Path: ...!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail From: Mild Shock Newsgroups: comp.lang.prolog Subject: Space Junk might fall on your head [Scryer Prolog WASM] (Was: Streamable DOM and obsolete put_code/[1,2]) Date: Sat, 5 Apr 2025 18:33:43 +0200 Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Date: Sat, 5 Apr 2025 16:33:42 -0000 (UTC) Injection-Info: solani.org; logging-data="868078"; mail-complaints-to="abuse@news.solani.org" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0 SeaMonkey/2.53.20 Cancel-Lock: sha1:NxiDyA0vRxqr1xKN5lJ4rWIzFAA= In-Reply-To: X-User-ID: eJwNx8EBwEAEBMCWWBZXzkXov4RkfkMLjU4PhnO5wLQVc8zfEbgLovVI/xFgi9fBclqeZ+dqnqbeLKVPKz4mxRQ0 Bytes: 6135 Lines: 158 Hi, During my quick brainstorming on SWI-Prolog discourse concerning my library(markup) I worte: > Disclaimer: I didn’t look into Trealla, Scryer > or Ciao, what they support in this respect. > I only had a look at SWISH and their concept of > answer substitutions filters. I find this too > restrictive, already the library(turtle) cannot > be done in this setting. So my subc-consciousness told me there is nothing useful to expect from Trealla, Scryer or Ciao. Since they are total web virgins, probably never seen a DOM API and/or never generated production webpages. For example this could be abused, not something that should be promoted: document.write(`

Sudoku solver returns:

${result}
`); https://github.com/mthom/scryer-prolog?tab=readme-ov-file#building-webassembly Not only is the document.write() method deprecated. The document.write() method directly injects HTML into the page. This leads to XSS vulnerability: > During the second half of 2007, XSSed documented 11,253 site-specific cross-site vulnerabilities, compared to 2,134 "traditional" vulnerabilities documented by Symantec. XSS effects vary in range from petty nuisance to significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner network. https://en.wikipedia.org/wiki/Cross-site_scripting Bye Mild Shock schrieb: > Hi, > > But a "HTML Writer" as a statemachine shouldn't be a problem > in the Prolog world. If you have a concept of engine, > you can write a the HTMLParser as an ordinary parser, > > which yields to get its input: > > The HTMLParser service: > > /* some ordinary code that reads a stream > and writes a stream, only the stream is > read via the engine interface */ > > parser_get_code(X) :- >    engine_fetch(X). > > The HTMLParser client: > > /* Basically the HTMLParser is used inverted. >   Just like in ordinary document.write() from >   the JavaScript world, one uses the parser as sink (sic!) */ > > parser_put_code(ParserEngine, X) :- >    engine_post(ParserEngine, X). > > But from the above once can also develop statemachine, > and eliminate the "engine", by modelling what happens > between subsequent engine_fetch inside the ParserEngine, > > and have an inverted parser which doesn't need "engin", > is pure Prolog code. An impurity can be the state changes, > but you can delegate it to the DOM. > > But for streams you have always state changes, thats > what streams do, they change the sink. > > Bye > > Mild Shock schrieb: >> Hi, >> >> Streamable DOM in the form of a "HTML writer", >> can be a real miracle. SWI, Ciao, etc.. none >> of the Prolog systems have a "HTML writer", >> >> it seems the prospect of a HTMLParser inside such >> "HTML writer", and that it is a state machine >> confuses the world view of many people. But >> >> the idea was already pursued by Tau Prolog. >> Just take an element: >> >>  >
>> >> And then literally you only have to open it: >> >>  > :- use_module(library(dom)). >>  > >>  >output :- >>  >    get_by_id(writeme, WriteMe), >>  >    open(WriteMe, write, Stream), >>  >    write(Stream, hello), >>  >    write(Stream, world). >> >> But it didn't have much adoption, rather cause more >> problems than solved any: >> >>  > How getting all the sandbox output into html? >>  > joseph-vidal-rosset opened on Aug 2, 2022 >>  > https://github.com/tau-prolog/tau-prolog/issues/326 >> >> I do not blame the Philosopher trying to be a >> Prolog programmer. It had not much utility since >> write/1 now accepted and inserted HTML. >> >> Bye >> >> Mild Shock schrieb: >>> Hi, >>> >>> The development of Novacore takes interesting turns. >>> Originally more accidentially, because I observed it >>> can serve a few interesting use cases, like atomic >>> >>> logging with some unspoken or spoken gurantees, >>> I introduced put_atom/[1,2] in Novacore streams: >>> >>>  > put_atom(S, A): >>>  > The built-in succeeds. As a side effect, it adds >>>  > the atom to the stream S. >>> >>> Now because I am revising my streamable DOMs, the >>> "HTML writer" part, I even went so far as to >>> bootstrap put_code/[1,2] from it: >>> >>>  > put_code(Stream, Code) :- >>>  >    char_code(Atom, Code), >>>  >    put_atom(Stream, Atom). >>> >>> One can eliminate each put_code/[1,2] call such >>> as put_code(S, 0'\n) by a put_atom/[1,2] call >>> such as put_atom(S, '\n'). The performance is the >>> >>> same, in my case can be slighly better since under >>> the hood put_code and put_atom called the same >>> stream meachnism. >>> >>> But the main reason I eliminate put_code was >>> to have a single point. Because the Prolog >>> write_term/1 is 100% written in Prolog, in the >>> >>> end it only only uses put_atom. >>> >>> Bye >> >