|
|
| home about us free pdf software downloads links privacy site map copyright policy |
JavaScript [50 Marks]5. Write your answers in the spaces provided. There is space at the back for answers that overflow the allotted space. Complete each of the following statements by filling in the underlined blank spaces. Each blank space is worth 1 mark. [15 marks] (a) The name of the 3D graphics API used in this course is OpenGL. The API comes together with a utility toolkit named GLU, which amongst others provides a function to define the viewpoint and the view direction. We use an additional toolkit named GLUT, which contains high-level functions for window creation, event handling and the drawing of solid objects. (e) Given three different points A, B and C of a polygon, its normal n can be calculated by n=(A-B) (C-B). This calculation will fail to yield a useful result if all three points lie on a line (or if two of the points are almost the same).lab4.1In this lab, we'll see how we can use the JavaScript programming language to enhance web pages. We can add JavaScript instructions to an HTML file, and the web browser, in addition to displaying the page as described in HTML, can execute those instructions. Most computer scientists would agree that JavaScript is a programming language, but many would not consider HTML one. Discuss one similarity between JavaScript and HTML that suggests both might be programming languages. Introduction to JavaScript Before we dive into working with JavaScript, we'll introduce you to the language and answer a few common questions about it. This background information should help you make sense of the steps required to write and run JavaScript programs. In fact, although JavaScript is in fact used in contexts other than web pages, in these labs, we'll only work with JavaScript with web pages. More specifically, we will never see a JavaScript program by itself; instead, every JavaScript program 20050307 ITU Alexandre Alapetite.ppt2005-03-07 2005-03-07 IT University XHTML+VoiceXML - Javascript (ECMAscript) - CSS, Javascript, Standard Javascript, client side Interaction between VoiceXML and Javascript <script type="text/javascript" id="test"> XHTML+VoiceXML is text-based All the XML enabled tools can handle it (ex: XSL) Can be generated like normal dynamic Web pages with PHP, ASP, JSP, CGI, etc. server side The data for voice interaction can come from a database Client side programmable with Javascript The voice style can be configured with normal CSSDomDOMs are to manipulate the contents of an XML document. XML documents, when parsed, are represented as a hierarchical tree structure in memory. This tree structure contains the document's elements, attributes, content, etc. XML was designed to be a live, dynamic technology - a programmer can modify the contents of the tree structure, which essentially allows the programmer to add data, remove data, query for data, etc. in a manner similar to a To introduce document manipulation with the XML Document Object Model, a simple scripting example that uses JavaScript and Microsoft's msxml parser is introduced. Example 3 lists the JavaScript code that manipulates this XML document and displays its content in an HTML page. Attribute type indicates that the script element is of media type text:/javascript. JavaScript is the most popular client-side (e.g., browser) scripting language used in industry. If the browser does not support JavaScript, script's contents are treatedJavaScrpt_Fnd_v5_1_OutlineJavaScript Fundamentals (October 2002) JavaScript Fundamentals is a 12-hour course that teaches developers how to use the features of the JavaScript language to design client-side, platform-independent solutions. Students learn how to write JavaScript programs, script for the JavaScript object model, control program flow, validate forms, animate images, target frames, and create cookies. Students will also understand and use the most popular applications of JavaScript. Introduction to JavaScript Origins of JavaScript JavaScript Characteristics Java and JavaScript Annotating Code with Comments Working with Variables and Data Communicating with the User Using Data More Than Once: Variables JavaScript Expressions Operators Inline Scripting, Simple User Events, and the onLoad and onUnload Event Handlers Keywords and Reserved Words Functions, Methods and Eventswebauth2004/05 This guide will start you off in creating webpages, for your School personal homepage in particular. Its aim is not to teach you the details of Web authoring, but rather to provide an overview of good practice and links to essential online resources (including tutorials). 2 Some Definitions - browser: A software application that is used for reading webpages. - JavaScript: A multi-purpose scripting language (a programming language whose programs are run `on-the-fly' rather than precompiled). JavaScript is commonly attached to webpages in order to specify document and browser behaviour. The second requires you, for example, to separate the semantic mark-up, the style and the JavaScript, possibly into separate files. Finally, if you want to control the behaviour of your document (such as how it reacts when elements are clicked), or of the user's browser, you can create a JavaScript file, and attach that to your document.spiderevalTwenty spidering programs were evaluated for ease of use, techni-cal ability and extensibility. Some lacked relative link rewriting and image saving ability. None could break through to the deep web with-out extension. Two tools, cURL and HTTrack, can be used and ex-tended to meet the needs of future spidering projects. Complete mirroring of a complex website is very difficult, and entails the same logic (reading HTML, Javascript and Flash) that browsers use. These include sites without external links to their pages, Javascript-obfuscat-ed links, form-generated pages, Flash pages and password-protected pages. Cross-site scripting 7 occurs when Javascript attempts to find information about web users, such as passwords. It does not parse or even scan Javascript for links or images. 9. Malicious Javascript.22 Spider must parse *.swf documents and load Javascript can grab form data from users (es-pecially CDL staff) and send it to any server.In order to build up you understanding of the javascript code, try these questions, and add some of your own. Feel free to refer to the text. Keep in mind that many of these are tough questions, intended to help generate discussions, so don't worry if you are not sure how to answer them yet. 1. Consider the first call to the handleQuestion function, on line 57 of the code. a. For each variable below, write what is its value are after line 8 of the handleQuestion code has executed. Which stores an array of strings? c. The html code produced by the function will be viewed as: (i) f. How would you change the function code so that the view would be as in (i) above? g. How would you change the function so that the view would be as in (ii) above? 