Il Framework XAJAX

Total Page:16

File Type:pdf, Size:1020Kb

Il Framework XAJAX Il framework XAJAX Vincenzo Della Mea (PWLS 6.11, 6.12, 6.13) Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 1 Sommario • XAJAX – Principi e API • Un esempio semplice: – rivisitazione del cambio di colori dello sfondo della pagina corrente. • Un esempio complesso: – generazione “interattiva” del codice fiscale Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 2 XAJAX • http://xajaxproject.org/ • Framework in PHP per lo sviluppo di applicazioni AJAX: – generazione automatica delle funzioni Javascript che ruotano attorno a XmlHttpRequest; – codice PHP per l’accesso al DOM della pagina (tradotto ovviamente in Javascript); – non è richiesta nessuna conoscenza di Javascript. Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 3 XAJAX: Oggetti principali • xajax_core: – xajax – xajaxRequest – xajaxResponse – xajaxControl – xajaxPlugin • xajax_js: – DOM, events, CSS, … • xajax_controls: validatori (X)HTML, … • xajax_plugins: GoogleMaps, HTML table Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 4 Tipico pattern di utilizzo • Solitamente si creano tre file PHP: – un file di configurazione, – un file per la componente lato server, – un file per la componente lato client. • Il file di configurazione viene incluso ed utilizzato dagli altri due. Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 5 XAJAX: cosa fare • Configurazione: – si include la libreria di classi xajax per mezzo del file xajax.inc.php; – si dichiara ed istanzia un oggetto xajax; – si registrano i nomi delle funzioni fornite dal server e chiamate asincronamente dal client. • Server: – si include la configurazione; – si definiscono le funzioni registrate in modo che ritornino valori o modifichino il DOM; – si elaborano le richieste con apposito metodo processRequest. • Client: – si include la configurazione; – si genera il codice Javascript ($xajax->printJavascript();); – si mettono le chiamate alle funzioni registrate (prefisse da xajax_) nei soliti attributi (corrispondenti agli eventi del DOM). Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 6 Un esercizio semplice • Rifacciamo l’esercizio dei colori visto introducendo la tecnologia AJAX: – svilupperemo una pagina web con tre campi di input in cui inseriremo tre numeri per i valori di R,G,B con cui impostare il colore di sfondo della pagina, " –!Il tutto “asincronamente” (senza ricaricare)" Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 7 Preparazione •! Dentro public_html creare una cartella ajax, e dentro di essa xajax •! Scaricare xajax (standard) dentro xajax e decomprimerla: –! wget http://xajaxproject.org/media/xajax/ 0.5_final/xajax_0.5_standard.zip •! Voilà! •! Metteremo i nostri due esercizi dentro la cartella ajax, includendo il necessario dalla cartella xajax Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 8 Configurazione: colori_config.php <?php //includiamo la classe base require_once ("xajax/xajax_core/xajax.inc.php"); //creiamo un oggetto ajax corrispondente al server $xajax = new xajax("coloriserver2.php"); //tra le variabili di configurazione: dov’è il codice JS della libreria $xajax->configure('javascript URI','xajax/'); // registro l’unica funzione che servirò $xajax->register(XAJAX_FUNCTION,"ImpostaSfondo"); ?> Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 9 Server: coloriserver2.php <? function ImpostaSfondo($r, $g, $b) { $risposta = new xajaxResponse(); $risposta-> assign("descrizione", "innerHTML", "Esadecimale: " . dechex($r). dechex($g).dechex($b)); $risposta->assign("corpo","style.background","rgb($r,$g, $b)"); return $risposta; } require("colori_config.php"); $xajax->processRequest(); ?> Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 10 Server: commenti •! Nella funzione servita creo una risposta, i cui metodi vanno a modificare il DOM: –!metodo assign(dove, cosa, valore) •! Le funzioni registrate sono quelle che intendo chiamare da Javascript, negli attributi! •! Includo la configurazione. •! Servo le richieste con ProcessRequest Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 11 Client: colori2.php <?php require("colori_config.php"); ?