Client-Side Scripts

Previous page
Table of content
Next page

Client-Side Scripts

When Netscape first came out with client-side JavaScript, it created a sensation. HTML content rendered by the browser didn't need to be static, because it could be driven by programs interpreted by the browser itself. Refreshing images automatically, performing computations on values within input fields without submitting them to the server, and manipulating cookies all can be done with client-side scripts. Today, there are two types of client-side scripts: JavaScript and VBScript. JavaScript runs on both Netscape and Microsoft browsers, but VBScript runs only on Internet Explorer.

Because client-side scripts are quite powerful, a lot of application logic can be moved from the server side to the browser, freeing the server from tasks that are more suitably carried out on the client side.

Client-side script code is embedded in HTML by using the <SCRIPT> </SCRIPT> tags. An example of a JavaScript that pops up a "Hello World" box is:

<SCRIPT LANGUAGE="JavaScript">
  document.write("<H1>This is JavaScript</H1>");
  alert("Hello World");
</SCRIPT>

In the example previously shown in Figure 7-2, the file example.html contains an embedded JavaScript. The JavaScript code is:

<SCRIPT LANGUAGE="JAVASCRIPT">
  var date = new Date();
  date.setFullYear(date.getFullYear() + 1);
  document.cookie = "modified=" + document.lastModified +
   "; expires=" + date.toGMTString();
</SCRIPT>

This JavaScript created a cookie on the client side that lasts a year from the date of creation.

The user can modify any client-side script or bypass it altogether. Because the code is sent to and executed by the browser, the user could save a copy of the code, modify it, and then load it onto the browser. Most browsers also allow the user to disable execution of client-side scripts completely, rendering the code within the <SCRIPT> tags completely useless. Developers should be careful not to rely on any checks performed by client-side scripts when input is being submitted via HTML forms. Some Web developers push the task of input validation, such as checking for meta-characters, checking buffer lengths, and the like to the browser. However, that is an entirely futile exercise because client-side scripts can be bypassed easily.

 


Previous page
Table of content
Next page
Web Hacking(c) Attacks and Defense
Web Hacking: Attacks and Defense
ISBN: 0201761769
EAN: 2147483647
Year: 2005
Pages: 156
Authors: Stuart McClure, Saumil Shah, Shreeraj Shah
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
GDI+ Programming with C#
Python Standard Library (Nutshell Handbooks) with
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy