Featherweight Firefox
|
|
- Buck Waters
- 5 years ago
- Views:
Transcription
1 Featherweight Firefox Formalizing the Core of a Web Browser Aaron Bohannon Benjamin Pierce University of Pennsylvania June 24, / 27
2 Pop Quiz! 2 / 27
3 Question 1 Assume d is a Document object. var e = d.createelement("div"); 3 / 27
4 Question 1 Assume d is a Document object. var e = d.createelement("div"); Assume d and e remain unchanged. 3 / 27
5 Question 1 Assume d is a Document object. var e = d.createelement("div"); Assume d and e remain unchanged. Is it guaranteed that e.ownerdocument == d is always true? a) Yes b) No 3 / 27
6 Question 1 Assume d is a Document object. var e = d.createelement("div"); Assume d and e remain unchanged. Is it guaranteed that e.ownerdocument == d is always true? b) No 3 / 27
7 Question 2 Which of the following can a script do to cause the browser to run (or re-run) some other script? 4 / 27
8 Question 2 Which of the following can a script do to cause the browser to run (or re-run) some other script? a) Remove a script node from a document and insert it somewhere else. 4 / 27
9 Question 2 Which of the following can a script do to cause the browser to run (or re-run) some other script? a) Remove a script node from a document and insert it somewhere else. b) Replace a child text node of a script node. 4 / 27
10 Question 2 Which of the following can a script do to cause the browser to run (or re-run) some other script? a) Remove a script node from a document and insert it somewhere else. b) Replace a child text node of a script node. c) Assign a new value to an already-present src attribute of a script node. 4 / 27
11 Question 2 Which of the following can a script do to cause the browser to run (or re-run) some other script? a) Remove a script node from a document and insert it somewhere else. b) Replace a child text node of a script node. c) Assign a new value to an already-present src attribute of a script node. d) All of the above. 4 / 27
12 Question 2 Which of the following can a script do to cause the browser to run (or re-run) some other script? a) Remove a script node from a document and insert it somewhere else. b) Replace a child text node of a script node. c) Assign a new value to an already-present src attribute of a script node. d) All of the above. e) None of the above. 4 / 27
13 Question 2 Which of the following can a script do to cause the browser to run (or re-run) some other script? e) None of the above. 4 / 27
14 Question 3 A handler for a button click can always get a reference to the window in which the user clicked. a) True b) False 5 / 27
15 Question 3 A handler for a button click can always get a reference to the window in which the user clicked. a) True True. The handler can just use the expression self (or window). 5 / 27
16 Question 3 A handler for a button click can always get a reference to the window in which the user clicked. b) False No, false. self is statically scoped to refer to the window where the code is defined. 5 / 27
17 Question 3 A handler for a button click can always get a reference to the window in which the user clicked. a) True No, true. Button handlers can always check the ownerdocument property of the button node. 5 / 27
18 Question 3 A handler for a button click can always get a reference to the window in which the user clicked. b) False No, false. If a different handler runs first, it may move the button node to a different window! 5 / 27
19 Web Script Semantics Web script semantics are a bit peculiar. 6 / 27
20 Web Script Semantics Web script semantics are a bit peculiar. Web scripts manipulate interconnected browser structures. 6 / 27
21 Web Script Semantics Web script semantics are a bit peculiar. Web scripts manipulate interconnected browser structures. Web scripts are event-driven (user input, network responses, timer events, etc.). 6 / 27
22 Web Script Semantics Web script semantics are a bit peculiar. Web scripts manipulate interconnected browser structures. Web scripts are event-driven (user input, network responses, timer events, etc.). Web scripts have interesting language constructs (first-class functions, dynamic evaluation, self, etc.). 6 / 27
23 Why Formalize This Stuff? We want to perform a rigorous study of browser information security policies. 7 / 27
24 Why Formalize This Stuff? We want to perform a rigorous study of browser information security policies. This demands a rigorous definition of browser behavior. 7 / 27
25 Simplifying Assumptions Abstract away from some lower-level details (parsing, rendering, DNS). 8 / 27
26 Simplifying Assumptions Abstract away from some lower-level details (parsing, rendering, DNS). Make the semantics deterministic, modulo the order of input events. 8 / 27
27 Simplifying Assumptions Abstract away from some lower-level details (parsing, rendering, DNS). Make the semantics deterministic, modulo the order of input events. Model the BOM operations semantics but not the details of the JavaScript langauge. 8 / 27
28 Simplifying Assumptions Abstract away from some lower-level details (parsing, rendering, DNS). Make the semantics deterministic, modulo the order of input events. Model the BOM operations semantics but not the details of the JavaScript langauge. Omit all security mechanisms. 8 / 27
29 Formalization Overview We ve designed a formal web browser semantics that... includes many key browser features. 9 / 27
30 Formalization Overview We ve designed a formal web browser semantics that... includes many key browser features. operates in a small-step style. 9 / 27