> <html><head><title>Colori RGB</title> <?php $xajax->printJavascript(); ?> </head> <body id="corpo"> R: <input type="text" name="R" id="r" value="255" size="3" /> G: <input type="text" name="G" id="g" value="255" size="3" /> B: <input type="text" name="B" id="b" value="255" size="3" /> <input type="button" value="Cambia sfondo" onclick="xajax_ImpostaSfondo(document.getElementById ('r').value,document.getElementById ('g').value,document.getElementById('b').value);" /> <p id="descrizione"> - </p> </body> </html> Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 12 Client: commenti •! Deve essere un file PHP perché devo includere del codice Javascript generato automaticamente: –!<?php $xajax->printJavascript(); ?> •! Le funzioni registrate possono essere chiamate ove usuale, con il nome xajax_nomedefinitoinphp Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 13 Nota •! XAJAX 0.5 non è PHP 5 strict! •! Nel caso in cui compaiano i seguenti messaggi: –! Deprecated: Assigning the return value of new by reference is deprecated in … on line 360 –! Deprecated: Assigning the return value of new by reference is deprecated in … on line 1305 •! occorre editare il file xajax_core/xajax.inc.php nelle linee indicate (360 e 1305), eliminando il carattere ’&’. Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 14 Esercizio complesso: codice fiscale •! Faremo una pagina web che calcola il codice fiscale man mano che inseriamo i dati anagrafici (nome, cognome, ecc.). Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 15 Codice fiscale •! Cognome: 3 caratteri: prime tre consonanti, se non ce ne sono a sufficienza anche le vocali, se non ce ne sono a sufficienza X. •! Nome: 3 caratteri: prima terza e quarta consonante se ci sono, se no prime tre, se no come sopra. •! Sesso e data di nascita: 2 cifre anno, una lettera per il mese (secondo una tabella apposita), 2 cifre per il giorno (+40 per le donne). •! Comune: 4 caratteri presi da un apposito elenco; la provincia serve per discriminare tra comuni con lo stesso nome. •! Infine, codice di controllo tipo digest, calcolato su caratteri pari e dispari del codice secondo due diverse tabelle di corrispondenza, diviso 26 -> il resto della divisione è un carattere dell’alfabeto. Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 16 Schema dell’applicazione •! Il server fornirà funzioni separate per ogni parte indipendente del codice fiscale. •! Il client chiamerà le funzioni in uscita o modifica del contenuto del controllo in cui stiamo scrivendo. •! I dati specifici per il calcolo del codice fiscale sono ospitati in vettori per comodità. Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 17 vettori_codice_fiscale.php" (da /home/vdm/public_html/codicefiscale/…) <?php //consonanti $consonanti=array ("B","C","D","F","G","H","J","K","L","M","N","P","Q","R","S","T","V"," W","X","Y","Z"); //caratteri da non considerare $altricaratteri=array(" ","'","`","\t","!"); //codici mesi $mese= array( "1" => "A”, "2" => "B”, "3" => "C”, "4" => "D”, "5" => "E”, "6" => "H”, "7" => "L", "8" => "M”, "9" => "P”, "10" => "R”, "11" => "S”, "12" => "T”); //codifica dei caratteri per il calcolo del carattere di controllo $codicedispari=array("0" =>1, "1" =>0,"2" =>5,"3" =>7,…,"Y" =>24,"Z" =>23); $codicepari=array("0" =>0, "1" =>1,"2" =>2,"3" =>3,…"Y" =>24,"Z" =>25); Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 18 codici_comuni.php <?php //codici dei Comuni e degli Stati esteri $codicecomune= array( 'PD:ABANO BAGNI'=>'A001', 'PD:ABANO TERME'=>'A001', 'CO:ABBADIA'=>'A002', 'TO:ABBADIA'=>'A003', 'TO:ABBADIA ALPINA'=>'A003', 'MI:ABBADIA CERRETO'=>'A004', … 'TN:LEDRO'=>'M313’, ); ?> Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 19 funzioni_codice_fiscale.php/1 <?php require("vettori_codice_fiscale.php"); require("codici_comuni.php"); function cognome($c) { global $consonanti; global $altricaratteri; $c=strtoupper($c); $vettore= str_split($c); $code=""; foreach($vettore as $l) if(in_array($l,$consonanti)) $code .= $l; if(strlen($code)>2) return substr($code,0,3); foreach($vettore as $l) if(!in_array($l,$consonanti) AND !in_array($l, $altricaratteri)) $code .= $l; if(strlen($code)>2) return substr($code,0,3); else $code .= "XXX"; return substr($code,0,3); } Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 20 funzioni_codice_fiscale.php/2 function nome($c) { global $consonanti; global $altricaratteri; $c=strtoupper($c); $vettore= str_split($c); $code=""; foreach($vettore as $l) if(in_array($l,$consonanti)) $code .= $l; if(strlen($code)>3) return substr($code,0,1) . substr ($code,2,2); if(strlen($code)>2) return substr($code,0,3); foreach($vettore as $l) if(!in_array($l,$consonanti) AND !in_array($l, $altricaratteri)) $code .= $l; if(strlen($code)>2) return substr($code,0,3); else $code .= "XXX"; return substr($code,0,3); } Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 21 funzioni_codice_fiscale.php/3 //data di nascita: 01-12-2010, sesso: M o F function datanascita($d, $s) { global $mese; $code=substr($d, 8,2) . $mese[(integer) substr($d,3,2)];
Recommended publications
  • Javascript Hijacking Brian Chess, Yekaterina Tsipenyuk O'neil, Jacob West
    JavaScript Hijacking Brian Chess, Yekaterina Tsipenyuk O'Neil, Jacob West March 12, 2007 Summary An increasing number of rich Web applications, often called AJAX applications, make use of JavaScript as a data transport mechanism. This paper describes a vulnerability we term JavaScript Hijacking, which allows an unauthorized party to read sensitive data contained in JavaScript messages. The attack works by using a <script> tag to circumvent the Same Origin Policy enforced by Web browsers. Traditional Web applications are not vulnerable because they do not use JavaScript as a data transport mechanism. We analyzed the 12 most popular AJAX frameworks, including 4 server-integrated toolkits – Direct Web Remoting (DWR), Microsoft ASP.NET AJAX (a.k.a. Atlas), XAJAX and Google Web Toolkit (GWT) -- and 8 purely client-side libraries -- Prototype, Script.aculo.us, Dojo, Moo.fx, jQuery, Yahoo! UI, Rico, and MochiKit. We determined that among them only DWR 2.0 implements mechanisms for preventing JavaScript Hijacking. The rest of the frameworks do not explicitly provide any protection and do not mention any security concerns in their documentation. Many programmers are not using any of these frameworks, but based on our findings with the frameworks, we believe that many custom-built applications are also vulnerable. An application may be vulnerable if it: • Uses JavaScript as a data transfer format • Handles sensitive data We advocate a two-pronged mitigation approach that allows applications to decline malicious requests and prevent attackers from directly executing JavaScript the applications generate. 1. Introduction1 Although the term “Web 2.0” does not have a rigorous definition, it is commonly used in at least two ways.
    [Show full text]
  • Ajax for Dummies (2006).Pdf
    01_785970 ffirs.qxp 1/20/06 10:51 AM Page iii Ajax FOR DUMmIES‰ by Steve Holzner, PhD 01_785970 ffirs.qxp 1/20/06 10:51 AM Page ii 01_785970 ffirs.qxp 1/20/06 10:51 AM Page i Ajax FOR DUMmIES‰ 01_785970 ffirs.qxp 1/20/06 10:51 AM Page ii 01_785970 ffirs.qxp 1/20/06 10:51 AM Page iii Ajax FOR DUMmIES‰ by Steve Holzner, PhD 01_785970 ffirs.qxp 1/20/06 10:51 AM Page iv Ajax For Dummies® Published by Wiley Publishing, Inc. 111 River Street Hoboken, NJ 07030-5774 www.wiley.com Copyright © 2006 by Wiley Publishing, Inc., Indianapolis, Indiana Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permit- ted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions. Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc.
