The following paper was originally published in the Proceedings of the Sixth Annual Tcl/Tk Workshop San Diego, California, September 14–18, 1998 WebWiseTclTk: A Safe-Tcl/Tk-based Toolkit Enhanced for the World Wide Web Hemang Lavana and Franc Brglez North Carolina State University For more information about USENIX Association contact: 1. Phone: 510 528-8649 2. FAX: 510 548-5738 3. Email: [email protected] 4. WWW URL:http://www.usenix.org/ WebWiseTclTk: A Safe-Tcl/Tk-based To olkit Enhanced for the World Wide Web Hemang Lavana Franc Brglez CBL Collab orative Benchmarking Lab, Dept. of Computer Science, Box 7550 NC State University, Raleigh, NC 27695, USA http://www.cbl.ncsu.edu/ tion of multimedia content on the WWW. Tcl-plugin Abstract [7, 8] is an example of an elegant solution for em- The WebWiseTclTk toolkit is an enhancement of the b edding Tcl/Tk applications for ready access inside existing feature set of Safe-Tcl and Safe-Tk that does the Web browser. In addition, the Tcl-plugin sup- not compromise security. The toolkit re-de nes the p orts an excellent mechanism for security of client load mechanism in Tcl such functionality of the auto hosts using a padded cell approach [9]. The default that it works for packages located anywhere on the security p olicy prohibits Tcl applets tclets from World Wide Web. It also re-introduces several com- running other programs, accessing the le system, mands not available in Safe-Tk such as toplevel and creating toplevel windows including menus, and menu to provide a much richer feature set of Tk thereby giving the client hosts a high level of con - commands. The toolkit is written entirely in Safe- dence when executing tclets. However, such restric- Tcl/Tk and uses the home p olicy for running appli- tions limit the scop e of the Tcl applications executed cations as Tcl-plugins. inside a Web-browser. The toolkit supports 1 creation of new Web-based Our initial exp erience with Tcl/Tk, predating the Tcl applications with greatly enhanced functionality, phenomenal growth of WWW, was motivated by the and 2 migration of existing Tcl applications to the need to develop a user-friendly and versatile envi- Web by merely writing an encapsulation script. We ronment to supp ort user-recon guration of complex demonstrate the capabilities of the WebWiseTclTk work ows that execute heterogeneous programs and toolkit by readily creating an encapsulation script for data for the design of exp eriments in VLSI CAD. Web-based execution of the Tk Widget Demonstra- This environment, called REUBEN for reusable and tions, distributed with the core Tcl/Tk. recon gurable b enchmarking environment, was im- Keywords: plugins, Web browsers, security, script- plemented entirely in Tcl/Tk [1] and Expect [10]. In ing, encapsulation, GUI. essence, it provides the user with the ability to create directed dep endency graphs as work ows of data, 1 Intro duction program, decision, and work ow no des. Data and The last few years have seen an explosive growth programs can reside anywhere on the Internet, and of the usage of Tcl Tool Command Language execution of all no des can be scheduled automati- [1, 2, 3] and its p opularity can b e easily gauged by cally, regardless of the data-dep endent cycles in the the large numb er of p ostings in the Tcl newsgroup graph. In its nal form, the work ows in REUBEN can comp.lang.tcl. Scripting languages such as Tcl be multi-cast to several collab orating sites, recorded, are designed for `gluing' applications and encourage and played-back for re-execution. An example of rapid application development as compared to sys- REUBEN environment to supp ort a number of dis- tem programming languages, and hence are very im- tributed and heterogeneous tasks in a VLSI CAD p ortant for applications of the future [4]. The emer- work ow is illustrated in Figure 1. More details are gence of organizations such as the recently formed available in [11,12,13]. Scriptics [5] and the Tcl/Tk Consortium [6], fo cus- Migration of large applications, suchas REUBEN,to ing entirely on scripting to ols, applications and ser- the Web is not easy if highest level of con dence vices, is an example of this trend. in terms of security is desired. This is esp ecially The maturity and robustness of Tcl/Tk provides a true, b ecause toplevel windows and menus are es- new opp ortunity to supp ort creation and presenta- sential in such applications. One solution could b e This researchwas supp orted by contracts from the Semi- to use Jacl [14], an interpreter to run Tcl scripts in conductor Research Corp oration 94{DJ{553, SEMATECH a Java environment. Unfortunately, Jacl do es not 94{DJ{800, and DARPA/ARO P{3316{EL/DAAH04{94{ yet contain the