Section A.7. Chapter 8


A.7. Chapter 8

  1. There are actually several different ways to save material on a client machine:

    • Use cookies

    • Use a third-party plug-in such as Flash

    • Ask the user to right-click on an element and save it to his local directory

    • Attach a downloadable file to a link, where clicking on the link opens a dialog and tells the user to save the file

    • Create a browser extension, which is then downloaded and installed

  2. A cookie name, a value, an expiration date for the cookie, and a path associated with the cookie.

  3. Do not provide an expiration date.

  4. Any data that can be invoked in the browser, or can be used to snoop around a clientâ??s cookies, or even run a server-side process. In particular, the phrase, javascript: or script tags should be scrubbed from input.

  5. However, this isnâ??t as cleanly defined as you would think. For content-management tools, it may be feasible for a person to enter script into a specific posting or page. But in a multiuser environment, an individual could use script to find out information about the other users of the system.

  6. Look at any input field with suspicion and ask yourself, who can enter data through the field, and do I trust them 100 percent? Then scrub the data.

  7. There is no right or wrong answer for this question. Here are some uses of cookies Iâ??ve seen:

    • To maintain a personâ??s username and URL and email for a comment system

    • To provide live feedback on data entries

    • To enable a spell checker

    • To store login information

    • To maintain a shopping cart

Iâ??ve never run up against the 4 K cookie limit in any of these cases.




Learning JavaScript
Learning JavaScript, 2nd Edition
ISBN: 0596521871
EAN: 2147483647
Year: 2006
Pages: 151

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net