Standards for Web Applications on Mobile: Current State and Roadmap
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
M3AAWG Best Common Practices for Mitigating Abuse of Web Messaging Systems, Version 1.1 Updated March 2019 (2010)
Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) M3AAWG Best Common Practices for Mitigating Abuse of Web Messaging Systems, Version 1.1 Updated March 2019 (2010) The reference URL for this document is www.m3aawg.org/WebMessagingAbuse Table of Contents Updated in this Version ......................................................................................................................................................... 1 Introduction ........................................................................................................................................................................... 1 Typical Attacks ...................................................................................................................................................................... 2 Monitoring and Alerting ....................................................................................................................................................... 2 Proactive Defense .................................................................................................................................................................. 3 UI Access ........................................................................................................................................................................................................... 3 Web Application Security .............................................................................................................................................................................. -
Cross-Domain Communications
CSE 361: Web Security Cross-domain Communication Nick Nikiforakis 2 A World Without Separation between Sites http://kittenpics.org https://gmail.com 3 The Same-Origin Policy for JavaScript • Most basic access control policy • controls how active content can access resources • Same-Origin Policy for JavaScript for three actions • Script access to other document in same browser • frames/iframes • (popup) windows • Script access to application-specific local state • cookies, Web Storage, or IndexedDB • Explicit HTTP requests to other hosts • XMLHttpRequest 4 The Same-Origin Policy for JavaScript • Only allows access if origins match Protocol Hostname Port • Origin defined by protocol, hostname, and port http://example.org:80/path/ Originating document Accessed document Non-IE Browser Internet Explorer http://example.org/a http://example.org/b http://example.org http://www.example.org http://example.org https://example.org http://example.org http://example.org:81 5 Domain Relaxation • Two sub-domains of a common parent domain want to communicate • Notably: can overwrite different port! • Browsers allow setting document.domain property • Can only be set to valid suffix including parent domain • test.example.org -> example.org ok • example.org -> org forbidden • When first introduced, relaxation of single sub-domain was sufficient • Nowadays: both (sub-)domains must explicitly set document.domain 6 Domain Relaxation http://sub.kittenpics.org http://kittenpics.org document.domain = "kittenpics.org" document.domain = "kittenpics.org" 7 Domain Relaxation http://sub.kittenpics.org http://kittenpics.org document.domain = "kittenpics.org" Cross-Origin Communication 9 Cross-origin communication • Subdomains of the same domain can use domain relaxation when they want to talk to one another. -
Bibliography of Erik Wilde
dretbiblio dretbiblio Erik Wilde's Bibliography References [1] AFIPS Fall Joint Computer Conference, San Francisco, California, December 1968. [2] Seventeenth IEEE Conference on Computer Communication Networks, Washington, D.C., 1978. [3] ACM SIGACT-SIGMOD Symposium on Principles of Database Systems, Los Angeles, Cal- ifornia, March 1982. ACM Press. [4] First Conference on Computer-Supported Cooperative Work, 1986. [5] 1987 ACM Conference on Hypertext, Chapel Hill, North Carolina, November 1987. ACM Press. [6] 18th IEEE International Symposium on Fault-Tolerant Computing, Tokyo, Japan, 1988. IEEE Computer Society Press. [7] Conference on Computer-Supported