Id: <199601090217.AA275883859@lulu.acns.nwu.edu>
Subject: Re: SSI and other HTML server-side scripting languages
To: paulmcd@microsoft.com (Paul McDaniel)
Date: Mon, 8 Jan 1996 20:17:39 -0600 (CST)
Cc: www-html@w3.org
In-Reply-To: red-27-msg960109004609MTP[01.52.00]000000b7-7007 from "Paul McDaniel" at Jan 8, 96 04:43:03 pm
From: Albert-Lunde@nwu.edu (Albert Lunde)

> 
> I am trying to find information in regards to server side scripting in HTML.
> 
> SSI (server side includes) is interesting 
> (http://hoohoo.ncsa.uiuc.edu/docs/tutorials/includes.html) but lacking.
> 
> I found a very interesting doc on SSI+ (http://www.cybrmall.com/) but 
> this seems to be proprietary for WebQuest servers.
> 
> What I need is the following features for server-side HTML scripting:
> 
> o method callout
> 	- the ability to call out to a module for execution.  this could be an 
> exe, cgi, isapi, ole object, etc..
> o conditionals
> 	- IF/THEN/ELSE type functionality
> o looping
> 	- WHILE/WEND type looping
> o include
> 	- to be able to include other HTML files.
> 
> I am trying to investigate existing standards to address these issues.  

One reason that there are not more standards addressing this is that
it is a server implementation issue... the HTTP and HTML specs are
most concerned with the form of the data that is "sent over the wire".

One can comply with these standards without storing HTML in a file
system at all (as in the case of generating HTML on the fly from
a database.)

Also the HTML specifications are written in terms of SGML; which places 
some limits on arbitrary features you can add gracefully to HTML itself. 

(While loops would be pushing that; though there is nothing to prevent 
while-loops in a meta-laguage that generates HTML.)

The CGI specification is one of the few specifications addressing
a server-side interface.

NCSA server-side includes are influential thru the free source but
are not really a standard.

An important question that needs to be considered is security implications
of any server-side processing, especially running arbitrary scripts or
executables. This is one reason why many servers limit execution
of cgi scripts to a particular directory.

-- 
    Albert Lunde                      Albert-Lunde@nwu.edu