WWW_App:

Create HTML pages using just Ruby: HTML/CSS/JS. It's not done yet.

Ruby:

To install:

  gem install www_app

To Use:

WWW_App.new {

  style {
    a {
      _link    { color '#fff' }
      _visited { color '#f88' }
      _hover   { color '#ccc' }
    }
  }

  div {

    border           '1px solid #000'
    background_color 'grey'

    on('scary') {
      border           '2px dotted red'
      background_color 'white'
    }

    p { 'Click the button to make me scared.' }

    button {
      parent 'div'
      add_class 'scary'

      'Scary-ify'
    }

  }
}.to_html

It generates the CSS, JS, and HTML.

Security:

1) Server-side: All data from user should be run through :render to ensure sanitization/escaping.

2) Server-side: All JS meant for :script tags should be escaped before encoded into JSON.

3) Client-side: No untrusted data presented to user: :inner_html/:inner_text: only uses content from the server after it has been sanitized/escaped.

4) Client-side: No client-side sanitization/escaping. Too many bugs and security issues because of browser incompability/implementations. Content to be used in client-size JS can only come from the server using "lockboxed vars".

5) Client-side: When using :inner_html, check for: /<script/i in String.

6) All forms require a CSRF token.

Notes:

1) Blockquotes no longer allow the :cite attribute. Instead use the cite tag. More info at: http://html5doctor.com/cite-and-blockquote-reloaded/

2) Originally, this was going to be programs written in 100% JSON. This has changed because it turns out people do not want to create programs, they just want to customize them: https://www.youtube.com/watch?v=9nd9DwCdQR0#t=857

Fun fact:

JSON Applet was changed to WWW_Applet. WWW_Applet was then changed to WWW_App.