Cooperative Work, Portland, Oregon, 1988. ACM Press. [8] Conference on Office Information Systems, Palo Alto, California, March 1988. [9] 1989 ACM Conference on Hypertext, Pittsburgh, Pennsylvania, November 1989. ACM Press. [10] UNIX | The Legend Evolves. Summer 1990 UKUUG Conference, Buntingford, UK, 1990. UKUUG. [11] Fourth ACM Symposium on User Interface Software and Technology, Hilton Head, South Carolina, November 1991. [12] GLOBECOM'91 Conference, Phoenix, Arizona, 1991. IEEE Computer Society Press. [13] IEEE INFOCOM '91 Conference on Computer Communications, Bal Harbour, Florida, 1991. IEEE Computer Society Press. [14] IEEE International Conference on Communications, Denver, Colorado, June 1991. [15] International Workshop on CSCW, Berlin, Germany, April 1991. [16] Third ACM Conference on Hypertext, San Antonio, Texas, December 1991. ACM Press. [17] 11th Symposium on Reliable Distributed Systems, Houston, Texas, 1992. IEEE Computer Society Press. [18] 3rd Joint European Networking Conference, Innsbruck, Austria, May 1992. [19] Fourth ACM Conference on Hypertext, Milano, Italy, November 1992. ACM Press. [20] GLOBECOM'92 Conference, Orlando, Florida, December 1992. IEEE Computer Society Press. http://github.com/dret/biblio (August 29, 2018) 1 dretbiblio [21] IEEE INFOCOM '92 Conference on Computer Communications, Florence, Italy, 1992. -
Introduction to Scalable Vector Graphics
Introduction to Scalable Vector Graphics Presented by developerWorks, your source for great tutorials ibm.com/developerWorks Table of Contents If you're viewing this document online, you can click any of the topics below to link directly to that section. 1. Introduction.............................................................. 2 2. What is SVG?........................................................... 4 3. Basic shapes............................................................ 10 4. Definitions and groups................................................. 16 5. Painting .................................................................. 21 6. Coordinates and transformations.................................... 32 7. Paths ..................................................................... 38 8. Text ....................................................................... 46 9. Animation and interactivity............................................ 51 10. Summary............................................................... 55 Introduction to Scalable Vector Graphics Page 1 of 56 ibm.com/developerWorks Presented by developerWorks, your source for great tutorials Section 1. Introduction Should I take this tutorial? This tutorial assists developers who want to understand the concepts behind Scalable Vector Graphics (SVG) in order to build them, either as static documents, or as dynamically generated content. XML experience is not required, but a familiarity with at least one tagging language (such as HTML) will be useful. For basic XML -
SMIL) Boston Specification W3C Working Draft 3-August-1999
next contents Synchronized Multimedia Integration Language (SMIL) Boston Specification W3C Working Draft 3-August-1999 This version: http://www.w3.org/1999/08/WD-smil-boston-19990803 Latest version: http://www.w3.org/TR/smil-boston Previous version: http://www.w3.org/AudioVideo/Group/smil-boston-19990723 (W3C members only) Editors: Jeff Ayars (RealNetworks), Aaron Cohen (Intel), Ken Day (Macromedia), Erik Hodge (RealNetworks), Philipp Hoschka (W3C), Rob Lanphier (RealNetworks), Nabil Layaïda (INRIA), Jacco van Ossenbruggen (CWI), Lloyd Rutledge (CWI), Bridie Saccocio (RealNetworks), Patrick Schmitz (Microsoft), Warner ten Kate (Philips), Ted Wugofski (Gateway), Jin Yu (Compaq) Copyright © 1999 W3C ® ( MIT, INRIA, Keio), All Rights Reserved. W3C liability, trademark, document use and software licensing rules apply. Abstract This document specifies the "Boston" version of the Synchronized Multimedia Integration Language (SMIL, pronounced "smile"). SMIL Boston has the following two design goals: ● Define a simple XML-based language that allows authors to write interactive multimedia presentations. Using SMIL Boston, an author can describe the temporal behavior of a multimedia presentation, associate hyperlinks with media objects and describe the layout of the presentation on a screen. ● Allow reusing of SMIL syntax and semantics in other XML-based languages, in particular those who need to represent timing and synchronization. For example, SMIL Boston components should be used for integrating timing into XHTML. Status of this document This section describes the status of this document at the time of its publication. Other documents may supersede this document. The latest status of this document series is maintained at the W3C. This document is the first working draft of the specification for the next version of SMIL code-named "Boston". -