31 Formalization Overview We ve designed a formal web browser semantics that... includes many key browser features. operates in a small-step style. is declarative (in the style of logical inference rules). 9 / 27
32 Formalization Overview We ve designed a formal web browser semantics that... includes many key browser features. operates in a small-step style. is declarative (in the style of logical inference rules). is written down in a strongly-typed programming language (OCaml). 9 / 27
33 Included Features Multiple windows and pages Mutable document node trees Buttons and text boxes with handlers Network requests and responses with cookies Scripts with first-class functions, eval, and AJAX requests 10 / 27
34 Omitted Features Browsing history HTTP error codes and redirects timeout events in scripts javascript: URLs file: URLs 11 / 27
35 Related Work 12 / 27
36 Whole Browser Formalizations HTML5 13 / 27
37 Whole Browser Formalizations HTML5 Yu, Chander, Islam, and Serikov: JavaScript Instrumentation for Browser Security (POPL 2007). 13 / 27
38 Whole Browser Formalizations HTML5 Yu, Chander, Islam, and Serikov: JavaScript Instrumentation for Browser Security (POPL 2007). Yoshihama, Tateishi, Tabuchi, and Matsumoto: Information-Flow Based Access Control for Web Browsers (IEICE Transactions, May 2009). 13 / 27
39 Other Formalizations Maffeis, Mitchell, and Taly: An Operational Semantics for JavaScript (ASPLAS 2008). Gardner, Smith, Wheelhouse, and Zarfaty: Local Hoare Reasoning About DOM (PODS 2008). Akhawe, Barth, Lam, Mitchell, and Song: Towards a Formal Foundation of Web Security (CSF 2010). 14 / 27
40 Formalization Details 15 / 27
41 Reactive Systems Consumer States Producer States 16 / 27
42 Reactive Systems Consumer States i Producer States 16 / 27
43 Reactive Systems Consumer States i Producer States o 16 / 27
44 Reactive Systems Consumer States i Producer States o o 16 / 27
45 Web Browser Consumer State Window store Page store Node store Activation record store Cookie store List of open network connections 17 / 27
46 Web Browser Producer State Window store Page store Node store Activation record store Cookie store List of open network connections Task list 18 / 27
47 Window Store Window store Page store Node store Activation record store Cookie store List of open network connections Task list window: name string (optional) opener reference to a window (optional) current page reference to a page 19 / 27
48 Page Store Window store Page store Node store Activation record store Cookie store List of open network connections Task list page: address URL root node reference to a node environment reference to an activation record script queue list of scripts or placeholders 20 / 27
49 Network Connection List Window store Page store Node store Activation record store Cookie store List of open network connections Task list network connection: connection for document request: URL, reference to a window connection for script request: URL, reference to a node connection for AJAX request: URL, reference to a page, expression 21 / 27
50 Selected Inputs From the user: load in new window(url) click button(win, n) From the network: receive(d, n, resp) 22 / 27
51 Selected Outputs To the user: win closed(win) page updated(win, doc) To the network: send(d, req uri, cookies, msg) 23 / 27
52 What s Next? 24 / 27
53 Using Our Browser Semantics Primarily, our formalization should be viewed as a human-readable template. 25 / 27
54 Using Our Browser Semantics Primarily, our formalization should be viewed as a human-readable template. Others may be interested in slightly different features. 25 / 27
55 Using Our Browser Semantics Primarily, our formalization should be viewed as a human-readable template. Others may be interested in slightly different features. The semantics may need to be translated to a different machine-consumable form. 25 / 27
56 Work in Progress Translate browser formaliztion into Coq. 26 / 27
57 Work in Progress Translate browser formaliztion into Coq. Define security policies for the browser in terms of reactive noninterference (Bohannon, et al., CCS 2009). 26 / 27
58 Work in Progress Translate browser formaliztion into Coq. Define security policies for the browser in terms of reactive noninterference (Bohannon, et al., CCS 2009). Prove the soundness of some enforcement mechanisms for these policies. 26 / 27
59 Work in Progress Translate browser formaliztion into Coq. Define security policies for the browser in terms of reactive noninterference (Bohannon, et al., CCS 2009). Prove the soundness of some enforcement mechanisms for these policies. Gain a better understanding of end-to-end web browser security. 26 / 27
60 Thank You 27 / 27
Featherweight Firefox
Featherweight Firefox Formalizing the Core of a Web Browser Aaron Bohannon University of Pennsylvania Benjamin C. Pierce University of Pennsylvania Abstract We offer a formal specification of the core
More informationJavaScript CS 4640 Programming Languages for Web Applications
JavaScript CS 4640 Programming Languages for Web Applications 1 How HTML, CSS, and JS Fit Together {css} javascript() Content layer The HTML gives the page structure and adds semantics Presentation
More informationUnderstanding and Verifying JavaScript Programs
Understanding and Verifying JavaScript Programs Philippa Gardner Imperial College London LFCS 30th Anniversary 1/31 JavaScript at Imperial Philippa Gardner José Fragoso Santos Petar Maksimović Daiva Naudˇziūnienė
More informationThis course is designed for web developers that want to learn HTML5, CSS3, JavaScript and jquery.
