Features

Core library

  • Supports major browsers (Firefox/Gecko, Internet Explorer, Safari, Chrome, Konqueror, and Opera) but also plain HTML browsers and web crawlers.
  • Develop and deploy on Unix/GNU Linux or Microsoft Windows (Visual Studio) environments.
  • Equal behavior with or without support for JavaScript or Ajax, as far as possible, by using graceful degradation or progressive enhancement.
  • Efficient rendering and (sub-) millisecond latency.
  • Integrated Unicode support and pervasive localization.
  • Support for browser history navigation (back/forward buttons and bookmarks), clean URLs with HTML5 History if available, and search engine optimization with a unified behavior for plain HTML or Ajax sessions.
  • High performance, suitable for embedded (Linux) devices, or energy-, space- and budget-friendly (virtual private) server deployments.
  • Based on event-driven async I/O: sessions are not tied to threads, and neither do open connections block threads. Instead, threads are used only to improve concurrent request handling (or for reentrant event loops).

Event handling

  • Typesafe signal/slot API for responding to events.
  • Listen for keyboard, mouse, focus, scroll or drag&drop events, and get event details (such as mouse position, modifier buttons, or keyboard key).
  • Automatic synchronization Automatically synchronizes form field data from browser to server and tracks server-side changes to be rendered in browser.
  • Integrate with JavaScript libraries
  • Timed events and server-initiated updates ("server push")
  • Uses plain HTML CGI, Ajax or WebSockets

Native painting system

  • Unified 2D painting API which uses the browsers native (vector) graphics support (inline VML, inline SVG, or HTML5 canvas), or renders to common image formats (PNG, GIF, ...) or vector formats (SVG, PDF).
  • Unified GL-based 3D painting API which leverages WebGL in the browser or server-side OpenGL (fallback).

Built-in security

  • Kernel-level memory protection protects against privacy issues arising from programming bugs, since sessions can be completely isolated from each other (in dedicated-process mode).
  • Supports encryption and server authentication using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) through HTTPS.
  • Enables continuous use of HTTPS through low bandwidth requirements (fine-grained Ajax).
  • Built-in Cross-Site Scripting (XSS) prevention. Rendered text is always filtered against potentially malicious code, making XSS attacks against Wt applications (close to) impossible.
  • Not vulnerable to Cross-site Request Forgery (CSRF) because cookies for session tracking are optional, and even when used, they are never solely relied on for requests that trigger event handling code.
  • Not vulnerable to breaking the application logic by skipping to a particular URL, since only those events exposed in the interface can be triggered.
  • Session hijacking mitigation and risk prevention
  • DoS mitigation
  • A built-in authentication module implements best practices for authentication, and supports third party identity providers using OAuth 2.0, and (later) OpenID Connect

Object Relational Mapping library

Wt comes with Wt::Dbo, a self-contained library which implements Object-Relational mapping, and thus a convenient way to interact with SQL databases from C++. Although features like optimistic concurrency control make this an ideal technology for a database driven web application (and it provides good integration with Wt's MVC classes), the library can also be used for other applications, and does not depend on Wt. The ORM library (see also this tutorial) has the following features:
  • No code generation, no macro hacks, no XML configuration, just modern C++!
  • Uses a templated visitor pattern which requires a single template method to provide the mapping: DRY and as efficient as conceivable!
  • You can indicate surrogate auto-incremental keys or map natural keys of any C++ type, which may also be composite (i.e. require more than one database field).
  • Supports optimistic concurrency control using a version field.
  • Maps Many-to-One and Many-to-Many relations to STL-compatible collections.
  • Provides schema generation (aka DDL: data definition language) and CRUD operations (aka DML: data manipulation language).
  • Prepared statements throughout.
  • Each session tracks dirty objects and provides a first-level cache.
  • Flexible querying which can query individual fields, objects, or tuples of any these (using Boost.Tuple).
  • Use a single connection or share connection pools between multiple sessions from which connections are used only during an active transaction.
  • Comes with Sqlite3, Firebird, MariaDB/MySQL and PostgreSQL backends, and an Oracle backend is also available on request.

Testing

With Wt, event handling code constructs and manipulates a widget tree, which can easily be inspected by test code. Therefore, a test environment allows your application to be instantiated and events to be simulated in absence of a browser, short-cutting the underlying request/response cycle that would otherwise require a simulated browser.

Deployment

The library abstracts different deployment options as connectors libraries, which connect Wt with the outer world. Switching deployment option is a matter of (re)linking to one of these connector libraries!

a) Built-in httpd
  • Simple, high-performance web application server (multi-threaded, asynchronous I/O) based on the C++ asio library.
  • Supports the HTTP(S) and WebSocket(S) protocols.
  • Supports response chunking and compression.
  • Single process (convenient for development and debugging), and embeddable in an existing application.
  • Supports deployment behind a ProxyPass'ing (and if needed, load-balancing) web server.
  • Available for both UNIX and Win32 platforms.
b) FastCGI
  • Integrates with most common web servers (apache, lighttpd).
  • Different session-to-process mapping strategies.
  • Hot deployment: new sessions use the new application version while older sessions may continue with their application version.
  • Available only for UNIX platforms.
c) ISAPI
  • Integrates with Microsoft IIS server.
  • Uses the ISAPI asynchronous API for maximum performance.
  • Available for the Win32 platform.