    [Show full text]
  • Copyrighted Material
    15_043067 bindex.qxd 6/15/06 7:38 PM Page 330 INDEX accessing XML on server, 172–173 A downloading and installing, 170–171, 176 absolute positioning, 288–289 downloading XML data, 174–175 add function, 40–41 stripping out whitespace, 172, 173, 174 addition function for XML data extraction, 82–83 URL encoding, 171 addition operator (+) (JavaScript), 40, 44, 45 alert boxes Ajax (Asynchronous JavaScript + XML). See also Ajax display by JavaScript function, 30–31 XMLHttpRequest frameworks; object displaying, 28–29 advantages, 2, 3, 62 displaying text from text fields, 37 attributes, 29, 262–263 aligning text in CSS, 278–279 downloading JavaScript, 94–95 AND logical operator (JavaScript), 53 event attributes, 29 anonymous JavaScript functions, 68 example of data Submit and fetch, 4–5 Apache Tomcat Java-based server, 231 XMLHttpRequest importance of object, 62 Apple Safari, 63 server-side scripts and PHP used with, 76–77 arguments, passing to functions, 38–39 Ajax frameworks arithmetic operators (JavaScript), 45 ! caution: importance of files and placement, 152 assignment operators (JavaScript), 44, 45 resultXML ! caution: naming global variable “ ”, 171, 175 asynchronous versus synchronous requests, ! caution: on use of global variables, 155, 159 178, 180 advantages, 152–153 attributes (Ajax), 29, 262–263 Ajax tag library, 236–239 autocomplete capability AJAXLib Ajax framework, 170–175 example demonstration site, 8–9 browser-based versus server-side, 152 support for, in Ajax tag library, 236–237 downloadable and free, 182 installing and allowing
    [Show full text]
  • Javascript Hijacking
    JavaScript Hijacking Brian Chess, Yekaterina Tsipenyuk O'Neil, Jacob West {brian, katrina, jacob}@fortifysoftware.com March 12, 2007 Summary An increasing number of rich Web applications, often called Ajax applications, make use of JavaScript as a data transport mechanism. This paper describes a vulnerability we term JavaScript Hijacking, which allows an unauthorized party to read confidential data contained in JavaScript messages. The attack works by using a <script> tag to circumvent the Same Origin Policy enforced by Web browsers. Traditional Web applications are not vulnerable because they do not use JavaScript as a data transport mechanism. We analyzed 12 popular Ajax frameworks, including 4 server-integrated toolkits – Direct Web Remoting (DWR), Microsoft ASP.NET Ajax (a.k.a. Atlas), xajax and Google Web Toolkit (GWT) -- and 8 purely client-side libraries -- Prototype, Script.aculo.us, Dojo, Moo.fx, jQuery, Yahoo! UI, Rico, and MochiKit. We determined that among them only DWR 2.0 implements mechanisms for preventing JavaScript Hijacking. The rest of the frameworks do not explicitly provide any protection and do not mention any security concerns in their documentation. Many programmers are not using any of these frameworks, but based on our findings with the frameworks, we believe that many custom-built applications are also vulnerable. An application may be vulnerable if it: • Uses JavaScript as a data transfer format • Handles confidential data We advocate a two-pronged mitigation approach that allows applications to decline malicious requests and prevent attackers from directly executing JavaScript the applications generate. 1. Introduction Although the term “Web 2.0” does not have a rigorous definition, it is commonly used in at least two ways.
    [Show full text]
  • Ajax, State of The
    AjAjaax,x, ststaattee ooff tthhee aarrtt Tarek Ziadé, Nuxeo [email protected] WWhhoo aamm ii ● I am engineer at Nuxeo ● I work on CPS, the famous ECM Plateform ;) ● I©ve been lately in charge of Ajax stuff in CPS ● I read Ajax related feeds before I go to bed WWhhaatt iiss AAjjaaxx ?? A dutch football club (a good one) A cleanser (really works) AA WWeebb 22..00 tteechchnnoollooggyy Asynchronous Javascript And XML WWhhaatt©©ss WWeebb 22..00 ?? TTiimm OO©©RReeiillllyy©©ss ©©ccoommppaacctt©© ddeeffiinniittiioonn:: Web 2.0 is the network as platform, spanning all connected devices; Web 2.0 applications are those that make the most of the intrinsic advantages of that platform: delivering software as a continually-updated service that gets better the more people use it, consuming and remixing data from multiple sources, including individual users, while providing their own data and services in a form that allows remixing by others, creating network effects through an "architecture of participation," and going beyond the page metaphor of Web 1.0 to deliver rich user experiences. MMaarrkkuuss AAnnggeerrmmeeiieerr©©ss vviieeww ooff WWeebb 22..00:: (courtesy of Markus Angermeier) WWeebb 22..00 AAppppss ✔ del.icio.us ✔ flickr ✔ Voo2do ✔ Digg ✔ Google Mail (Gmail) ✔ Writely ✔ Basecamp ✔ ... AjAjaaxx bbiigg ppiictctuurere 11//22 (courtesy of J. J. Garett) AjAjaaxx bbiigg ppiictctuurere 22//22 (courtesy of J. J. Garett) TThhee LLiistst ooff tthhiinnggss AjAjaaxx rereaallllyy bbririnnggss ✔ Increases interactivity ✔ Save bandwidth ✔ Helps avoiding some interactive
    [Show full text]
  • Ingeniería Del Software II: AJAX Vs Silverlight
    Ingeniería del Software II: AJAX vs Silverlight Diego Martín-Serrano Fernández Francisco José Oteo Fernández Jesús Martínez-Campos Martínez Índice 1. Introducción a Ajax...............................................................................................................3 2. Profundizando en Ajax.........................................................................................................4 2.1. Frameworks para desarrollo Ajax.....................................................................................5 3. Conclusión sobre Ajax.........................................................................................................6 4. Introducción a Silverlight......................................................................................................7 5. Profundizando en Silverlight................................................................................................8 6. Conclusión sobre Silverlight..............................................................................................10 7. Comparativa Ajax vs Silverlight..........................................................................................11 8. Bibliografía..........................................................................................................................14 Índice de tablas Tabla 1. Posibles valores del atributo readyState del objeto XMLHTTPRequest....................4 Tabla 2. Frameworks para el lado del servidor, según el lenguaje de programación.............6 Tabla 3. Comparativa características
    [Show full text]
  • XAJAX: Una Librería De AJAX Para PHP (Parte 1)
    XAJAX: una librería de AJAX para PHP (parte 1) AJAX es el acrónimo de Asynchronous Javascript And XML o Javascript y XML asíncronos dicho en nuestro idioma. Se trata de una combinación de tecnologías que se ha popularizado muchísimo desde hace unos años con la irrupción de la Web 2.0 y lo podemos encontrar en infinidad de páginas y servicios web como Gmail, Google Maps, Hotmail, Flickr y un largo etcétera. La clave de AJAX está en que es asíncrono, es decir, permite que la página del cliente realice peticiones al servidor sin recargar la página. Sólo se actualizan las partes de la página que nos interesan pero sin tener que recargar la página entera, lo que proporciona una sensación de navegación mucho más fluida. Para introducirnos en el mundo de AJAX vamos a utilizar una librería llamada XAJAX que nos permite aprovechar las capacidades de AJAX en nuestras páginas PHP. Podéis descargar esta librería en la página del proyecto http://xajaxproject.org/ A continuación, unos de códigos de ejemplo que se presentarán en diferentes capítulos para que sean más fáciles de leer. También se puede descargar la versión PDF con todos los ejemplos aquí. Y un Zip con los códigos fuente. Ejemplo 1. Introducción a la librería. Comencemos con un simple ‘Hola, mundo’ para ir calentando. En esta ocasión lo ponemos todo en el mismo archivo PHP llamado ‘holaAjax.php’. ‘holaAjax.php’ <?php require ('xajax/xajax.inc.php'); $xajax = new xajax(); function cambia_texto($mensaje){ $respuesta = new xajaxResponse(); $respuesta->addAssign("mensaje","innerHTML",$mensaje); return $respuesta; } $xajax->registerFunction("cambia_texto"); $xajax->processRequests(); ?> <html> <head> <?php $xajax->printJavascript("xajax/"); ?> </head> <body> <input type="button" onclick="xajax_cambia_texto('Hola Ajax);" value="Pulsa" /> <div id="mensaje"></div> </body> </html> Explicación: Lo primero que debemos hacer es importar la librería de xajax y crear una instancia de xajax: require ('xajax/xajax.inc.php'); xajax = new xajax(); A continuación definimos las funciones que se van a utilizar.
    [Show full text]
  • Overall Score for Your Score Is 56% | Grade B
    SeoSiteCheckup Report Overall score for http://www.powerpumpconcrete.com/ Your Score is 56% | Grade B 28 Important Fixes 0 Semi-Important Fixes 31 Passed Checks Title The title of your page have a length of 47 characters. Most search engines will truncate titles to 70 characters. Concrete Leveling & Repair - Powerpump Concrete Description The meta-description tag is missing from your page. You should include this tag in order to provide a brief description of your page which can be used by search engines or directories. HOW TO FIX In order to pass this test you must include a meta-description tag in your page header (<head> section): <head> <meta name="description" content="type_here_your_description"> </head> Note that in HTML the <meta> tag has no end tag but in XHTML this tag must be properly closed. Meta description can have any length but a good practice is to keep this up to 160 characters (search engines generally truncate snippets longer than this value). Keywords The meta-keywords tag is missing from your page. You should include meta-keywords to help indicate what your page is about to search engines. HOW TO FIX In order to pass this test you must include a meta-keywords tag in your page header (<head> section): <head> <meta name="keywords" content="keyword1, keyword2, keyword3"> </head> Separate keywords with commas and don't use any other punctuation beyond commas. Note that in HTML the <meta> tag has no end tag but in XHTML this tag must be properly closed. Most Common Keywords Test It appears that you can further optimize the density of your keywords above.
    [Show full text]
  • Copyrighted Material
    02_102633 ftoc.qxp 2/23/07 9:42 PM Page vii Preface................................................................................................................................xiii Acknowledgments ............................................................................................................xvii Part I: Fundamental Ajax 1 Chapter 1: Essential Ajax . 3 What Does “Ajax” Mean? ......................................................................................................6 What Can You Do with Ajax? ................................................................................................8 Create Ajax live searches..............................................................................................8 Create an Ajax-enabled calculator................................................................................9 Talk with Ajax chat applications ................................................................................10 Crunch numbers with spreadsheets ..........................................................................12 Browse Amazon ........................................................................................................12 Get the answer with Ajax autocomplete ....................................................................13 Log in with Ajax ........................................................................................................15 Download images ......................................................................................................17 Drag
    [Show full text]
  • Hacking Exposed-Web
    Hacking Exposed ™ Web 2.0 Reviews “In the hectic rush to build Web 2.0 applications, developers continue to forget about security or, at best, treat it as an afterthought. Don’t risk your customer data or the integrity of your product; learn from this book and put a plan in place to secure your Web 2.0 applications.” —Michael Howard Principal Security Program Manager, Microsoft Corp. “This book concisely identifies the types of attacks which are faced daily by Web 2.0 sites. The authors give solid, practical advice on how to identify and mitigate these threats. This book provides valuable insight not only to security engineers, but to application developers and quality assurance engineers in your organization.” —Max Kelly, CISSP, CIPP, CFCE Sr. Director, Security Facebook “This book could have been titled Defense Against the Dark Arts as in the Harry Potter novels. It is an insightful and indispensable compendium of the means by which vulnerabilities are exploited in networked computers. If you care about security, it belongs on your bookshelf.” —Vint Cerf Chief Internet Evangelist, Google “Security on the Web is about building applications correctly, and to do so developers need knowledge of what they need to protect against and how. If you are a web developer, I strongly recommend that you take the time to read and understand how to apply all of the valuable topics covered in this book.” —Arturo Bejar Chief Security Officer at Yahoo! “This book gets you started on the long path toward the mastery of a remarkably complex subject and helps you organize practical and in-depth information you learn along the way.” —From the Foreword by Michal Zalewski, White Hat Hacker and Computer Security Expert This page intentionally left blank HACKING EXPOSED™ WEB 2.0: WEB 2.0 SECURITY SECRETS AND SOLUTIONS RICH CANNINGS HIMANSHU DWIVEDI ZANE LACKEY New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Copyright © 2008 by The McGraw-Hill Companies.
