The key aspects of Ur/Web that make it different to traditional web development are its approach to security, and the way it enables coordination and management of relationships between all the components that make up a webpage.
Ur/Web has at its heart a development principle known as “strong typing,” which means that whenever a piece of code or “function” is written, the author also defines what type of data the function accepts as an input and what it will return as a result.
Ur/Web is Ur plus a special standard library and associated rules for parsing and optimization. Ur/Web supports construction of dynamic web applications backed by SQL databases. The signature of the standard library is such that well-typed Ur/Web programs “don’t go wrong” in a very broad sense. Not only do they not crash during particular page generations, but they also may not:
- Suffer from any kinds of code-injection attacks
- Return invalid HTML
- Contain dead intra-application links
- Have mismatches between HTML forms and the fields expected by their handlers
- Include client-side code that makes incorrect assumptions about the “AJAX”-style services that the remote web server provides
- Attempt invalid SQL queries
- Use improper marshaling or unmarshaling in communication with SQL databases or between browsers and web servers
This type safety is just the foundation of the Ur/Web methodology. It is also possible to use metaprogramming to build significant application pieces by analysis of type structure. For instance, the demo includes an ML-style functor for building an admin interface for an arbitrary SQL table. The type system guarantees that the admin interface sub-application that comes out will always be free of the above-listed bugs, no matter which well-typed table description is given as input.
The implementation of all this is open source.