Visualisation of Resource Flows Technical Report
Visualisation of Resource Flows Technical Report Jesper Karjalainen (jeska043) Erik Johansson (erijo926) Anders Kettisen (andke020) Tobias Nilsson (tobni908) Alexander Eriksson (aleer034) Contents 1. Introduction 1 1.1. Problem description . .1 1.2. Tools . .1 2. Background/Theory 1 2.1. Sphere models . .1 2.2. Vector Graphics . .2 2.3. Cubic Beziers . .2 2.4. Cartesian Mapping of Earth . .3 2.5. Lines in 3D . .3 2.6. Rendering Polygons . .4 2.6.1 Splitting polygons . .4 2.6.2 Tessellate polygons . .4 2.6.3 Filling Polygon by the Stencil Method . .5 2.7. Picking . .5 3. Method 5 3.1. File Loading . .5 3.2. Formatting new files . .6 3.3. Data Management . .6 3.4. Creating the sphere . .6 3.4.1 Defining the first vertices . .6 3.4.2 Making the sphere smooth . .7 3.5. Texturing a Sphere . .8 3.6. Generating Country Borders . .8 3.7. Drawing 3D lines . 10 3.8. Assigning widths to flow lines . 12 3.8.1 Linear scaling . 12 3.8.2 Logarithmic scaling . 12 3.9. Drawing Flow Lines . 12 3.10.Picking . 13 3.10.1 Picking on Simple Geometry . 13 3.10.2 Picking on Closed Polygon . 14 3.11.Rendering Polygons . 14 3.11.1 Concave Polygon Splitting into Convex Parts . 14 3.11.2 Filling by the Stencil Buffer Method . 16 3.12.Shader Animations . 16 3.12.1 2D-3D Transition Animation . 16 3.12.2 Flowline Directions . 17 3.13.User interface . 17 3.13.1 Connecting JavaScript and C++ . 17 3.13.2 Filling the drop-down lists with data . -
Progressive Imagery with Scalable Vector Graphics -..:: VCG Rostock
Progressive imagery with scalable vector graphics Georg Fuchsa, Heidrun Schumanna, and Ren´eRosenbaumb aUniversity of Rostock, Institute for Computer Science, 18051 Rostock, Germany; bUC Davis, Institute of Data Analysis & Visualization, Davis, CA 95616 U.S.A. ABSTRACT Vector graphics can be scaled without loss of quality, making them suitable for mobile image communication where a given graphics must be typically represented in high quality for a wide range of screen resolutions. One problem is that file size increases rapidly as content becomes more detailed, which can reduce response times and efficiency in mobile settings. Analog issues for large raster imagery have been overcome using progressive refinement schemes. Similar ideas have already been applied to vector graphics, but an implementation that is compliant to a major and widely adopted standard is still missing. In this publication we show how to provide progressive refinement schemes based on the extendable Scalable Vector Graphics (SVG) standard. We propose two strategies: decomposition of the original SVG and incremental transmission using (1) several linked files and (2) element-wise streaming of a single file. The publication discusses how both strategies are employed in mobile image communication scenarios where the user can interactively define RoIs for prioritized image communication, and reports initial results we obtained from a prototypically implemented client/server setup. Keywords: Progression, Progressive refinement, Scalable Vector Graphics, SVG, Mobile image communication 1. INTRODUCTION Vector graphics use graphic primitives such as points, lines, curves, and polygons to represent image contents. As those primitives are defined by means of geometric coordinates that are independent of actual pixel resolutions, vector graphics can be scaled without loss of quality. -
SVG Exploiting Browsers Without Image Parsing Bugs