2. mainhandoutIn this class, you'll become familiar with some concepts and terminology of JavaScript by creating some working examples. This course will NOT be dealing with programming fundamentals, or rigorous programming structures within JavaScript. That topic is far too broad for a two-hour introduction to JavaScript. Java is a full programming language developed by Sun Microsystems with formal structures, etc. JavaScript is a scripting language developed by Netscape that is used to modify web pages. Sometimes, as an attribute to script, you may add "Language=JavaScript" because there are other scripting languages as well as JavaScript that can be used in HTML. We'll go through some examples to demonstrate the syntax of JavaScript. To understand the workings of JavaScript, it is essential to understand a few basic programming concepts. An Object in JavaScript is a resource that has specific characteristics known as properties and provides several services known116Some of these issues in the use of the JavaScript language are explored, and some example scripts that exploit these issues are shown. Netscape Navigator holds about 70% of the browser market share, and its "JavaScript" scripting language provides a good example of how a number of nasty security "tricks" can be played on the innocent web user. This does not mean that other browsers are safe to use - each one has its own set of security problems, some identical to the ones found in JavaScript-enabled browsers. At the same time, there seems to be some confusion between "Java" the SUN Microsystems-invented client/server programming language, the "JavaScript" scripting language from Netscape Communications, and the "ActiveX" scripting language from Microsoft. The JavaScript Security Tricks As shown on the accompanying slides, there are a number of potential security problems associated with JavaScript, most of which can be solved by keeping up with the most recent version ofto JavaScript code in the body Functions may return some value; usereturn return the value val which may be a value or a variable By default in JavaScript arguments are passed to functions by value If arguments evaluate to primitive values than arguments are first evaluated and the value thus obtained is passed to the function If arguments are not primitive value but they are objects then they are passed by reference, i.e., the location to JavaScript has a number of predefined objects ready to use, such asdocument, location, navigator, JavaScript also has a number of classes built in includingDate, Math To create an object given a class one has to use the operatornew. Stringis a predefined class in JavaScript Text strings in JavaScript are handled usingString class Objects of classString are text strings and there are many methods to work on them. Arrays are containers whose value can be accessed by index Using array index one can easily iterate over array elements JavaScript- VBScript and JavaScript are major options now for client JavaScript is now considered unsuitable: Library of math and text manipulation functions Limited network communications, graphics and window creation Must use Java, not JavaScript, if you need to go beyond the bounds of an html document or a simple feature, such as: - JavaScript has no modules and gets unwieldy after 300-400 lines - Use server side includes to fake a JavaScript library - JavaScript code can't be kept private; Java can be compiled - Hard to know how user got to a static html page without JavaScript Java-enabled browsers can download and execute Java applets (small Java programs) Java applets are much more powerful than JavaScript - JavaScript can now pass parameters to appletsAn approach to teaching encryption is described in which an XOR encryption algorithm is used to demonstrate simple encryption concepts for E-Business payment with credit cards. Small groups of undergraduate and postgraduate learners manually encrypt a four-character word, and then exchange the encrypted data with another group. Each group then attempts to decrypt the data as quickly as possible. Our first attempt focused on the web form generation, and we quickly lost the learners when it came to implementing the encryption logic with JavaScript. This proved puzzling, as we assumed that the learners would take to the JavaScript and get on with the business of understanding the encryption concept. What we had not realised was that it was the misunderstanding of the encryption logic that was creating the problem, rather than knowledge of the JavaScript syntax. This session concentrates on developing an understanding of the logic of the process; a subsequent session deals Untitled DocumentSummary: This technote explains the importance of accurately setting the MediaPlayRate parameter in a burst-enabled Windows Media Player. Contents The MediaPlayRate parameter specifies the rate, in kilobits per second, at which a burst-enabled player plays a video or audio file. To ensure the highest quality viewing and listening experience, set MediaPlayRate to the average encoded rate--also known as "play rate"--of the video or audio file. The default value is 1500, as many MPEG-1 files have an encoded rate of 1500 Kbps. Leaving this parameter at its default value of 1500 Kbps has three possible consequences: - Burstware Server may unnecessarily reject player connection requests, thinking the player needs more bandwidth than it actually does. - If the actual encoded rate of your content is greater than 1500 Kbps, you may data starve your player, resulting in jerky and jittery images and sounds. - If the actual encoded rate of your content is less than 1500 Kbps, there may beAdvancedXSSThe method used to exploit POST variables may also be modified to allow for more advanced timing attacks which could allow an attacker to gain access to areas that require the user log in to a password protected area. When coupled with social engineering this method becomes an extremely reliable tool for attackers to gain access to secured areas via account hijacking. In typical cross site scripting the target views a website which contains code inserted into the HTML which was not written by the website designer or administrator. This bypasses the document object model which was intended to protect domain specific cookies (sessions, settings, etc.). In most instances the target is sent a link to a website on the server which the target has a legitimate account and by viewing that website the attackers malicious code is executed (commonly javascript to send the user's cookie to a third party server, in effect stealing their session and their account). This URL is then sent 1 | 2
| 3 | 4
| 5 | 6
| 7 | 8
| 9 | 10
| 11 | 12
| 14 | 15
| | ||