HTML5/CSS3/JavaScript Programming Course Summary Description This class is designed for students that have experience with basic HTML concepts that wish to learn about HTML Version 5, Cascading Style Sheets
More informationJavaScript CS 4640 Programming Languages for Web Applications
JavaScript CS 4640 Programming Languages for Web Applications 1 How HTML, CSS, and JS Fit Together {css} javascript() Content layer The HTML gives the page structure and adds semantics Presentation
More informationBrowser code isolation
CS 155 Spring 2016 Browser code isolation John Mitchell Acknowledgments: Lecture slides are from the Computer Security course taught by Dan Boneh and John Mitchell at Stanford University. When slides are
More informationHTTP Security Headers Explained
HTTP Security Headers Explained Scott Sauber Slides at scottsauber.com scottsauber Audience Anyone with a website Agenda What are HTTP Security Headers? Why do they matter? HSTS, XFO, XSS, CSP, CTO, RH,
More informationUr/Web: A Simple Model for Programming the Web. Adam Chlipala MIT CSAIL POPL 2015 January 15, 2015
Ur/Web: A Simple Model for Programming the Web Adam Chlipala MIT CSAIL POPL 2015 January 15, 2015 Ur / Web Ur A new general-purpose typed functional language λ Web Tools for implementing modern three-tier
More informationJinx Malware 2.0 We know it s big, we measured it! Itzik Kotler Yoni Rom
Jinx Malware 2.0 We know it s big, we measured it! Itzik Kotler Yoni Rom This is how your browser looks like before Jinx has loaded This is how your browser looks like after Jinx has loaded Did you see
More informationHTML 5 and CSS 3, Illustrated Complete. Unit L: Programming Web Pages with JavaScript
HTML 5 and CSS 3, Illustrated Complete Unit L: Programming Web Pages with JavaScript Objectives Explore the Document Object Model Add content using a script Trigger a script using an event handler Create
More informationANGULARJS - MOCK TEST ANGULARJS MOCK TEST II
http://www.tutorialspoint.com ANGULARJS - MOCK TEST Copyright tutorialspoint.com This section presents you various set of Mock Tests related to AngularJS Framework. You can download these sample mock tests
More informationIntroduction to JavaScript p. 1 JavaScript Myths p. 2 Versions of JavaScript p. 2 Client-Side JavaScript p. 3 JavaScript in Other Contexts p.
Preface p. xiii Introduction to JavaScript p. 1 JavaScript Myths p. 2 Versions of JavaScript p. 2 Client-Side JavaScript p. 3 JavaScript in Other Contexts p. 5 Client-Side JavaScript: Executable Content
More informationWeb Programming and Design. MPT Junior Cycle Tutor: Tamara Demonstrators: Aaron, Marion, Hugh
Web Programming and Design MPT Junior Cycle Tutor: Tamara Demonstrators: Aaron, Marion, Hugh Plan for the next 5 weeks: Introduction to HTML tags, creating our template file Introduction to CSS and style
More informationCopyright Descriptor Systems, Course materials may not be reproduced in whole or in part without prior written consent of Joel Barnum
Ajax The notion of asynchronous request processing using the XMLHttpRequest object has been around for several years, but the term "AJAX" was coined by Jesse James Garrett of Adaptive Path. You can read
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationWeb Security Model and Applications
Web Security Model and Applications In this Tutorial Motivation: formal security analysis of web applications and standards Our Model of the Web Infrastructure Single Sign-On Case Studies Formal Security
More informationThis is CS50. Harvard College Fall Quiz 1 Answer Key
Quiz 1 Answer Key Answers other than the below may be possible. Know Your Meme. 0. True or False. 1. T 2. F 3. F 4. F 5. T Attack. 6. By never making assumptions as to the length of users input and always
More informationSecure Parameter Filter (SPF) (AKA Protecting Vulnerable Applications with IIS7) Justin Clarke, Andrew Carey Nairn
Secure Parameter Filter (SPF) (AKA Protecting Vulnerable Applications with IIS7) Justin Clarke, Andrew Carey Nairn Our Observations The same old code-level problems Input Validation, Parameter Manipulation,
More information(Refer Slide Time: 01:40)
Internet Technology Prof. Indranil Sengupta Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture No #25 Javascript Part I Today will be talking about a language
More informationMaster Syndication Gateway V2. User's Manual. Copyright Bontrager Connection LLC
Master Syndication Gateway V2 User's Manual Copyright 2005-2006 Bontrager Connection LLC 1 Introduction This document is formatted for A4 printer paper. A version formatted for letter size printer paper
More informationExecutive Summary. Performance Report for: The web should be fast. Top 1 Priority Issues. How does this affect me?
