4D v16

4D Transformation Tags

 
4D v16
4D Transformation Tags

4D Transformation Tags  


 

 

4D provides a set of transformation tags which allow you to insert references to 4D variables or expressions, or to perform different types of processing within a source text, referred to as a "template". These tags are interpreted when the source text is executed and generate an output text.

This principle is used in particular by the 4D Web server to build the Semi-dynamic pages.

These tags are generally be inserted as HTML type comments (<!--#Tag Contents--> ). However, other comments such as <!--Beginning of list--> are also possible. It is possible to mix several types of tags. For example, the following HTML structure is entirely feasible:

<HTML>
...
<BODY>
<!--#4DSCRIPT/PRE_PROCESS-->         (Method call)
<!--#4DIF (myvar=1)-->               (If condition)
   <!--#4DINCLUDE banner1.html-->   (Subpage insertion)
<!--#4DENDIF-->                     (End if)
<!--#4DIF (mtvar=2)-->
   <!--#4DINCLUDE banner2.html-->
<!--#4DENDIF-->

<!--#4DLOOP [TABLE]-->               (Loop on the current selection)
<!--#4DIF ([TABLE]ValNum>10)-->         (If [TABLE]ValNum>10)
   <!--#4DINCLUDE subpage.html-->   (Subpage insertion)
<!--#4DELSE-->                     (Else)
   <B>Value: <!--#4DTEXT [TABLE]ValNum--></B><BR>
                              (Field display)
<!--#4DENDIF-->
<!--#4DENDLOOP-->                  (End for)
</BODY>
</HTML>

Parsing the contents of 'template' pages is done in two contexts:

  • Using the PROCESS 4D TAGS command; this command accepts a 'template' as input, as well as (optional) parameters and returns a text resulting from the processing.
  • Using 4D's integrated HTTP server: Semi-dynamic pages sent by means of the WEB SEND FILE (.htm, .html, .shtm, .shtml), WEB SEND BLOB (text/html type BLOB), or WEB SEND TEXT commands, or called using URLs. In this last case, for reasons of optimization, pages that are suffixed with “.htm” and “.html” are NOT parsed. In order to "force" the parsing of HTML pages in this case, you must add the suffix “.shtm” or “.shtml” (for example, http://www.server.com/dir/page.shtm). For more information on this point, refer to the Semi-dynamic pages section in the Web Server chapter.

The following table lists the available 4D transformation tags. For more details, see the description of the tags below.

TagActionExample$ Syntax(*)Comments
4DTEXTInserts 4D variables and expressions as text<!--#4DTEXT [Customer]Name-->XRecommended if data processed externally in order to avoid malicious code injections
4DHTMLInserts HTML code<!--#4DHTML <br/>-->XNot recommended if data processed externally
4DEVALEvaluates any 4D expression<!--#4DEVAL a:=20-->XNot recommended if data processed externally
4DSCRIPT/Executes a 4D method with a parameter<!--#4DSCRIPT/MyMethod/MyParam-->
4DINCLUDEIncludes an HTML page inside another<!--#4DINCLUDE subpage.html-->
4DBASEDesignates the file used by 4DINCLUDE<!--#4DBASE ../file/-->
4DCODEInserts 4D code<!--#4DCODE ALERT(myVar)-->Supports CR, LF (4D code blocks)
4DIF, 4DELSE, 4DELSEIF, 4DENDIFInserts conditions into code within tags<!--#4DIF (myVar=1)-->
4DLOOP, 4DENDLOOPInserts loops into code within tags<!--#4DLOOP [table]-->Can be used with tables, arrays, methods, expressions, pointerArrays

(*)The tags should generally be inserted as HTML comments (<!--#Tag Content-->) in the source text. An alternative syntax using $ is possible under certain conditions for tags returning values, to make them conform to XML. For more information, see Alternative syntax for 4DTEXT, 4DHTML, 4DEVAL below.

 

Running a 4D method with 4DTEXT, 4DHTML, 4DEVAL, 4DSCRIPT, 4DIF, 4DELSEIF or 4DLOOP from a web request is subject to the “Available via tags and 4D URLs (4DACTION ...)” attribute value defined in the properties of the method. If the attribute is not checked for the method, it can not be called from a web request. For more information on this point, see the Connection Security section.