SVG Exploiting Browsers without Image Parsing Bugs Rennie deGraaf iSEC Partners 07 August 2014 Rennie deGraaf (iSEC Partners) SVG Security BH USA 2014 1 / 55 Outline 1 A brief introduction to SVG What is SVG? Using SVG with HTML SVG features 2 Attacking SVG Attack surface Security model Security model violations 3 Content Security Policy A brief introduction CSP Violations 4 Conclusion Rennie deGraaf (iSEC Partners) SVG Security BH USA 2014 2 / 55 A brief introduction to SVG What is SVG? What is SVG? Scalable Vector Graphics XML-based W3C (http://www.w3.org/TR/SVG/) Development started in 1999 Current version is 1.1, published in 2011 Version 2.0 is in development First browser with native support was Konqueror in 2004; IE was the last major browser to add native SVG support (in 2011) Rennie deGraaf (iSEC Partners) SVG Security BH USA 2014 3 / 55 A brief introduction to SVG What is SVG? A simple example Source code <? xml v e r s i o n = ” 1 . 0 ” encoding = ”UTF-8” standalone = ” no ” ? > <svg xmlns = ” h t t p : // www. w3 . org / 2 0 0 0 / svg ” width = ” 68 ” h e i g h t = ” 68 ” viewBox = ”-34 -34 68 68 ” v e r s i o n = ” 1 . 1 ” > < c i r c l e cx = ” 0 ” cy = ” 0 ” r = ” 24 ” f i l l = ”#c8c8c8 ” / > < / svg > Rennie deGraaf (iSEC Partners) SVG Security BH USA 2014 4 / 55 A brief introduction to SVG What is SVG? A simple example As rendered Rennie deGraaf (iSEC Partners) SVG Security BH USA 2014 5 / 55 A brief introduction to SVG What is SVG? A simple example I am not an artist. -
CSS Containers: Making Websites Accessible to Disabled Users
CSS containers: making websites accessible to disabled users John R Hudson 1 May 2020∗ 1 Personal background I first became interested in page design as a student journalist at university. When I first started using a micro-computer, I was interested in how much time it could save me; when I discovered vector graphics in the mid 1980s, I realised that I could save time and produce quality output by using a computer. In the 1990s I worked with a blind student and learned how I could use my computing skills to make life easier for him. After 30 years of using my understanding to create quality printed documents and more recently PDF files, in 2010 I was inspired by a talk from David Fisher to put these principles to work in maintaining and developing websites. 2 The wider context Cascading style sheets (CSS), proposed in 1994 by Håkon Wium Lie, who worked at CERN, were first adopted by Microsoft in Internet Explorer 3 and then by Netscape and Opera. These separate the presentation of material on a website from its content and structure as defined by HTML. At the turn of the century, they went out of favour for a number of reasons and development focused on XHTML. But, a few years later, Mozilla, Apple and Opera began working on a new specification for HTML which would meet the needs of modern devices and which would rely on CSS for presentation. This was published in 2011 as a rolling release and work began on a series of rolling updates to CSS to cope with the needs of the new version of HTML and the demands of modern devices. -
A Trusted Infrastructure for Symbolic Analysis of Event-Driven Web
A Trusted Infrastructure for Symbolic Analysis of Event-Driven Web Applications Gabriela Sampaio Imperial College London, UK [email protected] José Fragoso Santos INESC-ID/Instituto Superior Técnico, Universidade de Lisboa, Portugal Imperial College London, UK [email protected] Petar Maksimović Imperial College London, UK [email protected] Philippa Gardner Imperial College London, UK [email protected] Abstract We introduce a trusted infrastructure for the symbolic analysis of modern event-driven Web applica- tions. This infrastructure consists of reference implementations of the DOM Core Level 1, DOM UI Events, JavaScript Promises and the JavaScript async/await APIs, all underpinned by a simple Core Event Semantics which is sufficiently expressive to describe the event models underlying these APIs. Our reference implementations are trustworthy in that three follow the appropriate standards line-by-line and all are thoroughly tested against the official test-suites, passing all the applicable tests. Using the Core Event Semantics and the reference implementations, we develop JaVerT.Click, a symbolic execution tool for JavaScript that, for the first time, supports reasoning about JavaScript programs that use multiple event-related APIs. We demonstrate the viability of JaVerT.Click by proving both the presence and absence of bugs in real-world JavaScript code. 2012 ACM Subject Classification Software and its engineering → Formal software verification; Software and its engineering → Software testing and debugging Keywords and phrases Events, DOM, JavaScript, promises, symbolic execution, bug-finding Digital Object Identifier 10.4230/LIPIcs.ECOOP.2020.28 Acknowledgements Fragoso Santos, Gardner, and Maksimović were partially supported by the EPSRC Programme Grant ‘REMS: Rigorous Engineering for Mainstream Systems’ (EP/K008528/1) and the EPSRC Fellowship ‘VetSpec: Verified Trustworthy Software Specification’ (EP/R034567/1). -
