Known Problems | The TO DO List
- The 2.0 Tcl Plugin is based on Tcl/Tk 8.0. This means that you
get the benefits of Tcl's just-in-time bytecode compiler, and some
scripts will execute significantly faster, especially compute-intensive
- Native look and feel for Tclets on each platform, because the plugin
now uses Tk 8.0.
- First source release: the complete source for the plugin and all
Tcl files is included!
- The plugin is now free for any use, including redistribution, derivation,
commercial use, etc. Please let us know if you redistribute it or derive
another piece of software from it - this is just to satisfy our own
curiosity, not obligatory.
- New installation locations:
- On Unix the plugin installs by default into the Netscape hierarchy,
- On Win32, it installs by default into c: clplug.
- Comprehensive documentation is provided in your-install/doc.
Read those manual pages to find out all the nitty gritty details about
what's possible with this feature-rich plugin. Use 'nroff -man' or
similar to produce a printed copy of the manual pages or use the
- New "policy" command instead of overloading the "package require"
The 2.0.3b release includes a new command "policy" that can be used
by Tclets to request the use of a policy. Previously the same was achieved
by issuing a "package require" command in a Tclet. See the policy manual
- Several new security policies:
These policies provide similar functionality to what used to be in
Browser, Tempfile and Safesock combined. Each policy provides the same
functions, with the only difference being which resources a Tclet can
access. The features provides:
All policy names are now lower-case.
- Communication with the hosting browser to fetch and post URLs.
- Access to remote servers through sockets.
- Local persistent storage that can be shared with other Tclets loaded
from the same site.
All policies are documented in manual pages included in the 'doc' directory
of the plugin runtime library. All policies are configurable through
settings in a separate configuration file for each policy.
At this time, site administrators are required to edit the configuration
files. We welcome the contribution of a Tk-based admin tool
that would let site administrators control these settings from a GUI
without having to edit text files.
HTML on the fly into new or existing frames has been moved into its
is impossible to restrict access to any URLs when these functions are
available, therefore they cannot be available in Home, Inside and Outside.
- The capabilities provided by the plugin are organized into logical
packages called "features".
All the features are stored in <your-install>/safetcl. The capabilities
provided by the plugin have been organized into several features:
- "url" allows a Tclet to fetch and post to URLs, display URLs, etc.
- "network" allows a Tclet to open network sockets.
- "persist" enables a Tclet to use local persistent storage.
- "stream" allows a Tclet to generate output streams to frames managed
by the browser.
- "unsafe" restores the unsafe commands that were removed by the
- Flexible configuration package, configuration syntax is "English"-like.
All configurable parameters of the plugin are controlled from a central
configuration file, <your-install>/config/plugin.cfg. The configuration
is organized in easy to understand sections and the configuration itself
is written in a human readable form.
- Policies are now "codeless", that is, you don't have to know (a
lot) of Tcl to write a policy.
Policies are just named configurations, so you don't need to write
a lot of Tcl code to implement a new policy. Policy configurations
specify which features they enable and under what circumstances, and
they do not contain implementations for those features -- that is left
for the features themselves.
Settings in the plugin.cfg file control which policies are enabled
and under what circumstances.
- The plugin now uses namespaces for partitioning its functionality.
- safe:: for the Safe Base.
- cfg:: for the configuration package.
- browser:: for the procedures to communicate with the hosting browser.
- safefeature:: for procedures implementing feature packages.
- rpi:: for remote procedure invocations between the plugin and an
external process hosting Tclets (see below).
- Tclets can appear inline in the web page by giving their source as the
value of a "script" tag in the embed statement. Both a "script" tag and
an "src" tag can appear within the same embed statement.
- Tclets can now execute without display, by specifying "tk=0" in the
embed statement. You should also use the "hidden" tag to tell the browser
not to reserve space for this instance on the page.
- The Tcl Plugin now supports use of an external process to host
Tclets, in addition to being able to host Tclets directly within the
browser. The external process must contain on Tk 8.0 or later. A default
executable is supplied with the plugin and will be used if the user
didn't specify which executable to use.
In this release, the plugin hosts Tclets inside the browser by default.
In a future release the default will be to host Tclets in an external
For information on how to use the external process facility in the
plugin, see the
plugin manual page.
- Lots of information about the Tclet is now available inside the
Tclet itself, e.g. the URL from which it was loaded and the text of
- Many bug fixes related to initialization and de-initialization.
Previously these bugs would cause the plugin to eventually fail.
- Much better support for fonts, using both X11 fonts and portable
font name specification. See the Tk 8.0 documentation.
- Much better support for focus propagation on Unix: the Tclet has
a chance to get the focus when the mouse enters, and the Tclet loses
focus when the mouse leaves.
- Faster loading of Tclets due to smarter use of streaming and the
browser cache. Reloading of a previously used Tclet is much faster.
A splash screen is provided for slow-loading Tclets to give the user
an indication that the plugin is alive and simply slow because the
Tclet code hasn't arrived yet.
- The browser::openStream API now supports mime types other than
text/html, allowing the Tclet to write image data, for example.
- Most APIs have been made binary-safe. They can now handle data
that contains embedded \0's.
- The browser::getForm and browser::displayForm APIs now take unencoded
data to submit to the remote service, and do the proper encoding to
protect the data in transit.
As long as you enclose it in curly braces, the right thing will happen.
- The APIs to communicate with the browser have all been enhanced
to take callbacks that get called when the appropriate event happens.
This allows a Tclet to find out for example when a requested stream
of data starts to arrive from a URL. These APIs also take an integer
specifying the number of milliseconds to wait before timing out. Finally,
they are all non-blocking if callbacks are specified, to allow a Tclet
to continue computing or responding to user input while it is waiting
for a requested URL's contents to arrive.
- Dynamic loading of Tcl extensions is now supported when the plugin
uses an external process to host Tclets. If you need
to use a special executable that contains the extension statically linked
you can do that too, with the TCL_PLUGIN_WISH environment variable.
See the plugin manual page.
- Auto-loading now works in Tclets and packages work just as in regular
- Supports a console for debugging, and event logging to a window
and/or to a file. See the plugin manual
- Supports logging of significant events to a file or to a window.
See the plugin manual entry for details.
- (Unix) Supports debugging of external process hosting Tclets with
gdb. Note that this overwrites .gdbinit in your home directory without
asking, which may not be what you want.
- The plugin is now extensible because most of it was rewritten in
Tcl. The relevant scripts are provided in the plugin runtime library.
This will also make it much easier to support the Mac version in a
timely manner in future releases.
- The plugin now works well with Netscape Navigator 3.0 and 4.0 on
Unix and Win32.
- The plugin now works well with IE 3.0 and IE 4.0 on Win32.
- The plugin also works with the Opera 3.0 beta 5 release on Win32,
although not perfectly.
- The plugin also works with the Amaya browser from the W3C on Linux
2.0. We have not tested whether the Win32 version works or whether
it works with Amaya on other versions of Unix.
- Security enhancements:
- Tclets no longer see the auto_path and instead use symbolic tokens.
Likewise, tcl_library, tk_library and other paths are symbols now.
- vwait and tkwait have been restored so Tclets can now use them.
- fixed several security holes in the local persistent storage feature.
- Many bug fixes:
- Color maps now work better.
- More robust if many Tclets are being used at the same time.
- Event mechanism overhauled, now more responsive and robust.
- Sockets now work reliably, and the plugin uses a reliable efficient
RPC package to communicate with the external executable.
- Commands that crash IE 3.0 or 4.0 are now disabled if the plugin
detects that it's being used in those browsers.