Enforcing Strict Model- View Separation in Template Engines Terence Parr University of San Francisco
Dynamic Pages out.println(" "); out.println(" Servlet test "); String name = request.getParameter("name"); out.println("Hello, "+name+"."); out.println(" "); JSP test Hello,. Note: XSLT is not a template mechanism Servlet: JSP:
Example Entanglements $if(user==“parrt” && machine=“yoda”)$ $if(user==“parrt” && machine=“yoda”)$ $price*.90$, $bloodPressure>130$ $price*.90$, $bloodPressure>130$ $a=db.query(“select subject from ”)$ $a=db.query(“select subject from ”)$ $model.pageRef(getURL())$ $model.pageRef(getURL())$ $ClassLoader.loadClass(somethingEvil)$ $ClassLoader.loadClass(somethingEvil)$ $names[ID]$ $names[ID]$ st.setAttribute(“color”, “Blue”); st.setAttribute(“color”, “Blue”);
Motivation For Separation Encapsulation Encapsulation Clarity Clarity Division of labor Division of labor Component reuse Component reuse Single point-of-change Single point-of-change Maintenance Maintenance Interchangeable views Interchangeable views Security Security Note: these benefits all derive from single principle of separation
The Problem With Engines Web demands dynamic content, leading to rise of template engines Web demands dynamic content, leading to rise of template engines Goal: separate display from business logic Goal: separate display from business logic Problem: engines don’t enforce separation, they only encourage separation (Murphy, IBM keybrd, etc…) Problem: engines don’t enforce separation, they only encourage separation (Murphy, IBM keybrd, etc…) Reason: engine builders and users fear that enforcement implies fatal weakness Reason: engine builders and users fear that enforcement implies fatal weakness Result: developers exploit loopholes, encoding logic in templates, thus, entangling model/view Result: developers exploit loopholes, encoding logic in templates, thus, entangling model/view Situation partially due to lack of formal treatment: no def. of template nor separation Situation partially due to lack of formal treatment: no def. of template nor separation
My Proposition Separating logic from display is widely-accepted as a worthy goal (MVC pattern) Separating logic from display is widely-accepted as a worthy goal (MVC pattern) Enforcing the separation principle is better than encouraging its use Enforcing the separation principle is better than encouraging its use We can enforce separation without emasculating the power of a template engine We can enforce separation without emasculating the power of a template engine I have empirical evidence in the form of my StringTemplate engine and its use at jGuru, … I have empirical evidence in the form of my StringTemplate engine and its use at jGuru, … I have formally shown restricted templates generate sufficiently large language classes I have formally shown restricted templates generate sufficiently large language classes Herein, I motivate and define separation then illustrate use of StringTemplate Herein, I motivate and define separation then illustrate use of StringTemplate
Rules of Separation 1. the view cannot modify the model 2. cannot perform computations upon dependent data values 3. cannot compare dependent data values 4. cannot make type assumptions 5. data from model cannot contain display, layout information
Entanglement Index Equal to the number of separation rules an engine violates: 1..5 Equal to the number of separation rules an engine violates: 1..5 Undecidable rule (data cannot contain layout information) yields min index of 1 Undecidable rule (data cannot contain layout information) yields min index of 1 Slippery slope: engines are either 1 or 5 Slippery slope: engines are either 1 or 5
What you need Attribute reference: $name$ Attribute reference: $name$ Conditional include $if(title)$ $title$ $endif$ Conditional include $if(title)$ $title$ $endif$ Template references (possibly recursive): $navbar()$ Template references (possibly recursive): $navbar()$ Apply template to multi-valued attribute: $aList:{ $attr$ }$ or $aList:bold()$ Apply template to multi-valued attribute: $aList:{ $attr$ }$ or $aList:bold()$
StringTemplate: Fill Table $users:row()$ $attr.name$ $attr.age$ Boris 39 Natasha goal: page: row: page.setAttribute("users", list); public class User { String name; int age;... }
MVCR Pattern How do you escape ‘<‘ to be ‘<’? Model/controller may not escape a priori and template cannot scan/replace How do you escape ‘<‘ to be ‘<’? Model/controller may not escape a priori and template cannot scan/replace Clearly must be code somewhere, but if not in M, V, or C then where? Clearly must be code somewhere, but if not in M, V, or C then where? Silent partner at work already where escaping should live: renderer, an aspect embodied by all attribute toString methods Silent partner at work already where escaping should live: renderer, an aspect embodied by all attribute toString methods View: layout. Renderer: convert binary to char View: layout. Renderer: convert binary to char Ex: view says where/color, renderer says (10) vs -10 Ex: view says where/color, renderer says (10) vs -10 Solution: controller wraps attributes with objects from an HTMLRenderer package, for example Solution: controller wraps attributes with objects from an HTMLRenderer package, for example
Summary Most engines do not enforce separation, a worthy goal; they support constructs that allow violations, fearing lack of power Most engines do not enforce separation, a worthy goal; they support constructs that allow violations, fearing lack of power Programmers use these constructs as expedients Programmers use these constructs as expedients I provide empirical evidence and formal arguments demonstrating that the ideal is possible: strict separation and a potent engine I provide empirical evidence and formal arguments demonstrating that the ideal is possible: strict separation and a potent engine Engines no longer have an excuse to support entanglement of model and view Engines no longer have an excuse to support entanglement of model and view StringTemplate embodies principles described herein: StringTemplate embodies principles described herein:
But wait! There’s more! New! StringTemplate 2.0b1 brings a lot including group file format, useful for source-to-source translation New! StringTemplate 2.0b1 brings a lot including group file format, useful for source-to-source translation group javaTemplates; method(type,name,args,body) : << public ( ) { } >> assign(lhs,expr) : “ = ;” if(expr,stat) : “if ( ) ” call(name,args) : “ ( );” …