The web should be fast. Executive Summary Performance Report for: http://instantwebapp.co.uk/8/ Report generated: Test Server Region: Using: Fri, May 19, 2017, 4:01 AM -0700 Vancouver, Canada Firefox (Desktop)
More informationOctober 08: Introduction to Web Security
October 08: Introduction to Web Security Scribe: Rohan Padhye October 8, 2015 Web security is an important topic because web applications are particularly hard to secure, and are one of the most vulnerable/buggy
More informationCS 5450 HTTP. Vitaly Shmatikov
CS 5450 HTTP Vitaly Shmatikov Browser and Network Browser OS Hardware request reply website Network slide 2 HTML A web page includes Base HTML file Referenced objects (e.g., images) HTML: Hypertext Markup
More informationAJAX. Introduction. AJAX: Asynchronous JavaScript and XML
AJAX 1 2 Introduction AJAX: Asynchronous JavaScript and XML Popular in 2005 by Google Create interactive web applications Exchange small amounts of data with the server behind the scenes No need to reload
More informationInstallation Guide. Sitecore Federated Experience Manager. Installation & Configuration Guide
Sitecore Federated Experience Manager Installation Guide Rev: 23 August 2014 Sitecore Federated Experience Manager Installation Guide Installation & Configuration Guide Table of Contents Chapter 1 Overview...
More informationImproving Web Security:
Finding and fixing vulnerabilities in web security mechanisms Devdatta Akhawe, Adam Barth, Peifung E. Lam, John C. Mitchell and Dawn Song Stanford Computer Security Lab Improving Web Security: Introduction
More informationJavaScript is described in detail in many books on the subject, and there is excellent tutorial material at
JavaScript (last updated April 15, 2013: LSS) JavaScript is a scripting language, specifically for use on web pages. It runs within the browser (that is to say, it is a client- side scripting language),
More informationXMLHttpRequest. CS144: Web Applications
XMLHttpRequest http://oak.cs.ucla.edu/cs144/examples/google-suggest.html Q: What is going on behind the scene? What events does it monitor? What does it do when
More informationENRICHING PRIMO RECORDS WITH INFORMATION FROM WORDPRESS. Karsten Kryger Hansen Aalborg University Library
ENRICHING PRIMO RECORDS WITH INFORMATION FROM WORDPRESS Karsten Kryger Hansen Aalborg University Library AGENDA Who am I History and use case Information distribution Detour: HTML, JavaScript etc. in Primo
More informationJavaScript: Events, the DOM Tree, jquery and Timing
JavaScript: Events, the DOM Tree, jquery and Timing CISC 282 October 11, 2017 window.onload Conflict Can only set window.onload = function once What if you have multiple files for handlers? What if you're
More informationCOMS W3101: SCRIPTING LANGUAGES: JAVASCRIPT (FALL 2018)
COMS W3101: SCRIPTING LANGUAGES: JAVASCRIPT (FALL 2018) RAMANA ISUKAPALLI RAMANA@CS.COLUMBIA.EDU 1 LECTURE-1 Course overview See http://www.cs.columbia.edu/~ramana Overview of HTML Formatting, headings,
More informationAn Overview of. Eric Bollens ebollens AT ucla.edu Mobile Web Framework Architect UCLA Office of Information Technology
An Overview of Eric Bollens ebollens AT ucla.edu Mobile Web Framework Architect UCLA Office of Information Technology August 23, 2011 1. Design Principles 2. Architectural Patterns 3. Building for Degradation
More informationAnalysis of Security Critical APIs
Automated Encapsulation Analysis of Security Critical APIs Ankur Taly Stanford University it Joint work with John C. Mitchell, Ulfar Eli Erlingsson, Mark ks. Miller and Jasvir Nagra 5/5/2011 Stanford Security
More informationWriting Secure Chrome Apps and Extensions
Writing Secure Chrome Apps and Extensions Keeping your users safe Jorge Lucángeli Obes Software Engineer Keeping users safe A lot of work going into making browsers more secure What about users' data?
