Secure Global Desktop Administration Guide > Applets > The ttawebtop.cgi CGI program

The ttawebtop.cgi CGI program

Note The ttawebtop.cgi program can only be used to access the classic functionality of Secure Global Desktop.

When you click on a link for an application, Secure Global Desktop constructs a special URL containing information necessary to display and resume the application. The information is specified in a query string that is passed to the Secure Global Desktop CGI program ttawebtop.cgi. Secure Global Desktop uses ttawebtop.cgi to substitute placeholders in the HTML file containing the emulator applet with values from the query string. For example, ttawebtop.cgi replaces %%OBJECTNAME%% in xde.html, by obtaining the object's TFN name from the URL.

If you don't use the webtop to run applications, for example you use an HTML form, you need to build the URL yourself.

Use this URL syntax:

http://server/tarantella/cgi-bin/ttawebtop.cgi/document?ob=objname&aw=width&ah=height&ti=title

where:

The following information must be supplied in the query string, if not specifed with applet parameter values.

Argument Description
ob=objname The object representing the application you want to run. Use a TFN name for objname.

You must URL-encode objname, see below for more details.

aw=width The width (in pixels) of the emulator applet.
ah=height The height (in pixels) of the emulator applet.
ti=title The title text for the HTML page in which the emulator displays. Defaults to either "X Emulator" or "Terminal Emulator" if this argument is omitted.

URL encoding

The URL of the HTML file containing the emulator applet must be encoded using the valid characters and format specified in RFC1738. This means characters such as <, >, " and / are not allowed in the search (query string) section of the URL except in their encoded version. For example:

use ...instead of ...
%20space
%22"
%2f/
%3c<
%3e>

Some other characters, for example & and = have special meaning in the search section of a URL and, if you do not want them to be interpreted in that way, you must encode them (for example & becomes %26 and = becomes %3d).

For additional security, for example to prevent cross-site scripting attacks, ttawebtop.cgi also substitutes the following encoded characters with their HTML character entities:

this ...becomes ...
%22&quot;
%26&amp;
%3c&lt;
%3e&gt;

This prevents scripts encoded %3cSCRIPT%3esome_script_code%3c%2fSCRIPT%3e from being returned and executed in the html passed back to the client.

Example

http://newyork.indigo-insurance.com/tarantella/cgi-bin/ttawebtop.cgi/tarantella/
resources/webtops/sco/tta/standard/locale=en-us/xde.html?
ob=...%2f_ens%2fo%3dorg%2fcn%3dxterm&aw=640&ah=480&ti=xterm

Displays the application represented by the object .../_ens/o=org/cn=xterm in the sco/tta/standard webtop theme's xde.html file. The size is 640x480, and the title is "xterm".

Related topics