You're reading from Professional JavaScript for Web Developers Discover an easy-to-learn guide to upgrade your JavaScript skills

Product type Paperback

Published in Nov 2019

Publisher Wiley

ISBN-13 9781119366447

Length 1144 pages

Edition 4th Edition

Languages

JavaScript

Tools

Combine

Concepts

Web Programming

Author (1):

Matt Frisbie

View More author details

Table of Contents (37) Chapters

COVER FREE CHAPTER

FOREWORD

INTRODUCTION

1 What Is JavaScript?

2 JavaScript in HTML

3 Language Basics

4 Variables, Scope, and Memory

5 Basic Reference Types

6 Collection Reference Types

7 Iterators and Generators

8 Objects, Classes, and Object-Oriented Programming

9 Proxies and Reflect

10 Functions

11 Promises and Async Functions

12 The Browser Object Model

13 Client Detection

14 The Document Object Model

15 DOM Extensions

16 DOM Levels 2 and 3

17 Events

18 Animation and Graphics with Canvas

19 Scripting Forms

20 JavaScript APIs

21 Error Handling and Debugging

22 XML in JavaScript

23 JSON

24 Network Requests and Remote Resources

25 Client-Side Storage

26 Modules

27 Workers

28 Best Practices

A ES2018 and ES2019

B Strict Mode

C JavaScript Libraries and Frameworks

D JavaScript Tools

INDEX

END USER LICENSE AGREEMENT

SECURITY

A lot has been published about Ajax security; in fact, there are entire books dedicated to the topic. Security considerations for large-scale Ajax applications are vast, but there are some basic things to understand about Ajax security in general.

First, any URL that can be accessed via Ajax can also be accessed by a browser or a server. For example, consider the following URL:

/getuserinfo.php?id=23

If a request is made to this URL, it will presumably return some data about a user whose ID is 23. There is nothing to stop someone from changing the URL to a user ID of 24 or 56 or any other value. The getuserinfo.php file must know whether the requestor actually has access to the data that is being requested; otherwise, you have left the server wide open to relay data about anyone.

When an unauthorized system is able to access a resource, it is considered a cross-site request forgery (CSRF) attack. The unauthorized system is making itself appear to be legitimate to the server...