More informationWEB SECURITY: XSS & CSRF
WEB SECURITY: XSS & CSRF CMSC 414 FEB 22 2018 Cross-Site Request Forgery (CSRF) URLs with side-effects http://bank.com/transfer.cgi?amt=9999&to=attacker GET requests should have no side-effects, but often
More informationDOM: Specification & Client Reasoning
DOM: Specification & Client Reasoning Azalea Raad José Fragoso Santos Philippa Gardner Imperial College London APLAS 16 23 November 2016 1 Document Object Model (DOM) Cross-platform, language-independent,
More informationModule 5 JavaScript, AJAX, and jquery. Module 5. Module 5 Contains 2 components
Module 5 JavaScript, AJAX, and jquery Module 5 Contains 2 components Both the Individual and Group portion are due on Monday October 30 th Start early on this module One of the most time consuming modules
More informationAJAX: The Basics CISC 282 November 22, 2017
AJAX: The Basics CISC 282 November 22, 2017 Synchronous Communication User and server take turns waiting User requests pages while browsing Waits for server to respond Waits for the page to load in the
More informationCMSC 330: Organization of Programming Languages
CMSC 330: Organization of Programming Languages Operational Semantics CMSC 330 Summer 2018 1 Formal Semantics of a Prog. Lang. Mathematical description of the meaning of programs written in that language
More informationConScript. Specifying and Enforcing Fine- Grained Security Policies for JavaScript in the Browser. Leo Meyerovich UC Berkeley
ConScript Specifying and Enforcing Fine- Grained Security Policies for JavaScript in the Browser Leo Meyerovich UC Berkeley Benjamin Livshits MicrosoD Research 2 ComplicaFons Benign but buggy: who is to
More informationUniform Resource Locators (URL)
The World Wide Web Web Web site consists of simply of pages of text and images A web pages are render by a web browser Retrieving a webpage online: Client open a web browser on the local machine The web
More informationSections and Articles
Advanced PHP Framework Codeigniter Modules HTML Topics Introduction to HTML5 Laying out a Page with HTML5 Page Structure- New HTML5 Structural Tags- Page Simplification HTML5 - How We Got Here 1.The Problems
More informationUnifer Documentation. Release V1.0. Matthew S
Unifer Documentation Release V1.0 Matthew S July 28, 2014 Contents 1 Unifer Tutorial - Notes Web App 3 1.1 Setting up................................................. 3 1.2 Getting the Template...........................................
More informationHTML5 Creatives. MediaMath now supports HTML5 Creatives. Each T1AS HTML5 Creative must be uploaded with the following 2 components:
HTML5 Creatives MediaMath now supports HTML5 Creatives. Each T1AS HTML5 Creative must be uploaded with the following 2 components: Component HTML5 Asset Package: The zip file for the T1AS HTML5 creative.
More informationIntro To Javascript. Intro to Web Development
Intro To Javascript Intro to Web Development Preamble I don't like JavaScript But with JS your feelings don't matter. Browsers don't work well with any other language so you have to write code that either:
More informationPHP & PHP++ Curriculum
PHP & PHP++ Curriculum CORE PHP How PHP Works The php.ini File Basic PHP Syntax PHP Tags PHP Statements and Whitespace Comments PHP Functions Variables Variable Types Variable Names (Identifiers) Type
More information5/19/2015. Objectives. JavaScript, Sixth Edition. Introduction to the World Wide Web (cont d.) Introduction to the World Wide Web
Objectives JavaScript, Sixth Edition Chapter 1 Introduction to JavaScript When you complete this chapter, you will be able to: Explain the history of the World Wide Web Describe the difference between
More informationDelivery Options: Attend face-to-face in the classroom or via remote-live attendance.
XML Programming Duration: 5 Days US Price: $2795 UK Price: 1,995 *Prices are subject to VAT CA Price: CDN$3,275 *Prices are subject to GST/HST Delivery Options: Attend face-to-face in the classroom or
More informationAjax Ajax Ajax = Asynchronous JavaScript and XML Using a set of methods built in to JavaScript to transfer data between the browser and a server in the background Reduces the amount of data that must be
More informationWeb Programming and Design. MPT Junior Cycle Tutor: Tamara Demonstrators: Aaron, Marion, Hugh
Web Programming and Design MPT Junior Cycle Tutor: Tamara Demonstrators: Aaron, Marion, Hugh Plan for the next 5 weeks: Introduction to HTML tags, creating our template file Introduction to CSS and style
More information! The final is at 10:30 am, Sat 6/4, in this room. ! Open book, open notes. ! No electronic devices. ! No food. ! Assignment 7 due 10pm tomorrow
Announcements ECS 89 6/1! The final is at 10:30 am, Sat 6/4, in this room! Open book, open notes! No electronic devices! No food! Assignment 7 due 10pm tomorrow! No late Assignment 7 s! Fill out course
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall 2011.