Interactive Topographic Web Mapping Using Scalable Vector Graphics
University of Nebraska at Omaha DigitalCommons@UNO Student Work 12-1-2003 Interactive topographic web mapping using scalable vector graphics Peter Pavlicko University of Nebraska at Omaha Follow this and additional works at: https://digitalcommons.unomaha.edu/studentwork Recommended Citation Pavlicko, Peter, "Interactive topographic web mapping using scalable vector graphics" (2003). Student Work. 589. https://digitalcommons.unomaha.edu/studentwork/589 This Thesis is brought to you for free and open access by DigitalCommons@UNO. It has been accepted for inclusion in Student Work by an authorized administrator of DigitalCommons@UNO. For more information, please contact [email protected]. INTERACTIVE TOPOGRAPHIC WEB MAPPING USING SCALABLE VECTOR GRAPHICS A Thesis Presented to the Department of Geography-Geology and the Faculty of the Graduate College University of Nebraska in Partial Fulfillment of the Requirements for the Degree Master of Arts University of Nebraska at Omaha by Peter Pavlicko December, 2003 UMI Number: EP73227 All rights reserved INFORMATION TO ALL USERS The quality of this reproduction is dependent upon the quality of the copy submitted. In the unlikely event that the author did not send a complete manuscript and there are missing pages, these will be noted. Also, if material had to be removed, a note will indicate the deletion. Dissertation WWisMng UMI EP73227 Published by ProQuest LLC (2015). Copyright in the Dissertation held by the Author. Microform Edition © ProQuest LLC. All rights reserved. This work is protected against unauthorized copying under Title 17, United States Code ProQuest LLC. 789 East Eisenhower Parkway P.O. Box 1346 Ann Arbor, Ml 48106-1346 THESIS ACCEPTANCE Acceptance for the faculty of the Graduate College, University of Nebraska, in Partial fulfillment of the requirements for the degree Master of Arts University of Nebraska Omaha Committee ----------- Uf.A [JL___ Chairperson. -
Will HTML 5 Restandardize the Web?
TECHNOLOGY NEWS Will HTML 5 Restandardize the Web? Steven J. Vaughan-Nichols The World Wide Web Consortium is developing HTML 5 as a stan- dard that provides Web users and developers with enhanced func- tionality without using the proprietary technologies that have become popular in recent years. n theory, the Web is a resource enhanced functionality without using “Microsoft is investing heavily in that is widely and uniformly proprietary technologies. the W3C HTML 5 effort, working with usable across platforms. As Indeed, pointed out Google our competitors and the Web commu- such, many of the Web’s researcher Ian Hickson, one of the nity at large. We want to implement key technologies and archi- W3C’s HTML 5 editors, “One of our ratified, thoroughly tested, and stable Itectural elements are open and goals is to move the Web away from standards that can help Web interop- platform-independent. proprietary technologies.” erability,” said Paul Cotton, cochair of However, some vendors have The as-yet-unapproved standard the W3C HTML Working Group and developed their own technologies takes HTML from simply describing Microsoft’s group manager for Web that provide more functionality than the basics of a text-based Web to creat- services standards and partners in Web standards—such as the ability to ing and presenting animations, audio, the company’s Interoperability Strat- build rich Internet applications. mathematical equations, typefaces, egy Team. Adobe System’s Flash, Apple’s and video, as well as providing offline At the same time though, Web QuickTime, and Microsoft’s Silverlight functionality. It also enables geoloca- companies say their proprietary tech- are examples of such proprietary tion, a rich text-editing model, and nologies are already up and running, formats.