entire feature set of Tcl, including G{2080 and DAAG55{97{1{0345. Fig. 1. REUBEN environment consisting of several windows. namespaces and Tk. The WebWiseTclTk to olkit pro- Menu widgets are also disabled in Safe-Tk. vides an easy solution for the migration of existing Tclets do not have access to standard input and Tcl applications to the Web. Minimal changes are standard output. required in the original application. Our approach The Tcl-plugin supp orts multiple security p olicies so uses an encapsulating script to call the main script that the tclets can p erform any of the functionality of the original application. describ ed ab ove. However, this requires every client This pap er is organized into the following sections: host to devise and customize their security p olicies 2 motivation; 3 WebWiseTclTk architecture; 4 for every application b efore accessing these as tclets. implementation of WebWiseTk; 5 implementation of WebWiseTcl; 6 user's guide; 7 programmer's It is desirable that the Tcl applications be easily guide; 8 software status and availability; and 9 translated into tclets and made readily available on conclusions. the World Wide Web: without requiring any ma jor changes in the ap- 2 Motivation plication co de, and without requiring any sophisticated security p ol- A large application, written in Tcl, typically con- sists of a short main script and a library of supp ort icy to run the tclet. scripts. Applications start up quickly by invoking Wehave develop ed the WebWiseTclTk to olkit as an the main script. As new features are accessed, the enhancement to the Tcl-plugin that makes use of the co de that implements them is loaded automatically, home policy only. The home policy is, by default, using the auto load mechanism available in Tcl. A enabled in the Tcl-plugin and hence applications us- complex environment suchas REUBEN, describ ed ear- ing WebWiseTclTk do not require the host clients to lier and illustrated in Figure 1, requires that a num- mo dify their existing security p olicies. b er of windows b e created during its runtime. The Tcl-plugin, based on Safe-Tcl, restricts running We decided to use the Tk widget demonstrations, such large applications inside a Web-browser. A few distributed with the core Tcl/Tk, as a test-b ench of these restrictions are listed b elow: for testing the WebWiseTclTk to olkit. We chose to translate these demos for the World Wide Web load scheme fails, unless the application Auto b ecause they cover most of the commands of the package is installed on the client host. Another alter- core Tcl/Tk that are otherwise unavailable in Safe- native is to merge all the scripts in the application Tcl/Tk. Figure 2 shows the result of p osting these into a single script which can be downloaded as a demos on the Web and executing them on a host tclet. clientasatclet using the Netscap e browser. We in- Applications are restricted to a single window vite users to try out this demo and send us comments since the command toplevel is not available in Safe- on its features and p erformance. Tk and new windows cannot b e created. Fig. 2. Tcl/Tk widget demos on the Web. 3 Architecture Figure 3a shows the general architecture that load mechanism. Sp ecial implements the auto cases of the generalized architecture are shown in The to olkit WebWiseTclTk consists of two parts: 1 Figures3b, c and d and describ ed b elow: WebWiseTcl which is an enhancement for Safe-Tcl 1. Typical client host, downloading a tclet from a and is useful for applications that do not require Web server, has only the Tcl-plugin installed for its display, and 2 WebWiseTk which is an enhancement Web-browser. The server site provides not only the for Safe-Tk for applications requiring display. The tclet scripts but also the WebWiseTclTk to olkit as to olkit itself consists of several smaller scripts and shown in Figure 3b. The client host downloads uses the mo di ed auto load mechanism designed for the main script for the tclet which requests to use WebWiseTclTk. WebWiseTclTk Toolkit CBL's Web Site Software Repository policy \ WebWiseTclTk Tcl Plugin Tclet Client Host Web Browser Web Server Incorporates Tclets policy home WebWiseTclTk Toolkit WebWiseTclTk Tclet Toolkit Scripts a Generalized architecture. Tcl Tcl Plugin Plugin Client Host Client Host Tclet Tclet Web Browser Web Browser Web Server Web Server Incorporates Tclets policy home Incorporates Tclets policy home WebWiseTclTk Toolkit Tclet WebWiseTclTk Scripts Tclet Toolkit Scripts b WebWiseTclTk to olkit on the Web server. c WebWiseTclTk to olkit on the client host. WebWiseTclTk Toolkit CBL's Web Site Software Repository Typical scenario of a tclet execution: Client host visits the Web server.