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2011 Quiz I: Solutions Please do not write in the boxes below. I (xx/20) II (xx/10) III (xx/16)
More informationCOMS W3101: SCRIPTING LANGUAGES: JAVASCRIPT (FALL 2017)
COMS W3101: SCRIPTING LANGUAGES: JAVASCRIPT (FALL 2017) RAMANA ISUKAPALLI RAMANA@CS.COLUMBIA.EDU 1 LECTURE-1 Course overview See http://www.cs.columbia.edu/~ramana Overview of HTML Formatting, headings,
More information20486-Developing ASP.NET MVC 4 Web Applications
Course Outline 20486-Developing ASP.NET MVC 4 Web Applications Duration: 5 days (30 hours) Target Audience: This course is intended for professional web developers who use Microsoft Visual Studio in an
More informationEXAM Web Development Fundamentals. Buy Full Product.
Microsoft EXAM - 98-363 Web Development Fundamentals Buy Full Product http://www.examskey.com/98-363.html Examskey Microsoft 98-363 exam demo product is here for you to test the quality of the product.
More informationPenetration Testing. James Walden Northern Kentucky University
Penetration Testing James Walden Northern Kentucky University Topics 1. What is Penetration Testing? 2. Rules of Engagement 3. Penetration Testing Process 4. Map the Application 5. Analyze the Application
More informationAjax. Ronald J. Glotzbach
Ajax Ronald J. Glotzbach What is AJAX? Asynchronous JavaScript and XML Ajax is not a technology Ajax mixes well known programming techniques in an uncommon way Enables web builders to create more appealing
More informationWorkspace Administrator Help File
Workspace Administrator Help File Table of Contents HotDocs Workspace Help File... 1 Getting Started with Workspace... 3 What is HotDocs Workspace?... 3 Getting Started with Workspace... 3 To access Workspace...
More informationEtanova Enterprise Solutions
Etanova Enterprise Solutions Front End Development» 2018-09-23 http://www.etanova.com/technologies/front-end-development Contents HTML 5... 6 Rich Internet Applications... 6 Web Browser Hardware Acceleration...
More informationAjax Ajax Ajax = Asynchronous JavaScript and XML Using a set of methods built in to JavaScript to transfer data between the browser and a server in the background Reduces the amount of data that must be
More informationShankersinh Vaghela Bapu Institue of Technology
Branch: - 6th Sem IT Year/Sem : - 3rd /2014 Subject & Subject Code : Faculty Name : - Nitin Padariya Pre Upload Date: 31/12/2013 Submission Date: 9/1/2014 [1] Explain the need of web server and web browser
More informationExecutive Summary. Performance Report for: The web should be fast. Top 5 Priority Issues. How does this affect me?
The web should be fast. Executive Summary Performance Report for: http://idwebcare.nl/ Report generated: Test Server Region: Using: Tue, Aug 29, 2017, 5:08 AM -0700 Vancouver, Canada Firefox (Desktop)
More informationClient Side JavaScript and AJAX
Client Side JavaScript and AJAX Client side javascript is JavaScript that runs in the browsers of people using your site. So far all the JavaScript code we've written runs on our node.js server. This is
More informationIndex LICENSED PRODUCT NOT FOR RESALE
Index LICENSED PRODUCT NOT FOR RESALE A Absolute positioning, 100 102 with multi-columns, 101 Accelerometer, 263 Access data, 225 227 Adding elements, 209 211 to display, 210 Animated boxes creation using
More informationProject 3 Web Security Part 1. Outline
Project 3 Web Security Part 1 CS155 Indrajit Indy Khare Outline Quick Overview of the Technologies HTML (and a bit of CSS) Javascript PHP Assignment Assignment Overview Example Attack 1 New to web programming?