4D tags are interpreted recursively: 4D always attempts to reinterpret the result of a transformation and, if a new transformation has taken place, an additional interpretation is performed, and so on until the product obtained no longer requires any further transformation. For example, given the following statement:

<!--#4DHTML [Mail]Letter_type--> 

If the [Mail]Letter_type text field itself contains a tag, for example <!--#4DSCRIPT/m_Gender-->, this tag will be evaluated recursively after the interpretation of the 4DHTML tag.

This powerful principle meets most needs related to text transformation. Note, however, that in some cases this can also allow malicious code to be inserted. For more information about this point, refer to the following section.

4D transformation tags accept different types of data as parameters: text, variables, methods, command names, etc. When this data is provided by your own code, there is no risk of malicious code insertion since you control the input. However, your database code often works with data that was, at one time or another, introduced through an external source (user input, import, etc.).
In this case, it is advisable to not use transformation tags such as 4DEVAL or 4DSCRIPT, which evaluate parameters, directly with this sort of data.
In addition, according to the principle of recursion (see previous section), malicious code may itself include transformation tags. In this case, it is imperative to use the 4DTEXT tag.
Imagine, for example, a Web form field named "Name", where users must enter their name. This name is then displayed using a <!--#4DHTML vName--> tag in the page. If text of the "<!--#4DEVAL QUIT 4D-->" type is inserted instead of the name, interpreting this tag will cause the application to be exited.
To avoid this risk, you can just use the 4DTEXT tag systematically in this case. Since this tag escapes the special HTML characters, any malicious recursive code that may have been inserted will not be reinterpreted. To refer to the previous example, the "Name" field will contain, in this case, "&lt;!--#4DEVAL QUIT 4D--&gt;" which will not be transformed.

To ensure the correct evaluation of expressions processed via tags, regardless of the language or 4D version, it's recommended to use the tokenized syntax for elements whose name may vary over versions (commands, tables, fields, constants). For example, to insert the Current time command, enter 'Current time:C178'. For more information on this point, see the Using tokens in formulas section.

Starting from v15 R4, 4D always uses the period character (.) as a decimal separator when evaluating a numerical expression using a 4D tag 4DTEXT, 4DVAR, 4DHTML, 4DHTMLVAR, and 4DEVAL (as well as the old 4DVAR and 4DHTMLVAR tags). Regional settings are now ignored.

This feature facilitates code maintenance and compatibility between 4D languages and versions.

For example, whatever the regional settings:

 value:=10/4
 input:="<!--#4DTEXT value-->"
 PROCESS 4D TAGS(input;output)
  // always outputs 2.5 even if regional settings use the ',' as separator

Compatibility note: If your code, converted from a previous version, evaluates numerical expressions using 4D tags with respect to the regional settings, you'll need to adapt it using the String command:

  • To get value with a period as decimal point: <!--#4DTEXT value-->
  • To get value with a decimal point based on the regional settings: <!--#4DTEXT String(value)-->

4DTEXT  

Syntax: <!--#4DTEXT VarName--> or <!--#4DTEXT 4DExpression-->
Alternative syntax: $4DTEXT(VarName) or $4DTEXT(4DExpression) (see Alternative syntax for 4DTEXT, 4DHTML, 4DEVAL)

The tag <!--#4DTEXT VarName--> allows you to insert a reference to the 4D variable or expression returning a value. For example, if you write (in an HTML page):

<P>Welcome to <!--#4DTEXT vtSiteName-->!</P>

The value of the 4D variable vtSiteName will be inserted in the HTML page when it is sent. This value is inserted as simple text, special HTML characters such as ">" are automatically escaped. 

You can also insert 4D expressions using the 4DTEXT tag. You can for example directly insert the contents of a field (<!--#4DTEXT [tableName]fieldName-->), an array element (<!--#4DTEXT tabarr{1}-->) or a method returning a value (<!--#4DTEXT mymethod-->). The expression conversion follows the same rules as the variable ones. Moreover, the expression must comply with 4D syntax rules.

In case of an evaluation error, the inserted text will appear as “<!--#4DTEXT myvar--> : ## error # error code”.

Notes:

  • You must use process variables.
  • You can display the content of a picture field. However, it is not possible to display the content of a picture array item.
  • It is possible to display the contents of an object field by means of a 4D formula. For example, you can write <!--#4DTEXT OB Get:C1224([Rect]Desc;\"color\")-->.
  • For security reasons, it is recommended to use this tag when processing data introduced from outside the application, in order to prevent the insertion of malicious code (see the section below).
  • You will usually work with Text variables. However, you can also use BLOB variables. You just need to generate the BLOB in Text without length mode.

4DHTML  

Syntax: <!--#4DHTML VarName--> or <!--#4DHTML 4DExpression-->
Alternative syntax
: $4DHTML(VarName) or $4DHTML(4DExpression) (see Alternative syntax for 4DTEXT, 4DHTML, 4DEVAL)

Just like the 4DTEXT tag, this tag lets you assess a variable or 4D expression that returns a value, and insert it as an HTML expression. Unlike the 4DTEXT tag, this tag does not escape HTML special characters (e.g. ">").

For example, here are the processing results of the 4D text variable myvar with the available tags:

myvar ValueTagsResult
myvar:="<B>"<!--#4DTEXT myvar-->&lt;B&gt;
myvar:="<B>"<!--#4DHTML myvar--><B>

In case of an interpretation error, the inserted text will be “<!--#4DHTML myvar--> : ## error # error code”.

Note: For security reasons, it is recommended to use the 4DTEXT tag when processing data introduced from outside the application in order to prevent the insertion of malicious code (see the Prevention of malicious code insertion section below).

Syntax: <!--#4DEVAL VarName--> or <!--#4DEVAL 4DExpression-->
Alternative syntax: $4DEVAL(VarName) or $4DEVAL(4DExpression) (see Alternative syntax for 4DTEXT, 4DHTML, 4DEVAL)

The 4DEVAL tag allows you to assess a variable or a 4D expression. Like the existing 4DHTML tag, 4DEVAL does not escape HTML characters when returning text. However, unlike 4DHTML or 4DTEXT, 4DEVAL allows you to execute any valid 4D statement, including assignments and expressions that do not return any value.

For example, you can execute:

 $input:="<!--#4DEVAL a:=42-->" //assignment
 $input:=$input+"<!--#4DEVAL a+1-->" //calculation
 PROCESS 4D TAGS($input;$output)
  //$output = "43"

In case of an error during interpretation, the text inserted will be in the form: “<!--#4DEVAL expr-->: ## error # error code”.

Note: For security reasons, it is recommended to use the 4DTEXT tag when processing data introduced from outside the application, in order to prevent the insertion of malicious code (see the Prevention of malicious code insertion section below).

Syntax: <!--#4DSCRIPT/MethodName/MyParam-->

The 4DSCRIPT tag allows you to execute 4D methods when processing the template.. The presence of the <!--#4DSCRIPT/MyMethod/MyParam--> tag as an HTML comment forces the execution of the MyMethod method with the Param parameter as a string in $1.

Note: If the tag is called in the context of a Web process, when the page is loaded, 4D calls the On Web Authentication Database Method (if it exists). If it returns True, 4D executes the method.

The method must return text in $0. If the string starts with the code character 1, it is considered as HTML (the same principle is true for the 4DHTML tag).

For example, let’s say that you insert the following comment “Today is <!--#4DSCRIPT/MYMETH/MYPARAM-->” into a semi-dynamic Web page. When loading the page, 4D calls the On Web Authentication Database Method (if it exists), then calls the MYMETH method and passes the string “/MYPARAM” as the parameter $1. The method returns text in $0 (for example “12/31/14”); the expression “Today is <!--#4DSCRIPT/MYMETH/MYPARAM––>” therefore becomes “Today is 12/31/14”.

The MYMETH method is as follows:

  //MYMETH
 C_TEXT($0;$1//These parameters must always be declared
 $0:=String(Current date)

Note: A method called by 4DSCRIPT must not call interface elements (DIALOG, ALERT, etc.).

As 4D executes methods in their order of appearance, it is absolutely possible to call a method that sets the value of many variables that are referenced further in the document, whichever mode you are using. You can insert as many <!--#4DSCRIPT...--> comments as you want in a template.

Syntax: <!--#4DINCLUDE Path-->

This tag is mainly designed to allow another HTML page (indicated by the path parameter) to be included in an HTML page. By default, only the body of the HTML page that is specified is included, in other words, the contents found within the <body> and </body> tags (the tags themselves are not included). This lets you avoid conflicts related to meta tags present in the headers. However, if the HTML page specified does not contain <body></body> tags, the entire page is included. It is up to you to verify the consistency of the meta tags.
The <!--#4DINCLUDE --> comment is very useful for tests (<!--#4DIF-->) or loops (<!--#4DLOOP-->). It is very convenient to include tags according to a criteria or randomly.
When including, regardless of the file name extension, 4D analyzes the called page and then inserts the contents (modified or not) in the page originating the 4DINCLUDE call.

