2011-10-04 12:15:05 +00:00
<?xml version="1.0" encoding="utf-8"?>
< !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
< html xmlns = "http://www.w3.org/1999/xhtml" lang = "fr" xml:lang = "fr" >
< head >
< meta http-equiv = "Content-Type" content = "text/html; charset=UTF-8" / >
< link rel = "shortcut icon" type = "image/x-icon" href = "/Scratch/img/favicon.ico" / >
< link rel = "stylesheet" type = "text/css" href = "/Scratch/assets/css/main.css" / >
< link rel = "stylesheet" type = "text/css" href = "/Scratch/css/twilight.css" / >
< link rel = "stylesheet" type = "text/css" href = "/Scratch/css/idc.css" / >
< link rel = "alternate" type = "application/rss+xml" title = "RSS" href = "http://feeds.feedburner.com/yannespositocomfr" / >
< link rel = "alternate" lang = "fr" xml:lang = "fr" title = "Yesod excellent ideas" type = "text/html" hreflang = "fr" href = "/Scratch/fr/blog/Yesod-excellent-ideas/" / >
< link rel = "alternate" lang = "en" xml:lang = "en" title = "Yesod excellent ideas" type = "text/html" hreflang = "en" href = "/Scratch/en/blog/Yesod-excellent-ideas/" / >
< script type = "text/javascript" src = "/Scratch/js/jquery-1.3.1.min.js" > < / script >
< script type = "text/javascript" src = "/Scratch/js/jquery.cookie.js" > < / script >
< script type = "text/javascript" src = "/Scratch/js/index.js" > < / script >
<!-- [if lt IE 9]>
< script src = "http://ie7-js.googlecode.com/svn/version/2.1(beta4)/IE9.js" > < / script >
<![endif]-->
<!-- < % if containMaths %>
< script type = "text/javascript" src = "/Scratch/js/MathJax/MathJax.js" > < / script >
< % end %>
-->
< title > Yesod excellent ideas< / title >
< / head >
< body lang = "fr" >
< script type = "text/javascript" > / / < ! [ C D A T A [
document.write('< div id = "blackpage" > < img src = "/Scratch/img/loading.gif" alt = "Chargement en cours..." / > < / div > ');
// ]]>
< / script >
< div id = "content" >
< div id = "choix" >
< div class = "return" > < a href = "#entete" > ↓ Menu ↓ < / a > < / div >
< div id = "choixlang" >
< a href = "/Scratch/en/blog/Yesod-excellent-ideas/" onclick = "setLanguage('en')" > in English< / a >
< / div >
< div class = "flush" > < / div >
< / div >
< div id = "titre" >
< h1 >
Yesod excellent ideas
< / h1 >
< / div >
< div class = "flush" > < / div >
< div class = "flush" > < / div >
< div id = "afterheader" >
< div class = "corps" >
< p > < img alt = "Title image" src = "/Scratch/img/blog/Yesod-excellent-ideas/main.png" / > < / p >
< div class = "intro" >
< p > < span class = "sc" > < abbr title = "Trop long à lire" > tlàl< / abbr > : < / span > < / p >
< p > I follows the yesod web framework for some times now. And I believe it reached the point where you should really consider to use it. But instead of telling you why you should learn Haskell and use yesod, I prefer to talk about new ideas used by yesod I didn’ t saw in other frameworks.< / p >
< / div >
2011-10-04 15:32:23 +00:00
< p > Commençons par une BD d’ < a href = "http://xkcd.com" > xkcd< / a > :< / p >
2011-10-04 12:15:05 +00:00
2011-10-04 15:32:23 +00:00
< p > < img src = "http://imgs.xkcd.com/comics/exploits_of_a_mom.png" alt = "SQL injection by a mom" / > < / p >
2011-10-04 12:15:05 +00:00
2011-10-04 15:32:23 +00:00
< p > Avec les technologies web on passe son temps à manipuler des chaînes de caractères.
Certaines de ces chaînes sont utilisées pour désigner du HTML, d’ autre du JavaScript, d’ autres du CSS, d’ autre des requêtes SQL, des URL, etc…
Il en résulte des problèmes pour éviter qu’ un petit malin utilise le champs “ nom d’ utilisateur” et remplace un nom standard par < code > toto< script> alert("This site sucks!")< /script> < / code > .
Sans une protection correcte, le message sera affiché à chaque fois que quelqu’ un essayera d’ accéder au nom de cet utilisateur.
Les “ types saufs” sont le < a href = "https://www.youtube.com/watch?v=1IWF3IsEPBE" > tonyglandil du web< / a > .
Safe types are the chains around all strings you’ ll use.< / p >
2011-10-04 12:15:05 +00:00
2011-10-04 15:32:23 +00:00
< p > Yesod fait de son mieux pour typer les objets manipulés et ainsi il fera ce qu’ il faut pour ne pas mettre du script dans une URL par exemple.< / p >
2011-10-04 12:15:05 +00:00
2011-10-04 15:32:23 +00:00
< p > < code >
< a href=@[AnotherPageR]> Go to the other page
< / code > < / p >
2011-10-04 12:15:05 +00:00
2011-10-04 15:32:23 +00:00
< pre > < code > falselink"> < script> bad_code(); < /script> < a href="pipo
2011-10-04 12:15:05 +00:00
2011-10-04 15:32:23 +00:00
htmlheader = ...
cssheader = ...
javascriptheader = ...
htmlbody = ...
