book

Learning JavaScript

Name: Learning JavaScript
Author: Shelley Powers
ISBN: 9780596527464

by Shelley Powers

October 2006

Beginner to intermediate

352 pages

9h 33m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Learning JavaScript
Preface
Audience
Assumptions and Approach
Conventions Used in This Book
Using Code Examples
How to Contact Us
Safari® Enabled
Acknowledgments
1. Introduction and First Looks
Twisted History: Specs and Implementations
Cross-Browser Incompatibility and Other Common JavaScript Myths

What You Can Do with JavaScript
First Look at JavaScript: “Hello World!”
The script TagJavaScript Code LocationHiding the ScriptJavaScript FilesCommentsBrowser ObjectsJavaScript Built-in ObjectsJavaScript User-Defined FunctionsEvent HandlersThe var Keyword and ScopeThe Property OperatorStatementsWhat You Didn’t See
The JavaScript Sandbox
Accessibility and JavaScript Best Practices
Accessibility GuidelinesnoscriptAn Alternative to noscriptUsing Your Browser and Other Developer Tools
2. JavaScript Data Types and Variables
Identifying VariablesNaming GuidelinesThe Prototype Effect and the Newer Naming Conventions
Scope
Simple Types
The String Data TypeThe Boolean Data TypeThe Number Data TypeNull and Undefined
Constants: Named but Not Variables
Questions
3. Operators and Statements
Format of a JavaScript Statement
Simple Statements
The Assignment StatementArithmetic StatementsThe Unary OperatorsPrecedence of OperatorsHandy Shortcut: Assignment with OperationBitwise Operators
Conditional Statements and Program Flow
if...elseThe switch Conditional Statement
The Conditional Operators
The Equality and the Identity (String Equality) OperatorsOther Relational OperatorsThe One and Only JavaScript Ternary Operator
The Logical Operators
Advanced Statements: The Loops
The while LoopThe do...while LoopThe for Loops
Questions
4. The JavaScript Objects
The Object Constructor
The Number Object
The String Object
Regular Expressions and RegExp
The RegExp Methods: test and execWorking with Regular Expressions
Purposeful Objects: Date and Math
The DateMathThe Math Methods
JavaScript Arrays
Constructing ArraysFIFO Queues
Associative Arrays: The Arrays That Aren’t
Questions
5. Functions
Defining a Function: Let Me Count the WaysDeclarative FunctionsA reminder on function naming conventionsFunction Returns and ArgumentsAnonymous FunctionsFunction LiteralsFunction Type Summary
Callback Functions
Functions and Recursion
Nested Functions, Function Closure, and Memory Leaks
Function As Object
Questions
6. Catching Events
The Event Handler at DOM Level 0The Event ObjectEvent BubblingEvent Handlers and thisGenerating Events
Questions
7. Forms and JiT Validation
Accessing the Form
Attaching Events to Forms: Different Approaches
Selection
Dynamically Modifying the SelectionSelection and JiT Validation
Radio Buttons and Checkboxes
The textarea, text, hidden, and password Input ElementsJiT Does Text
Input Fields and JiT Regular Expressions
Questions
8. The Sandbox and Beyond: Cookies, Connectivity, and Piracy
The SandboxSame-Origin Security PolicyUsing document.domain
All About Cookies
Storing and Reading Cookies
Alternative Storage Techniques
Communicating Outside the BoxThe Flash SO and Dojo StorageCould You, Should You?
Cross-Site Scripting (XSS)
The InjectorsWhat You Can Do
Questions
9. The Basic Browser Objects
BOM at a Glance
The window Object
The Dialogs: Alert, Confirm, and PromptCreating Custom WindowsCross-Window CommunicationModifying the WindowTimers
Frames and Location
More On LocationRemote Scripting with the iframe
history, screen, and navigator
historyscreennavigatorOne Page, Three ObjectsdocumentLinksImages
The all Collection, Inner/Outer HTML and Text, and Old and New Documents
Something Old, Something New
Questions
10. DOM: The Document Object Model
A Tale of Two Interfaces
The DOM and Compliant Browsers
The DOM HTML API
The HTML Objects and Their PropertiesAccessing HTML Objects and Browser Differences
Understanding the DOM: The Core API
The DOM TreeNode Properties and MethodsTraversing the Tree with the Node
The DOM Core Document Object
Element and Access in Context
Modifying the Tree
Questions
11. Creating Custom JavaScript Objects
The JavaScript Object and PrototypingPrototyping
Creating Your Own Custom JavaScript Objects
Enter the FunctionPublic and Private Properties and Where this Enters the Picture
Object Detection, Encapsulation, and Cross-Browser Objects
Object DetectionEncapsulating Objects
Chaining Constructors and JS Inheritance
One-Off Objects
Advanced Error-Handling Techniques (try, throw, catch)
What’s New in JavaScript
Change Just EnoughScaling and the Next 10 Years
Questions
12. Building Dynamic Web Pages: Adding Style to Your Script
DHTML: JavaScript, CSS, and DOMThe style Property
Fonts and Text
Font Style PropertiesThe Text Properties
Position and Movement
Drag and Drop
Size and Clipping
Overflow and Dynamic ContentThe Clipping Rectangle
Display, Visibility, and Opacity
Right Tool for Right EffectJust-in-Time InformationCollapsing Forms
Questions
13. Moving Outside the Page with Ajax
Ajax: It’s Not Only CodePermaWhat?Security and WorkaroundsAjax Best Practices
How Ajax Works
Hello Ajax World!
The Ajax Object: XMLHttpRequest and IE’s ActiveX Objects
Object, Object, Who Has the Object?The XMLHttpRequest Methods
Working with XML—or Not
Yes to XMLJavaScript Object Notation
Google Maps
Questions
14. Good News: Juicy Libraries! Amazing Web Services! Fun APIs!
Before Jumping In, A Word of Caution
Working with Prototype
Download, Install, UseThe Helper Functions and the JavaScript ExtensionsSome Specialized Prototype ObjectsA Compliment and a Caveat
Script.aculo.us: More Than the Sum of Its Periods
UsageA Gander at Effects
Sabre’s Rico
Rounded Corners
Dojo
Installing and Setting Up DojoDojo Widgets
The Yahoo! UI
MochiKit
Logging
Questions
A. Answers
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Index

Content preview from Learning JavaScript

Cross-Site Scripting (XSS)

As popular and helpful as cookies are, it’s becoming increasingly popular for people to turn off any cookie support. The reason is understandable: we store anything, from usernames and passwords to credit cards and other sensitive information, in stores of text that aren’t all that difficult to access. (Well, depending on how vulnerable—or not—a web site is.) The reason, though, is also not necessarily well founded. One of the greatest areas of vulnerability associated with a web site is known as a cross-site scripting (XSS) attack.

Here’s how an attack happens: you receive an email, or there’s a link in a web site comment or such—anything that allows anonymous or semianonymous content. The link is to a legitimate site that takes cookies. Attached to the link is a set of characters, perhaps in hexadecimal format. We’re used to long and unreadable URLs, so we don’t make much of it. However, attached to that URL is a script that can trick the browser into bringing up whatever cookies are set between the person and the site. These, then, can be attached to the end of a document.location redirect, which basically sends this information to the new site.

This site then uses this information to emulate the site you’re expecting to access. You’ll continue to input valuable information, all the while the server site is gathering up your password, bank account, credit card information, etc.

This is what happens, more or less, with the email-phishing (pronounced “fishing”) ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 0596527462Catalog Page Errata

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Learning JavaScript

by Shelley Powers

Cross-Site Scripting (XSS)

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.