More informationAJAX: Introduction CISC 282 November 27, 2018
AJAX: Introduction CISC 282 November 27, 2018 Synchronous Communication User and server take turns waiting User requests pages while browsing Waits for server to respond Waits for the page to load in the
More informationAJAX: The Basics CISC 282 March 25, 2014
AJAX: The Basics CISC 282 March 25, 2014 Synchronous Communication User and server take turns waiting User requests pages while browsing Waits for server to respond Waits for the page to load in the browser
More informationthis is a cat CS50 Quiz 1 Review
CS50 Quiz 1 Review this is a cat CS50 Quiz 1 Review JavaScript CS50 Quiz 1 Review first, recall from zamyla Remember, PHP is run server-side. The HTML output of this PHP code is sent to the user. Server
More informationCSC Web Programming. JavaScript Browser Objects
CSC 242 - Web Programming JavaScript Browser Objects JavaScript Object Types User defined objects Native objects (Array, Math, Date, etc.) Host Objects provided by the browser The window object is a representation
More informationModule 5 JavaScript, AJAX, and jquery. Module 5. Module 5 Contains an Individual and Group component
Module 5 JavaScript, AJAX, and jquery Module 5 Contains an Individual and Group component Both are due on Wednesday October 24 th Start early on this module One of the most time consuming modules in the
More informationdjango-xross Documentation
django-xross Documentation Release 0.6.0 Igor idle sign Starikov Jan 14, 2018 Contents 1 Description 3 2 Requirements 5 3 Table of Contents 7 3.1 Quickstart................................................
More informationWeb Application Security
Web Application Security Rajendra Kachhwaha rajendra1983@gmail.com September 23, 2015 Lecture 13: 1/ 18 Outline Introduction to AJAX: 1 What is AJAX 2 Why & When use AJAX 3 What is an AJAX Web Application
More informationCS101 Introduction to Computing Midterm Solved Papers Spring 2012 by
CS101 Introduction to Computing Midterm Solved Papers Spring 2012 by www.virtualians.pk Question No: 1 ( Marks: 1 ) consists of cells arranged in rows & columns Spreadsheets Software Word processor Presentation
More informationBIG-IP Access Policy Manager : Portal Access. Version 13.0
BIG-IP Access Policy Manager : Portal Access Version 13.0 Table of Contents Table of Contents Overview of Portal Access...7 Overview: What is portal access?...7 About portal access configuration elements...
More informationDelivery Options: Attend face-to-face in the classroom or remote-live attendance.
XML Programming Duration: 5 Days Price: $2795 *California residents and government employees call for pricing. Discounts: We offer multiple discount options. Click here for more info. Delivery Options:
More information2/6/2012. Rich Internet Applications. What is Ajax? Defining AJAX. Asynchronous JavaScript and XML Term coined in 2005 by Jesse James Garrett
What is Ajax? Asynchronous JavaScript and XML Term coined in 2005 by Jesse James Garrett http://www.adaptivepath.com/ideas/essays/archives /000385.php Ajax isn t really new, and isn t a single technology
More informationwelcome to BOILERCAMP HOW TO WEB DEV
welcome to BOILERCAMP HOW TO WEB DEV Introduction / Project Overview The Plan Personal Website/Blog Schedule Introduction / Project Overview HTML / CSS Client-side JavaScript Lunch Node.js / Express.js
More informationFinancial. AngularJS. AngularJS.
Financial http://killexams.com/exam-detail/ Section 1: Sec One (1 to 50) Details:This section provides a huge collection of Angularjs Interview Questions with their answers hidden in a box to challenge
More informationOrigin Policy Enforcement in Modern Browsers
Origin Policy Enforcement in Modern Browsers A Case Study in Same Origin Implementations Frederik Braun Frederik Braun (Ruhr-Uni Bochum/Mozilla) Origin Policy Enforcement June 21, 2013 1 / 32 Table of
More informationUnraveling the Mysteries of J2EE Web Application Communications
Unraveling the Mysteries of J2EE Web Application Communications An HTTP Primer Peter Koletzke Technical Director & Principal Instructor Common Problem What we ve got here is failure to commun cate. Captain,
More informationUnit 4 The Web. Computer Concepts Unit Contents. 4 Web Overview. 4 Section A: Web Basics. 4 Evolution
Unit 4 The Web Computer Concepts 2016 ENHANCED EDITION 4 Unit Contents Section A: Web Basics Section B: Browsers Section C: HTML Section D: HTTP Section E: Search Engines 2 4 Section A: Web Basics 4 Web
More informationObject Capabilities and Isolation of Untrusted Web Application
Object Capabilities and Isolation of Untrusted Web Applications Dept. of Computer Science, Stanford University Joint work with Sergio Maffeis (Imperial College London) and John C. Mitchell (Stanford University)
More informationUser Interaction: jquery
User Interaction: jquery Assoc. Professor Donald J. Patterson INF 133 Fall 2012 1 jquery A JavaScript Library Cross-browser Free (beer & speech) It supports manipulating HTML elements (DOM) animations
