- Each time Crunchy starts, it generates a random session number (10 digit long).
- The javascript code used to communicate between Crunchy and the browser is fetched from a static file and modified to include the unique session number as part of each command; a new javascript file, with a filename that incorporates the session number is generated.
- When Crunchy fetches an html page, it processes it to remove unwanted code. This means removing all (java-)scripts and only allowing html tags that are on a "whitelist". This whitelist excludes any of the usual "onload", "oninit", etc., automatic execution.
- Next, Crunchy interactive elements (Python interpreter, code editor, button for Python code execution, etc.) are inserted with the javascript calls, each call given a unique identifier for that session.
- Finally, the processed page is displayed in the browser, with the server waiting for user-generated interactions.
- This procedure is repeated for any page that is loaded during that session.
- At the end of a session, when Crunchy is terminated, the javascript file that was generated and used in that session is deleted.
After that, I will be ready to start implementing rur-ple inside the Crunchy environment; if there is enough interest, I might implement a turtle graphics module as well.
===== Changes from 0.6 to 0.7 ================
0. Name change
To prevent confusion with an existing program named CrunchyFrog, "Crunchy Frog" has been renamed as "Crunchy", short for "Crunchy, the Interactive Python Tutorial Maker".
1. *Security fix*
The previous versions of Crunchy allowed tutorials containing arbitrary (and hidden) javascript code to be loaded within a browser window. The new version removes any existing javascript code prior to processing for display within a browser.
Feel free to try and break this - and please report any findings back to us.
2. New functionality.
- It is possible to run external programs from within the browser; sample demos include GUI programs with 1. Tkinter, 2. pyGtk, 3. wxPython, 4. Pygame
- Automatic syntax colouring of (static) Python code, including (as an option) line numbering.
- New plotting canvas with simple to use api to draw mathematical functions
- Drawing & plotting canvas can be set to arbitrary size.
- Multiple canvas can now appear on same page.
- New addition and simplification to the sound api.
- Simplification of error message (tracebacks) more suitable for beginners.
- New plotting canvas with simple to use api to draw mathematical functions
- Drawing & plotting canvas can be set to arbitrary size.
- Multiple canvas can now appear on same page.
- New addition and simplification to the sound api.
- Simplification of error message (tracebacks) more suitable for beginners.
- Integrated menu which can be styled through custom css
- Three sample css styles now included (selectable via the browser menu)
4. New content:
- First draft sound tutorial exploring concepts of frequency, beats, harmonics (Fourier series), etc.
- New addition to the basic "Crunchy user" tutorial
- Additions to all reference documentation (sound & graphics api, vlam options, etc.)
No comments:
Post a Comment