sharpetronics/dream
1
0
Fork 0
mirror of https://github.com/aantron/dream.git synced 2025-12-31 00:03:52 -05:00
Code Issues Projects Releases Wiki Activity
dream/example/w-query
History
Anton Bachin f997718427 Document example/w-query
2021-04-08 18:10:14 +03:00
..
dune
Sketch example/w-query
2021-03-29 20:20:25 +03:00
dune-project
Sketch example/w-query
2021-03-29 20:20:25 +03:00
query.ml
Document example/w-query
2021-04-08 18:10:14 +03:00
README.md
Document example/w-query
2021-04-08 18:10:14 +03:00

README.md

w-query


This very simple example accesses a value in the query string with Dream.query:

let () =
  Dream.run (fun request ->
    match Dream.query "echo" request with
    | None ->
      Dream.respond "Use ?echo=foo to give a message to echo!"
    | Some message ->
      Dream.respond (Dream.html_escape message))

$ dune exec --root . ./query.exe

Visit http://localhost:8080?echo=foo and you will see foo printed! Since we are inserting untrusted client-sent data into an HTML response, we have to escape it with Dream.html_escape. See Security in example 7-template for a discussion. Perhaps you can even launch an XSS attack against an unsafe version of this example!


Up to the example index