An included page with the <!--#4DINCLUDE --> comment is loaded in the Web server cache the same way as pages called via a URL or sent with the WEB SEND FILE command.

In path, put the path leading to the document to include. Warning: In the case of a 4DINCLUDE call, the path is relative to the document being analyzed, that is, the “parent” document. Use the slash character (/) as a folder separator and the two dots (..) to go up one level (HTML syntax).

Notes:

  • When you use the 4DINCLUDE tag with the PROCESS 4D TAGS command, the default folder is the folder containing the database structure file.
  • You can modify the default folder used by the 4DINCLUDE tag in the current page, using the <!--#4DBASE --> tag (see below).

The number of <!--#4DINCLUDE path--> within a page is unlimited. However, the <!--#4DINCLUDE path--> calls can be made only at one level. This means that, for example, you cannot insert <!--#4DINCLUDE mydoc3.html--> in the mydoc2.html body page, which is called by <!--#4DINCLUDE mydoc2--> inserted in mydoc1.html.
Furthermore, 4D verifies that inclusions are not recursive.

In case of error, the inserted text is "<!--#4DINCLUDE path--> :The document cannot be opened".

Examples

<!--#4DINCLUDE subpage.html-->
<!--#4DINCLUDE folder/subpage.html-->
<!--#4DINCLUDE ../folder/subpage.html-->

4DBASE  

Syntax: <!--#4DBASE folderPath-->

The <!--#4DBASE --> tag designates a working directory that is used by the <!--#4DINCLUDE--> tag.
When it is called in a Web page, the <!--#4DBASE --> tag modifies all subsequent <!--#4DINCLUDE--> calls on this page, until the next  <!--#4DBASE -->, if any. If the <!--#4DBASE --> folder is modified from within an included file, it retrieves its original value from the parent file. 

The folderPath parameter must contain a pathname relative to the current page and it must end with a slash (/). The designated folder must be located inside the Web folder.
Pass the WEBFOLDER keyword to restore the default path (relative to the page). 

Thus the following code (4D v12), which must specify a relative path for each call:

<!--#4DINCLUDE subpage.html--> 
<!--#4DINCLUDE folder/subpage1.html-->
<!--#4DINCLUDE folder/subpage2.html-->
<!--#4DINCLUDE folder/subpage3.html-->
<!--#4DINCLUDE ../folder/subpage.html-->

... can be rewritten using the <!--#4DBASE --> tag:

<!--#4DINCLUDE subpage.html--> 
<!--#4DBASE folder/-->
<!--#4DINCLUDE subpage1.html-->
<!--#4DINCLUDE subpage2.html-->
<!--#4DINCLUDE subpage3.html-->
<!--#4DBASE ../folder/-->
<!--#4DINCLUDE subpage.html-->
<!--#4DBASE WEBFOLDER-->

Example  

Setting a directory for the home page using the <!--#4DBASE --> tag:

/* Index.html */
<!--#4DIF LangFR=True-->
    <!--#4DBASE FR/-->
<!--#4DELSE-->
    <!--#4DBASE US/-->
<!--#4DENDIF-->
<!--#4DINCLUDE head.html-->
<!--#4DINCLUDE body.html-->
<!--#4DINCLUDE footer.html-->

In the head.html file, the current folder is modified through <!--#4DBASE -->, without this changing its value in Index.html:

/* Head.htm */
/* the working directory here is relative to the included file (FR/ or US/) */
<!--#4DBASE Styles/-->
<!--#4DINCLUDE main.css-->
<!--#4DINCLUDE product.css-->
<!--#4DBASE Scripts/-->
<!--#4DINCLUDE main.js-->
<!--#4DINCLUDE product.js-->

4DCODE  

The 4DCODE tag allows you to insert a multi-line 4D code block in a template.

When a "<!--#4DCODE" sequence is detected that is followed by a space, a CR or a LF character, 4D interprets all the lines of code up to the next "-->" sequence. The code block itself can contain carriage returns, line feeds, or both; it will be interpreted sequentially by 4D.

