Unit 20 - Client Side Customisation of Web Pages - PowerPoint Presentation

Slide1

Unit 20 - Client Side Customisation of Web Pages

Week 4 – Lesson 9

Fundamentals of ScriptingSlide2

Fundamentals of Scripting Languages

Introduction

Characteristics

Uses

Scripting language constructsSlide3

Assignment 2 - Scripting Languages

What a scripting language is

How it works

What types are available

The main features

How does a scripting language improve functionality

Explain in detail how a browser implements a scripting languageSlide4

Results

22 submissions, 4 missed

7 passes

5 merits

3 distinctions

15 referralsSlide5

P2 Definitions (10)

10 topics to describe

Some missing altogether

Some incomplete –do you proof-read?

“…is shown in the image below.”Slide6

P2 Definitions (10)

Should be original

From a relevant source

quoted

eg

.

“scripting

languages are designed for gluing: they assume the existence of a set of powerful components and are intended primarily for connecting components together.”

John K.

Ousterhout

http://www.tcl.tk/doc/scripting.html

IEEE Computer

magazine, March 1998

topics

Event-driven & object-orientatedSlide7

P2 Definitions (10)

Should describe the feature – use an example where possible

‘more needed’ this is often whySlide8

Security

Major issue is placing code to run on client’s machine

Cross-site scripting attacks XSS

Vulnerability present in about 70%

pf

web applications (sources,

Veracode

,

Acunetix

)

http://www.veracode.com/security/xss

http

://www.acunetix.com/websitesecurity/cross-site-scripting/Slide9

Security

http

://www.acunetix.com/websitesecurity/cross-site-scripting/Slide10

XSS

Reflective XSS

Malicious

Javascript

in e-mail, victim clicks link,

Javascript

sent to vulnerable website, reflected back and run on victim machine

.

http://www.veracode.com/security/xssSlide11

Persistent attack

Attacker includes malicious script as part of user-name, other users view profile, code executes on other users machine

http://www.veracode.com/security/xssSlide12

Constructs

Need correct construction:

Syntax i.e. Grammar and order correct of words

Dot operator allows an object to use a method

Variable data stored as text or numbers

Must have unique name within script

Loops or iterations code which is executed repeatedly.Slide13

Objects

A type of data which:

Knows things about itself (

properties

)

Knows how to do things (

methods

)

Many objects already exist

Can create new onesSlide14

An example of ‘object’ code...

The ‘String’ object:

<script>

Hw=“Hello World”

document.write

(

Hw.length

)

</script>Slide15

Methods

Each object knows which methods it can carry out,

eg

(string object):

<script>

Hw=“Hello world”

document.write

(

Hw.toUpperCase

())

</Script>

Copy this code and observe the screen output.Slide16

Loops

for

- loops through a block of code a specified number of times

while

- loops through a block of code while a specified condition is true

do...while

- also loops through a block of code while a specified condition is true

for...in

- loops through the properties of an

objectSlide17

Event handling

An event that triggers a piece of code

Some examples and

further explanation are here:

http

://www.w3.org/TR/html4/interact/scripts.html#h-18.2.3Slide18

M2

Client

vs

server is not needed

Compare examples of object-orientated and event-driven

Explain how

Javascript

improves functionality:

Drop-down

menus

Mouse-followers

Image

galleries

Validation

Browser detection

Create cookies

Read/write/modify HTML elements

hiding or showing elements

moving elements

changing

colors

or fontsSlide19

D1

Understanding client-side scripting

Sheryl Canter, April 2004

http://

www.pcmag.com/article2/0,2817,1554984,00.asp