< / code > < / pre >
2011-10-04 12:15:05 +00:00
< p > toWidgetHeader cassiusFile “ button.cassius”
toWidgetHeader juliusFile “ button.julius”
toWidget hamletFile “ buttonTemplate.hamlet” < / p >
< p > < code >
myBigWidget = menuWidget > > contentWidget > > footerWidget
< / code > < / p >
< p > < code >
/blog/2003 Date2003R
/blog/$DATE DateR
< / code > < / p >
< p > < code >
/blog/$DATE DateR
< / code > < / p >
< p > If you are a haskeller, I believe you shouldn’ t fear the special syntax imposed by the standard yesod way of doing things.
Just try it more than the firsts basic tutorials. < / p >
< p > Until here I believe it goes in the right direction. Even if I believe the real future is by generating HTML pages from the client (using javascript) and server limited to serve JSON (or XML, or any object representation system).< / p >
< p > I cannot stress too much about how I believe Yesod is good.< / p >
< p > One of the most important point is the responsiveness of the community. It is very active. It is Greg which the first had given a way to < a href = "http://www.yesodweb.com/blog/2011/07/haskell-on-heroku" > deploy Haskell code to Heroku< / a > .< / p >
< / div >
< div id = "choixrss" >
< a id = "rss" href = "http://feeds.feedburner.com/yannespositocomfr" >
s'abonner
< / a >
< / div >
< script type = "text/javascript" >
$(document).ready(function(){
$('#comment').hide();
$('#clickcomment').click(showComments);
});
function showComments() {
$('#comment').show();
$('#clickcomment').fadeOut();
}
document.write('< div id = "clickcomment" > Commentaires< / div > ');
< / script >
< div class = "flush" > < / div >
< div class = "corps" id = "comment" >
< h2 class = "first" > commentaires< / h2 >
< noscript >
Vous devez activer javascript pour commenter.
< / noscript >
< script type = "text/javascript" >
var idcomments_acct = 'a307f0044511ff1b5cfca573fc0a52e7';
var idcomments_post_id = '/Scratch/fr/blog/Yesod-excellent-ideas/';
var idcomments_post_url = 'http://yannesposito.com/Scratch/fr/blog/Yesod-excellent-ideas/';
< / script >
< span id = "IDCommentsPostTitle" style = "display:none" > < / span >
< script type = 'text/javascript' src = '/Scratch/js/genericCommentWrapperV2.js' > < / script >
< / div >
< div id = "entete" class = "corps_spaced" >
< div id = "liens" >
< ul > < li > < a href = "/Scratch/fr/" > Bienvenue< / a > < / li >
< li > < a href = "/Scratch/fr/blog/" > Blog< / a > < / li >
< li > < a href = "/Scratch/fr/softwares/" > Softwares< / a > < / li >
< li > < a href = "/Scratch/fr/about/" > À propos< / a > < / li > < / ul >
< / div >
< div class = "flush" > < / div >
< hr / >
< div id = "next_before_articles" >
< div id = "previous_articles" >
articles précédents
< div class = "previous_article" >
< a href = "/Scratch/fr/blog/programming-language-experience/" > < span class = "nicer" > «< / span > Mon expérience avec les languages de programmation< / a >
< / div >
< div class = "previous_article" >
< a href = "/Scratch/fr/blog/Learn-Vim-Progressively/" > < span class = "nicer" > «< / span > Apprenez Vim Progressivement< / a >
< / div >
< div class = "previous_article" >
< a href = "/Scratch/fr/blog/Password-Management/" > < span class = "nicer" > «< / span > Password Management< / a >
< / div >
< / div >
< div id = "next_articles" >
articles suivants
< / div >
< div class = "flush" > < / div >
< / div >
< / div >
< div id = "bottom" >
< div >
< a rel = "license" href = "http://creativecommons.org/licenses/by-sa/3.0/deed.fr" > Droits de reproduction ©, Yann Esposito< / a >
< / div >
< div id = "lastmod" >
Écrit le : 04/10/2011
modifié le : 04/10/2011
< / div >
< div >
Site entièrement réalisé avec
< a href = "http://www.vim.org" > Vim< / a >
et
< a href = "http://nanoc.stoneship.org" > nanoc< / a >
< / div >
< div >
< a href = "/Scratch/fr/validation/" > Validation< / a >
< a href = "http://validator.w3.org/check?uri=referer" > [xhtml] < / a >
.
< a href = "http://jigsaw.w3.org/css-validator/check/referer?profile=css3" > [css] < / a >
.
< a href = "http://validator.w3.org/feed/check.cgi?url=http%3A//yannesposito.com/Scratch/fr/blog/feed/feed.xml" > [rss]< / a >
< / div >
< / div >
< div class = "clear" > < / div >
< / div >
< script type = "text/javascript" >
var clicky = { log: function(){ return; }, goal: function(){ return; }};
var clicky_site_id = 66374971;
(function() {
var s = document.createElement('script');
s.type = 'text/javascript';
s.async = true;
s.src = ( document.location.protocol == 'https:' ? 'https://static.getclicky.com/js' : 'http://static.getclicky.com/js' );
( document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0] ).appendChild( s );
})();
< / script >
< noscript > < p > < img alt = "Clicky" width = "1" height = "1" src = "http://in.getclicky.com/66374971ns.gif" / > < / p > < / noscript >
< / body >
< / html >