So I had to see PG's solution in arc1. Pretty nice as it removes some duplication and has a simpler (and more efficient) way to determine if a sub aif is needed:
(mac aif (expr . body)
`(let it ,expr
(if it
,@(if (cddr body)
`(,(car body) (aif ,@(cdr body)))
body))))
Duplication is removed by simple branching inside the `(let it ,expr ... part. And (cddr body) is shorter and more efficient than (<= (len body) 2).
So I should this be a srv startup option (to support utf-8)? And then all Content-Type: text/html should become Content-Type: text/html;charset=utf-8 ?
That would be easy to add to the header stuff I was working on yesterday. Can probably do that tonight.
Cool. I don't think it should be an option though, since the server generates utf-8 anyway - it just doesn't label it correctly. I can't imagine when it would be useful _not_ to indicate the encoding.
Not indicating the encoding leaves you vulnerable to an XSS attack. For instance, the following looks harmless, but if you don't set the encoding explicitly it can get executed if your browser is set to UTF-7, or auto-detects to UTF-7:
+ADw-script+AD4-alert('XSS')+ADw-/script+AD4-
Edit to add some explanation: if displayed as UTF-7, the above will pop up a "XSS" alert box. It's just an example; it doesn't actually do anything bad but it shows the potential for malicious XSS. A key point is that HTML-escaping your output or filtering out HTML tags isn't enough, since innocuous-looking characters can cause problems if the encoding is misinterpreted.
In Arc you would just use a list, I believe. What type of things would you like to do with a vector? If you give some code examples I'm sure someone will translate into Arc.
Vectors are very useful when accessing random positions in array. Lists are very inefficient for this because they need O(n) operations to access one item, whereas vectors only O(1).
Makes sense. Obviously this is better for something being released to the public but during testing I didn't know if (even inefficiently) asv could be used as a one stop shop (a la webrick).
That shouldn't be too hard to hack in, I think... just find some way to capture all /images/* URLs or something and open up a file and send the contents. You might have to be a little careful with MIME types and so forth, but it seems pretty straightforward.
Just take any URL that is not defop'ed to mean a file name.
Currently, if no op is defined, the server responds with "Unknown operator.". Replace that with the code for opening a file, and if this fails, respond with a proper 404 Not Found message.