For example, using the 4DCODE tag, you can write in a template:

<!--#4DCODE
//PARAMETERS initialization
C_OBJECT:C1216($graphParameters)
OB SET:C1220($graphParameters;"graphType";1)
$graphType:=1
//...your code here
If(OB Is defined:C1231($graphParameters;"graphType"))
    $graphType:=OB GET:C1224($graphParameters;"graphType")
    If($graphType=7)
        $nbSeries:=1
        If($nbValues>8)
            DELETE FROM ARRAY:C228 ($yValuesArrPtr{1}->;9;100000)
            $nbValues:=8
        End if
    End if
End if
-->

Note: In a 4DCODE tag, the 4D code must always be written using the English-US language. Therefore, 4DCODE ignores the "Use regional system settings" user preferences for the 4D language (see Language for commands and constants).

Here are the 4DCODE tag features:

  • The TRACE command is supported and activates the 4D debugger, thus allowing you to debug your template code.
  • Any error will display the standard error dialog that lets the user stop code execution or enter debugging mode.
  • The text in between <!--#4DCODE and --> is split into lines accepting any line-ending convention (cr, lf, or crlf).
  • The text is tokenized within the context of the database that called PROCESS 4D TAGS. This is important for recognition of project methods for example.
    Note: The "Available through 4D tags and URLs 4DACTION" method property is not taken into account (see also the Note about security below).
  • Even if the text always uses English-US, it is recommended to use the token syntax (:Cxxx) for command and constant names to protect against potential problems due to commands or constants being renamed from one version of 4D to another.
    Note: For more information on the :Cxxx syntax, please refer to the Using tokens in formulas section.

Note about security: The fact that 4DCODE tags can call any of the 4D language commands or project methods could be seen as a security issue, especially when the database is available through HTTP. However, since it executes server-side code called from your own template files, the tag itself does not represent a security issue. In this context, as for any Web server, security is mainly handled at the level of remote accesses to server files.

Syntax: <!--#4DIF expression--> {<!--#4DELSEIF expression2-->...<!--#4DELSEIF expressionN-->} {<!--#4DELSE-->} <!--#4DENDIF-->

Used with the <!--#4DELSEIF--> (optional), <!--#4DELSE--> (optional) and <!--#4DENDIF--> comments, the <!--#4DIF expression--> comment offers the possibility to execute portions of code conditionally.

The expression parameter can contain any valid 4D expression returning a Boolean value. It must be indicated within parenthesis and comply with the 4D syntax rules.

The <!--#4DIF expression--> ... <!--#4DENDIF--> blocks can be nested in several levels. Like in 4D, each <!--#4DIF expression--> should match a <!--#4DENDIF-->.

In case of an interpretation error, the text “<!--#4DIF expression-->: A Boolean expression was expected” is inserted instead of the contents located between <!--#4DIF --> and <!--#4DENDIF-->.

Likewise, if there are not as many <!--#4DENDIF--> as <!--#4DIF -->, the text “<!--#4DIF expression-->: 4DENDIF expected” is inserted instead of the contents located between <!--#4DIF --> and <!--#4DENDIF-->.

Using the <!--#4DELSEIF--> tag, you can test an unlimited number of conditions. Only the code that follows the first condition evaluated as True is executed. If no conditions are true, no statement is executed (if there is no final <!--#4DELSE-->).
You can use a <!--#4DELSE--> tag after the last <!--#4DELSEIF-->. If all the conditions are false, the statements following the <!--#4DELSE--> are executed.

The two following codes are equivalent.

  • Code using 4DELSE only:
    <!--#4DIF Condition1-->
      /* Condition1 is true*/
    <!--#4DELSE-->
        <!--#4DIF Condition2-->
            /* Condition2 is true*/
        <!--#4DELSE-->
            <!--#4DIF Condition3-->
                /* Condition3 is true */
            <!--#4DELSE-->
                /*None of the conditions are true*/
            <!--#4DENDIF-->
        <!--#4DENDIF-->
    <!--#4DENDIF-->
  • Similar code using the 4DELSEIF tag:
    <!--#4DIF Condition1-->
         /* Condition1 is true*/
    <!--#4DELSEIF Condition2-->
         /* Condition2 is true*/
    <!--#4DELSEIF Condition3-->
        /* Condition3 is true */
    <!--#4DELSE-->
        /* None of the conditions are true*/
    <!--#4DENDIF-->

