Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Professional JavaScript for Web Developers

You're reading from   Professional JavaScript for Web Developers Discover an easy-to-learn guide to upgrade your JavaScript skills

Arrow left icon
Product type Paperback
Published in Nov 2019
Publisher Wiley
ISBN-13 9781119366447
Length 1144 pages
Edition 4th Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Matt Frisbie Matt Frisbie
Author Profile Icon Matt Frisbie
Matt Frisbie
Arrow right icon
View More author details
Toc

Table of Contents (37) Chapters Close

COVER FREE CHAPTER
FOREWORD
INTRODUCTION 1 What Is JavaScript? 2 JavaScript in HTML 3 Language Basics 4 Variables, Scope, and Memory 5 Basic Reference Types 6 Collection Reference Types 7 Iterators and Generators 8 Objects, Classes, and Object-Oriented Programming 9 Proxies and Reflect 10 Functions 11 Promises and Async Functions 12 The Browser Object Model 13 Client Detection 14 The Document Object Model 15 DOM Extensions 16 DOM Levels 2 and 3 17 Events 18 Animation and Graphics with Canvas 19 Scripting Forms 20 JavaScript APIs 21 Error Handling and Debugging 22 XML in JavaScript 23 JSON 24 Network Requests and Remote Resources 25 Client-Side Storage 26 Modules 27 Workers 28 Best Practices A ES2018 and ES2019 B Strict Mode C JavaScript Libraries and Frameworks D JavaScript Tools INDEX
END USER LICENSE AGREEMENT

SECURITY

A lot has been published about Ajax security; in fact, there are entire books dedicated to the topic. Security considerations for large-scale Ajax applications are vast, but there are some basic things to understand about Ajax security in general.

First, any URL that can be accessed via Ajax can also be accessed by a browser or a server. For example, consider the following URL:

/getuserinfo.php?id=23

If a request is made to this URL, it will presumably return some data about a user whose ID is 23. There is nothing to stop someone from changing the URL to a user ID of 24 or 56 or any other value. The getuserinfo.php file must know whether the requestor actually has access to the data that is being requested; otherwise, you have left the server wide open to relay data about anyone.

When an unauthorized system is able to access a resource, it is considered a cross-site request forgery (CSRF) attack. The unauthorized system is making itself appear to be legitimate to the server...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime