<%-- 
    Document   : script
    Created on : Jul 24, 2008, 9:46:49 AM
    Author     : jbf
--%>

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">

<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Autoplot Script Servlet</title>
    </head>
    <body>

    <h1>Autoplot Script Servlet Demo</h1>

    <p>
    This demonstrates how scripting might be used with Autoplot to provide
    precise specification of an image or access to the libraries it uses.</p>

    <p>
    WARNING: This allows arbitrary code to be executed on the server, so this
    should not be left on and should not be advertised.  We try to guard against attacks with
    taint-checking (for example, imports are not allowed nor formatDataSet,
    <a target="_blank" href="https://autoplot.svn.sourceforge.net/svnroot/autoplot/autoplot/trunk/AutoplotServlet/src/java/org/autoplot/servlet/ScriptServlet.java">etc</a>)
    but this is not thorough.
    Scripts are logged in /tmp/autoplotservlet or the location indicated in the environment variable AUTOPLOT_SERVLET_HOME.
    The file AUTOPLOT_SERVLET_HOME/allowhosts can be used
    to restrict access to the service, and by default only localhost is allowed.  It is a list of
    allowed clients IP, allowing *'s (globs or wildcards) to match multiple IPs. 
    </p>

    <p>Note there are issues with the design right now, and this lacks abusive testing!</p>

    Documentation:
    <a href="http://apps-pw.physics.uiowa.edu/hudson/job/autoplot-javadoc/ws/doc/org/autoplot/ScriptContext.html">Script Context</a>
    <a href="https://autoplot.svn.sourceforge.net/svnroot/autoplot/autoplot/trunk/JythonSupport/src/imports2017.py">Imported Codes</a>
    <br><br>
    
    <form action="ScriptServlet" method="POST">
        Enter Script:<br>
        <textarea rows="14" cols="120" name="script" >
response.setContentType("text/plain");
out = response.getOutputStream();

for i in listDirectory('http://autoplot.org/data/*.cdf'):
  out.println(i);
out.close();
        </textarea>
        <br>
        <input type="submit" value="Execute" />
    </form>

<!--    Here's another example script:
setCanvasSize( 600, 400 )
setDataSourceURL( 'http://www.sarahandjeremy.net/jeremy/1wire/data/2008/0B000800408DD710.20080118.d2s' )
setTitle( 'Garage 20080118' )
response.setContentType('image/png')
out = response.getOutputStream()
writeToPng( out )
-->

<!--    This demos security.  (Security lacks a thorough study!  Please do not leave this server unattended!)
response.setContentType("text/plain");
out = response.getOutputStream();

f= java.io.File( '/etc/passwd' )
out.println( f.length() )
out.close();
-->
    </body>
</html>