This example of code inserted in a static HTML page displays a different label according the vname#"" expression result:

<BODY>
...
<!--#4DIF (vname#"")-->
Names starting with <!--#4DTEXT vname-->.
<!--#4DELSE-->
No name has been found.
<!--#4DENDIF-->
...
</BODY>

This example inserts different pages depending on which user is connected:

<!--#4DIF LoggedIn=False-->
    <!--#4DINCLUDE Login.htm -->
<!--#4DELSEIF User="Admin" -->
    <!--#4DINCLUDE AdminPanel.htm -->
<!--#4DELSEIF User="Manager" -->
    <!--#4DINCLUDE SalesDashboard.htm -->
<!--#4DELSE-->
    <!--#4DINCLUDE ItemList.htm -->
<!--#4DENDIF-->

Syntax: <!--#4DLOOP condition--> <!--#4DENDLOOP-->

This comment allows repetition of a portion of code as long as the condition is fulfilled. The portion is delimited by <!--#4DLOOP--> and <!--#4DENDLOOP-->.

The <!--#4DLOOP condition--> ... <!--#4DENDLOOP--> blocks can be nested. Like in 4D, each <!--#4DLOOP condition--> should match a <!--#4DENDLOOP-->.

There are five kinds of conditions:

  • <!--#4DLOOP [table]-->
    This syntax makes a loop for each record from the table current selection in the current process. The code portion located between the two comments is repeated for each current selection record.

    Note:
    When the 4DLOOP tag is used with a table, records are loaded in "Read only" mode.

    The following code:

<!--#4DLOOP [People]-->
<!--#4DTEXT [People]Name--> <!--#4DTEXT [People]Surname--><BR>
<!--#4DENDLOOP-->

... could be expressed in 4D language in the following way:

 FIRST RECORD([People])
 While(Not(End selec tion([People])))
    ...
    NEXT RECORD([People])
 End while

  • <!--#4DLOOP array-->
    This syntax makes a loop for each item array. The array current item is increased when each code portion is repeated.

    Note:
    This syntax cannot be used with two dimension arrays. In this case, it is better to combine a method with nested loops.

    The following code example:

<!--#4DLOOP arr_names-->
<!--#4DTEXT arr_names{arr_names}--><BR>
<!--#4DENDLOOP-->

... could be expressed in 4D language in the following way:

 For($Elem;1;Size of array(arr_names))
    arr_names:=$Elem
    ...
 End for

  • <!--#4DLOOP method-->
    This syntax makes a loop as long as the method returns True. The method takes a Long Integer parameter type. First it is called with the value 0 to allow an initialization stage (if necessary); it is then called with the values 1,then 2, then 3 and so on, as long as it returns True.

    For security reasons, within a Web process, the On Web Authentication database method can be called once just before the initialization stage (method execution with 0 as parameter). If the authentication is OK, the initialization stage will proceed.

    Warning:
    C_BOOLEAN($0) and C_LONGINT($1) MUST be declared within the method for compilation purposes.

    The following code example:

<!--#4DLOOP my_method--> 
<!--#4DTEXT var--> <BR> 
<!--#4DENDLOOP-->

... could be expressed in 4D language in the following way:

 If(AuthenticationWebOK)
    If(my_method(0))
       $counter:=1
       While(my_method($counter))
          ...
          $counter:=$counter+1
       End while
    End if
 End if

The my_method method can be as follows:

 C_LONGINT($1)
 C_BOOLEAN($0)
 If($1=0) `Initialisation
    $0:=True
 Else
    If($1<50)
       ...
       var:=...
       $0:=True
    Else
       $0:=False `Stops the loop
    End if
 End if

  • <!--#4DLOOP 4DExpression-->
    With this syntax, the 4DLOOP tag makes a loop as long as the 4D expression returns True. The expression can be any valid Boolean expression and must contain a variable part to be evaluated in each loop to avoid infinite loops.
    For example, the following code:

<!--#4DEVAL $i:=0-->
<!--#4DLOOP ($i<4)-->
<!--#4DEVAL $i-->
<!--#4DEVAL $i:=$i+1-->
<!--#4DENDLOOP-->

...produces the following result:

0
1
2
3

  • <!--#4DLOOP pointerArray-->
    In this case, the 4DLOOP tag works like it does with an array: it makes a loop for each element of the array referenced by the pointer. The current array element is increased each time the portion of code is repeated.

