Write reliable Web applications

The compiler helps you to avoid and remove bugs

OCaml's rich type system makes it possible to check many properties of the program and remove a large set of bugs at compile-time. Ocsigen employs an advanced use of these features to provide many guarantees (above and beyond type safety) and protection against many security flaws. For example:

  • No broken links
  • Forms and links correct w.r.t. what is expected by the service (e.g. names and types of parameters)
  • Valid HTML

OCaml has a very rich type system, making it possible to check and verify many properties of the program while compiling.

This provides many benefits, including:

  • you don't have to implement such verifications yourself
  • you save debugging time! If you change something (for example a data structure) somewhere in your program, the OCaml compiler will point out every place where you need to adapt the program.

The use of such strong static typing features may seem restrictive at first glance, but it actually saves a lot of time while developing large applications, making your programs easy to maintain and expand.

OCaml's typing system also guarantees that your program will never crash!

Static typing of Web applications

Ocsigen's projects employ advanced static typing in many places.

Typing links and forms

Ocsigen is uses static typing to check the validity of link parameters or form elements w.r.t. the services they point to. For example, if a form contains a checkbox, the associated service must expect a boolean value.

HTML conformance

For reasons of interoperability and accessibility, HTML pages must respect W3C recommendations. Usually, programmers use one or more page validators to check for valid HTML. But today, most Web pages are dynamically generated and a validator cannot reliably guarantee that all such pages will be valid in every situation.

With Ocsigen, the validity of pages is checked at compile time! The compiler will anticipate and identify every point where the program may some day generate an invalid page! Thus you no longer need to worry about validity.

Conformance of client/server applications

As client/server Eliom applications are written as a single program, these typing features will extend to the whole program. You do not need to worry about the conformance of client side w.r.t. server side code, because the type checker will account for client-side typing issues as well.

Typing of database access

Strong static typing also affects the way in which Ocsigen interacts with your databases. Ocsigen's database module employs static typing to check database access and avoid runtime errors.

Security

Modern web development requires an attention to a variety of security issues. Fortunately, Ocsigen automatically addresses a variety of these concerns for you. Ocsigen provides built-in protections against code injection, cross site scripting or session fixation problems. Eliom also adds protections against cross site request forgery, etc.