Close

Loopback server

A project log for HTTaP

Test Access Port over HTTP

yann-guidon-ygdesYann Guidon / YGDES 03/28/2017 at 00:180 Comments

HTTaP is meant to help integrate #YGWM with a web-based system, and there is more to it than serving files or sending commands to TCP widgets.

Any editor needs to read and write files from the local disk/storage and the chosen language/framework (HTML/JS) does not allow that. The web browser prevents scripts from doing it, for obvious security reasons !

Yet there is a solution. Or more precisely, it's a hack ! I have described it in an article in French:

"Accéder aux fichiers en JavaScript (ou le Cross-Site Scripting utile)" in GLMF#105 pp.42-54

This describes a dirty trick, using a PHP script along with a specially crafted HTML/JS page :

Note : these manipulations usually require user interaction and are not inherently more unsafe than usual methods.

The PHP script was a pain to write and I'm glad to have a totally controlled environment (the HTTaP server) where I can process the data without layers of gotchas and poisonous sugaring...

The JS framework has evolved too and "binary blobs" now solve many of the encoding problems I have !

The "Loopback" feature should be a standard, user-configurable, option in the HTTaP protocol, with its own access key.


20170429:

Now, it seems that interactive websites use a technique similar to the loopback server. An example is the circuit simulator at http://www.falstad.com/circuit/circuitjs.html

I recently spotted an addition to the HTML5 standard at https://developer.mozilla.org/en-US/docs/Using_files_from_web_applications which looks promising but it doesn't seem to writte files, and support is yet untested and unknown. I hope that my system works with HTML4 clients.

Discussions