Advanced HTML Techniques

The Web grew up around the vision of the HTML file as a simple, static text file served uniformly to all requests, but this vision has gotten complicated in recent years by advances in Web technology. Web sites now commonly generate Web content at the time of the client's request. These Dynamic HTML techniques allow the content to adapt to the specific preferences and requests of the user. Dynamic HTML also simplifies the task of Web design (once you get past the programmatic hurdles) because the Web server can serve up unlimited combinations of output through a single template.

At the same time, another vision is now playing out in the Web world: client-side programming. In this vision, programmatic instructions are passed to the client along with the HTML data, and these instructions execute on the client computer while the user views the Web page.

You'll learn more about these server-side and client-side HTML techniques in the following sections.

Server-Side HTML Techniques

You might have noticed in the earlier discussion of HTML code that there is nothing difficult or complex about pasting HTML tags into a text file. In fact, it is a fairly simple matter to get a computer program or script to assemble HTML content. This dynamic approach enables a Web site to interact with the user. The server can formulate the Web page in response to user input. Server-side scripting also lets the server accept input from the client and process that input behind the scenes. A common server-side scripting scenario is show in Figure 17.6. The process is as follows:

One of the more popular methods for interfacing a program or script with a Web page is through the common gateway interface (CGI). CGI was developed to accept form-based input from a Web user, process that input, and then generate output in the form of HTML. CGI scripts are commonly written in the Perl language, but CGI is compatible with other languages, including C.

Once the control passes through the CGI interface to the program, the program can take on any of the tasks typically accomplished through software. You can use a CGI script to process an order, respond to a query, or assemble a custom view of the Web page.

CGI is only one of several methods for integrating server-end processing with a Web page. Other methods include the following:

• NSAPI— Netscape Server Application Programming Interface, a programming interface designed for the Netscape Web server product.

• ISAPI— Internet Server Application Programming Interface, a programming interface designed for Microsoft's Web server product.

• Active Server Pages— A server-side scripting environment developed by Microsoft.

• Allaire ColdFusion— A Web application development package for developing dynamic Web sites. ColdFusion places special emphasis on database connectivity.

As Figure 17.6 shows, one of the most important uses for this server-end processing capability is so that the Web server can interact with a database system. Through this feature, the Web page can serve as a transaction processor and remote query interface. Some Web server applications have begun to include built-in database interface features. The huge commercial Web sites are almost always integrated with equally huge and well-designed database systems.

Another emerging use for server-end processing technology is as a network configuration and management tool. In this scenario, a set of management utilities is launched and monitored through a Web-based interface. Some network devices, such as routers or NAT devices, have built-in mini-Web servers that enable the administrator to access the devices through a browser for configuration and maintenance. Larger Web-based management systems that monitor a whole network are also available.

The power and usefulness of the Web-based programming interface seemed nearly unlimited a few years ago. These techniques are still an integral part of today's Internet, but experts have begun to realize that these types of tools can cause security problems if they aren't implemented carefully. By their very design, these programs essentially invite the remote user (often an anonymous Web user) to execute a program on the server machine. Hostile intruders have become increasingly adept at exploiting the possibilities of these tools for gaining entry to the Web server's security system. You'll learn more about security issues in Hour 19, "What Hackers Do," and Hour 20, "TCP/IP Security."

Client-Side HTML Techniques

Client-side processing has also enhanced and transformed the Web experience. Today's browsers are capable of executing code passed directly to the client computer from the Web server. Client-side processing reduces the processor load on the server infrastructure and often reduces the total amount of information that must be transmitted over the network. Java applets (and other, similar technologies) are the basis for the bouncing balls and laughing monkeys that move about in the browser window when you access certain Web sites. These technologies also have a more serious side. For instance, you can use client-side scripts to check the integrity of a data entry form.

A few years ago, many believed the future of computing was in a complete Java-based operating environment that would download to the client at startup. This concept seems to have cooled recently, but the idea underscores the untapped potential of client-side processing techniques.