More informationFinancial. AngularJS. AngularJS. Download Full Version :
Financial AngularJS AngularJS Download Full Version : https://killexams.com/pass4sure/exam-detail/angularjs Section 1: Sec One (1 to 50) Details:This section provides a huge collection of Angularjs Interview
More informationXML Processing & Web Services. Husni Husni.trunojoyo.ac.id
XML Processing & Web Services Husni Husni.trunojoyo.ac.id Based on Randy Connolly and Ricardo Hoar Fundamentals of Web Development, Pearson Education, 2015 Objectives 1 XML Overview 2 XML Processing 3
More informationPlatform. Custom Embedded Tabs. Custom Embedded Tab Definitions. Custom Embedded Tabs, page 1
Custom Embedded Tabs, page 1 Custom Embedded Tabs Applies to Cisco Jabber for desktop and mobile clients. Custom embedded tabs display HTML content in the client interface. Learn how to create custom embedded
More informationContent Security Policy
About Tim Content Security Policy New Tools for Fighting XSS Pentester > 10 years Web Applications Network Security Products Exploit Research Founded Blindspot Security in 2014 Pentesting Developer Training
More informationUsing Development Tools to Examine Webpages
Chapter 9 Using Development Tools to Examine Webpages Skills you will learn: For this tutorial, we will use the developer tools in Firefox. However, these are quite similar to the developer tools found
More informationWeb 2.0 and AJAX Security. OWASP Montgomery. August 21 st, 2007
Web 2.0 and AJAX Security OWASP Montgomery August 21 st, 2007 Overview Introduction Definition of Web 2.0 Basics of AJAX Attack Vectors for AJAX Applications AJAX and Application Security Conclusions 1
More informationCodeValue. C ollege. Prerequisites: Basic knowledge of web development and especially JavaScript.
Course Syllabuses Introduction to AngularJS Length: 3 days Prerequisites: Basic knowledge of web development and especially JavaScript. Objectives: Students will learn to take advantage of AngularJS and
More informationPrograming for Digital Media EE1707. Lecture 4 JavaScript By: A. Mousavi & P. Broomhead SERG, School of Engineering Design, Brunel University, UK
Programing for Digital Media EE1707 Lecture 4 JavaScript By: A. Mousavi & P. Broomhead SERG, School of Engineering Design, Brunel University, UK 1 today Event Handling in JavaScript Client-Side JavaScript
More informationJavascript. Many examples from Kyle Simpson: Scope and Closures
Javascript Many examples from Kyle Simpson: Scope and Closures What is JavaScript? Not related to Java (except that syntax is C/Java- like) Created by Brendan Eich at Netscape later standardized through
More informationCorso di Progettazione di Applicazioni Web e Mobile
Corso di Progettazione di Applicazioni Web e Mobile Mirko Calvaresi Università di Camerino - Mirko Calvaresi - Progettazione Applicazioni Web e Mobile What this is about? How a web appliaction works? let
More informationClient Side Security And Testing Tools
OWASP Jakarta Tech Day Meetup 2017 Client Side Security And Testing Tools David Cervigni @ Minded Security Agenda Short Intro Client side threats: Why important/difficult Examples: Dom XSS, HTTP Param
More informationExecutive Summary. Performance Report for: The web should be fast. Top 5 Priority Issues. How does this affect me?
The web should be fast. Executive Summary Performance Report for: https://designmartijn.nl/ Report generated: Test Server Region: Using: Sun, Sep 30, 2018, 7:29 AM -0700 Vancouver, Canada Chrome (Desktop)
More informationThe DOM and jquery functions and selectors. Lesson 3
The DOM and jquery functions and selectors Lesson 3 Plan for this lesson Introduction to the DOM Code along More about manipulating the DOM JavaScript Frameworks Angular Backbone.js jquery Node.js jquery
More informationDefense-in-depth techniques. for modern web applications
Defense-in-depth techniques for modern web applications About Us Lukas Weichselbaum Michele Spagnuolo Senior Information Security Engineer Senior Information Security Engineer We work in a focus area of
More informationChrome Extension Security Architecture
Chrome Extension Security Architecture Presenter: Jienan Liu Network, Intelligence & security Lab outline Chrome extension introduction Threats towards extension Chrome extension s security architecture
More informationData Communication & Computer Networks MCQ S
Data Communication & Computer Networks MCQ S 1. The translates internet domain and host names to IP address. a) domain name system b) routing information protocol c) network time protocol d) internet relay
More informationLecture 17 Browser Security. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Some slides from Bailey's ECE 422
Lecture 17 Browser Security Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Some slides from Bailey's ECE 422 Documents Browser's fundamental role is to display documents comprised
More information