    [Show full text]
  • Autocompletar Con Php Y Xajax
    AUTOCOMPLETAR CON PHP Y XAJAX Crearemos un autocompletar o buscador en línea de personas desde cero con php y mysql, usaremos la librería xajax para llenar y mostrar los datos de forma dinámica desde la base de datos, javascript para controlar algunos eventos, sobre todo para permitir el desplazamiento por la lista de coincidencias del autocompletar. Primero creamos nuestra tabla Persona: CREATE TABLE `persona` ( `IdPersona` int(11) NOT NULL auto_increment, `Nombres` varchar(50) collate utf8_spanish_ci NOT NULL, `Apellidos` varchar(50) collate utf8_spanish_ci NOT NULL, `NroDoc` varchar(10) collate utf8_spanish_ci NOT NULL, PRIMARY KEY (`IdPersona`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_spanish_ci AUTO_INCREMENT=17 ; Luego insertamos algunos datos: INSERT INTO `persona` (`IdPersona`, `Nombres`, `Apellidos`, `NroDoc`) VALUES (1, 'KARLA', 'KASOS', '2047957052'), (2, 'ANGELINA', 'JOLIE', '2053134335'), (3, 'CESAR', 'PISFIL PECHE', '43825485'), (4, 'GEYNEN', 'MONTENEGRO COCHAS', '12345678'), (5, 'VARIOS', 'CLIENTE', '-'), (6, 'JUAQUIN', 'ALVARADO', '33'), (7, 'VILMA', 'PALMA', '77'), (8, 'VLADIMIR', 'ZEÑA', '66'), (9, 'PEDRO', 'PERES PEÑA', '1111111111'), (10, 'PEÑA', 'PEÑA', '1111111111'), (11, 'JUAN', 'PERES', '33'), (12, 'JUANA', 'PERES', '33'), (13, 'ANDREA', 'TORRES', '33'), (14, 'MEGAN', 'FOX', '1111111111'), Geynen Rossler Montenegro Cochas Página 1 (15, 'KAREN', 'DEJO', '1111111111'), (16, 'JUITIJUITI', 'LA', '1111111111'); Estableceremos la conexión a la base de datos usando la extensión del php conocida como PDO (Objeto de datos del php), creamos un archivo con el nombre cado.php. <?php $manejador="mysql"; $servidor="localhost"; $usuario="root"; $pass=""; $base="bdautocompletar"; $cadena="$manejador:host=$servidor;dbname=$base"; $cnx = new PDO($cadena,$usuario,$pass,array(PDO::ATTR_PERSISTENT => true)); ?> Ahora crearemos nuestro archivo autocompletar.php, en el manejaremos el xajax (asumo que manejas el xajax), las funciones que me permitirán llamar al xajax, a las funciones del autocompletar y la vista.
    [Show full text]
  • AJAX AJAX Stands for Asynchronous Javascript and XML. It Is Not A
    AJAX AJAX stands for Asynchronous JavaScript and XML. It is not a programming language rather than it is a way of using existing standards to make more interactive web applications. To understand the AJAX application let us consider the standard HTTP transaction process. Whenever the client connects to server, the client sends request to server and server sends response to the client. After that client and server close their connection. After closing connection the client renders the document and this may include running some JavaScript. In an Ajax application, the JavaScript code then communicates with the server behind the scene. This communication with the server takes place asynchronously and transparently to the user. Data is exchanged with the server without the need for page reload. This process is accomplished with a special kind of HTTP request. Ajax is something which bridges the gap between the functionality and interactivity. It is a technique for crating interactive applications. It makes the web pages interactive, increases speed and usability and better user experience. Features of Ajax: 1. It enables in developing rich internet applications. 2. It enables dynamic web application development. 3. It improves the performance of the web application. 4. Here no plug in is required. 5. It provides real time updates. Components of Ajax: 1. HTML and CSS for marking up and to give style to the components of the site. 2. Client side scripting language (JavaScript) for dynamic display and interact with the information presented. 3. XMLHttp request object for exchanging data asynchronously with the web servers. 4. XML for transferring data.
    [Show full text]