    This syntax is useful when you pass an array pointer as a parameter to the PROCESS 4D TAGS command.

    Example:

 ARRAY TEXT($array;2)
 $array{1}:="hello"
 $array{2}:="world"
 $input:="<!--#4DEVAL $1-->"
 $input:=$input+"<!--#4DLOOP $2-->"
 $input:=$input+"<!--#4DEVAL $2->{$2->}--> "
 $input:=$input+"<!--#4DENDLOOP-->"
 PROCESS 4D TAGS($input;$output;"elements = ";->$array)
  // $output = "elements = hello world "

In case of an interpretation error, the text “<!--#4DLOOP expression-->: description” is inserted instead of the contents located between <!--#4DLOOP --> and <!--#4DENDLOOP-->.

The following messages can be displayed:

  • Unexpected expression type (standard error);
  • Incorrect table name (error on the table name);
  • An array was expected (the variable is not an array or is a two dimension array);
  • The method does not exist;
  • Syntax error (when the method is executing);
  • Access error (you do not have the appropriate access privileges to access the table or the method).
  • 4DENDLOOP expected (the <!--#4DENDLOOP--> number does not match the <!--#4DLOOP -->).

Several existing 4D transformation tags can be expressed using a $-based syntax:
$4dtag (expression) can be used instead of <!--#4dtag expression-->

This alternative syntax is available only for tags used to return processed values:

  • 4DTEXT
  • 4DHTML
  • 4DEVAL

(Other tags, such as 4DIF or 4DSCRIPT, must be written with the regular syntax).

For example, you can write:

$4DEVAL(UserName)

instead of:

<!--#4DEVAL(UserName)-->

The main advantage of this syntax is that it allows you to write XML-compliant templates. Some 4D developers need to create and validate XML-based templates using standard XML parser tools. Since the "<" character is invalid in an XML attribute value, it was not possible to use the "<!-- -->" syntax of 4D tags without breaking the document syntax. On the other hand, escaping the "<" character will prevent 4D from interpreting the tags correctly. 

For example, the following code would cause an XML parsing error because of the first "<" character in the attribute value:

<line x1="<!--#4DEVAL $x-->" y1="<!--#4DEVAL $graphY1-->"/>

Using the $ syntax, the following code is validated by the parser:

<line x1="" y1=""/>

Note that $4dtag and <--#4dtag --> are not strictly equivalent: unlike <--#4dtag -->, $4dtag processing does not interpret 4D tags recursively. $ tags are always evaluated once and the result is considered as plain text.

Note: For more information on recursive processing, please refer to the paragraph.

The reason for this difference is to prevent malicious code injection. As explained below, it is strongly recommended to use 4DTEXT tags instead of 4DHTML tags when handling user text to protect against unwanted reinterpretation of tags: with 4DTEXT, special characters such as "<" are escaped, thus any 4D tags using the <!--#4dtag expression --> syntax will lose their particular meaning. However, since 4DTEXT does not escape the $ symbol, we decided to break support for recursion in order to prevent malicious injection using the $4dtag (expression) syntax.

The following examples show the result of processing depending on the syntax and tag used:

  // example 1
 myName:="<!--#4DHTML QUIT 4D-->" //malicious injection
 input:="My name is: <!--#4DHTML myName-->"
 PROCESS 4D TAGS(input;output)
  //4D will quit!

  // example 2
 myName:="<!--#4DHTML QUIT 4D-->" //malicious injection
 input:="My name is: <!--#4DTEXT myName-->"
 PROCESS 4D TAGS(input;output)
  //output is "My name is:  & lt;!--#4DHTML QUIT 4D-->"

  // example 3
 myName:="" //malicious injection
 input:="My name is: <!--#4DTEXT myName-->"
 PROCESS 4D TAGS(input;output)
  //output is "My name is: ERROR: missing ')'"

Note that the $4dtag syntax supports matching pairs of enclosed quotes or parenthesis. For example, suppose that you need to evaluate the following complex (unrealistic) string:

String(1) + "\"(hello)\""

You can write:

 input:="$4DEVAL( String(1)+\"\\\"(hello)\\\"\")"
 PROCESS 4D TAGS(input;output)
 -->output is 1"(hello)"