New programming language could make Web design easier, more secure

Chuck Bednar for – Your Universe Online
Creating a webpage today is far from the easy HTML coding exercise that it once was, but a team of Massachusetts Institute of Technology (MIT) researchers are working on a brand new programming language that could make the process a whole lot easier.
Modern websites require the juggling of several interacting components, including cascading style sheets, XML code, ad hoc database queries, and JavaScript functions, the researchers said. However, it can be a difficult and time-consuming task keeping track of their interactions.
Adam Chlipala, MIT’s Douglas Ross Career Development Professor of Software Technology, and his colleagues are creating a new programming language that makes it possible for webpage developers to write various applications as self-contained programs.
The language is known as Ur/Web, and Chlipala will present a paper describing how it works next month at the Association for Computing Machinery’s 42nd Symposium on Principles of Programming Languages (POPL) in Mumbai, India
Ur/Web’s compiler, or the program that turns high-level instructions into machine-executable code, takes those self-contained programs and automatically generates the corresponding XML code and style-sheet specifications. It also embeds JavaScript and database code in the correct areas, ultimately making Web applications easier to right and more secure.
“Let’s say you want to have a calendar widget on your Web page, and you’re going to use a library that provides the calendar widget, and on the same page there’s also an advertisement box that’s based on code that’s provided by the ad network,” said Chlipala.
“What you don’t want is for the ad network to be able to change how the calendar works or the author of the calendar code to be able to interfere with delivering the ads,” he continued, noting that Ur/Web automatically prevents this type of unauthorized access between page elements.
Since it is able to provide both security protection and can coordinate various different types of Web technologies, the developers compare it to programming languages such as C++ or Java. As a programmer defines new variables, they are constrained to a particular data type, and all new functions have to include the type of data they act upon and the type of data that they return.
In computing the value to return, the function may need to create new variables, MIT officials explained. For instance, a function that returned an average of values in a database, would first need to calculate their sum. However, those particular variables cannot be accessed by the rest of the program, since it limits the scope of variables defined within functions.
“You might want to write a library that has inside of it as private state the database table that records usernames and passwords,” said Chlipala. “You don’t want any other part of your application to be able to just read and overwrite passwords. Most Web frameworks don’t support that style. They assume that every part of your program has complete access to the database.”
Typing also helps which security (for instance, Ur/Web treats usernames as their own data type and treats them differently than database queries) and enables coordination across groups of Web technologies. In order to allow Ur/Web to coordinate this data flow, Chipala created libraries of new data types for SQL, XML, and cascading style sheets (CSS) that embody these rules.
While the programming language is currently capable of generating XML, JavaScript, and SQL code in its current version, it does not produce style sheets automatically as of yet. However, it can analyze the an entire program and produce lists of the various classes and data types which could be mentioned, and discusses which properties which might be worth setting, Chlipala said.
Follow redOrbit on TwitterFacebookInstagram and Pinterest.