Unit 20 - Client Side Customisation of Web Pages

Unit 20 - Client Side Customisation of Web Pages Week 4 – Lesson 9 Fundamentals of Scripting

Fundamentals of Scripting Languages • Introduction • Characteristics • Uses • Scripting language constructs

Assignment 2 - Scripting Languages • What a scripting language is • How it works • What types are available • The main features • How does a scripting language improve functionality • Explain in detail how a browser implements a scripting language

Results • 22 submissions, 4 missed • 7 passes • 5 merits • 3 distinctions • 15 referrals

P2 Definitions (10) • 10 topics to describe • Some missing altogether • Some incomplete –do you proof-read? • “…is shown in the image below.”

P2 Definitions (10) • Should be original • From a relevant source • quotedeg. “scripting languages are designed for gluing: they assume the existence of a set of powerful components and are intended primarily for connecting components together.” John K. Ousterhout http://www.tcl.tk/doc/scripting.html IEEE Computer magazine, March 1998 • topics • Event-driven & object-orientated

P2 Definitions (10) • Should describe the feature – use an example where possible • ‘more needed’ this is often why

Security • Major issue is placing code to run on client’s machine • Cross-site scripting attacks XSS • Vulnerability present in about 70% pf web applications (sources, Veracode, Acunetix) http://www.veracode.com/security/xss http://www.acunetix.com/websitesecurity/cross-site-scripting/

Security • http://www.acunetix.com/websitesecurity/cross-site-scripting/

XSS • Reflective XSS • Malicious Javascript in e-mail, victim clicks link, Javascript sent to vulnerable website, reflected back and run on victim machine. http://www.veracode.com/security/xss

Persistent attack • Attacker includes malicious script as part of user-name, other users view profile, code executes on other users machine http://www.veracode.com/security/xss

Constructs • Need correct construction: • Syntax i.e. Grammar and order correct of words • Dot operator allows an object to use a method • Variable data stored as text or numbers • Must have unique name within script • Loops or iterations code which is executed repeatedly.

Objects • A type of data which: • Knows things about itself (properties) • Knows how to do things (methods) • Many objects already exist • Can create new ones

An example of ‘object’ code... • The ‘String’ object: • <script> • Hw=“Hello World” • document.write(Hw.length) • </script>

Methods • Each object knows which methods it can carry out, eg (string object): • <script> • Hw=“Hello world” • document.write(Hw.toUpperCase()) • </Script> • Copy this code and observe the screen output.

Loops • for - loops through a block of code a specified number of times • while - loops through a block of code while a specified condition is true • do...while - also loops through a block of code while a specified condition is true • for...in - loops through the properties of an object

Event handling • An event that triggers a piece of code • Some examples and further explanation are here: • http://www.w3.org/TR/html4/interact/scripts.html#h-18.2.3

M2 • Client vs server is not needed • Compare examples of object-orientated and event-driven • Explain how Javascript improves functionality: • Drop-down menus • Mouse-followers • Image galleries • Validation • Browser detection • Create cookies • Read/write/modify HTML elements • hiding or showing elements • moving elements • changing colors or fonts

D1 • Understanding client-side scripting • Sheryl Canter, April 2004 • http://www.pcmag.com/article2/0,2817,1554984,00.asp

Unit 20 - Client Side Customisation of Web Pages