DOCSLIB.ORG

Pro Javascript Techniques, Second Edition

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

BOOKS FOR PROFESSIONALS BY PROFESSIONALS® Resig Ferguson Paxton RELATED Pro JavaScript Techniques Pro JavaScript Techniques is the ultimate JavaScript book for today’s web developer. It provides everything you need to know about modern JavaScript, and teaches you what JavaScript can do for your web sites. This book doesn’t waste any time looking at things you already know, but instead concentrates on fundamental, vital topics—what modern JavaScripting is (and isn’t), and pitfalls to be wary of. You will learn about the ‘this’ keyword, as well as new object tools. You will be able to create reusable code with encapsulation, overloading and inheritance. The most recent techniques for debugging and testing are covered comprehensively, with information on Chrome developer tools, Jasmine, PhantomJS and Protractor. This update finishes with chapters on constructing single-page web applications that dominate the modern web. The book is filled with real-world examples and case studies, as well as numerous reusable functions and classes to save you time in your development. You will learn the practical skills needed to build professional, dynamic web applications. Pro JavaScript Techniques is an indispensable reference for any professional JavaScript web developer—enhance your JavaScript development today. Shelve in: ISBN 978-1-4302-6391-3 53999 Web Development/JavaScript User level: Intermediate–Advanced SOURCE CODE ONLINE 9781430 263913 SECOND EDITION www.apress.com www.allitebooks.com For your convenience Apress has placed some of the front matter material after the index. Please use the Bookmarks and Contents at a Glance links to access them. www.allitebooks.com Contents at a Glance About the Authors .................................................................................................. xiii About the Technical Reviewers ...............................................................................xv Acknowledgments .................................................................................................xvii ■ Chapter 1: Professional JavaScript Techniques .................................................... 1 ■ Chapter 2: Features, Functions, and Objects ......................................................... 7 ■ Chapter 3: Creating Reusable Code ..................................................................... 23 ■ Chapter 4: Debugging JavaScript Code ............................................................... 39 ■ Chapter 5: The Document Object Model .............................................................. 49 ■ Chapter 6: Events ................................................................................................ 73 ■ Chapter 7: JavaScript and Form Validation ......................................................... 95 ■ Chapter 8: Introduction to Ajax ......................................................................... 107 ■ Chapter 9: Web Production Tools ....................................................................... 117 ■ Chapter 10: AngularJS and Testing ................................................................... 125 ■ Chapter 11: The Future of JavaScript ................................................................ 141 ■ Appendix A: DOM Reference .............................................................................. 161 Index ..................................................................................................................... 177 v www.allitebooks.com CHAPTER 1 Professional JavaScript Techniques Welcome to Pro JavaScript Techniques. This book provides an overview of the current state of JavaScript, particularly as it applies to the professional programmer. Who is the professional programmer? Someone who has a firm grasp of the basics of JavaScript (and probably several other languages). You are interested in the breadth and depth of JavaScript. You want to look at the typical features like the Document Object Model (DOM), but also learn about what’s going on with all this talk of Model-View-Controller (MVC) on the client side. Updated APIs, new features and functionality, and creative applications of code are what you are looking for here. This is the second edition of this book. Much has changed since the first edition came out in 2006. At that time, JavaScript was going through a somewhat painful transition from being a toy scripting language to being a language that was useful and effective for several different tasks. It was, if you will, JavaScript’s adolescence. Now, JavaScript is at the end of another transition: to continue the metaphor, from adolescence to adulthood. JavaScript usage is nearly ubiquitous, with anywhere from 85 to 95 percent of websites, depending on whose statistics you believe, having some JavaScript on their main page. Many people speak of JavaScript as the most popular programming language in the world (in the number of people who use it on a regular basis). But more important than mere usage are effectiveness and capability. JavaScript has transitioned from a toy language (image rollovers! status bar text manipulations!) to an effective, if limited tool (think of client-side form validation), to its current position as a broad-featured programming language no longer limited to mere browsers. Programmers are writing JavaScript tools that provide MVC functionality, which was long the domain of the server, as well as complex data visualizations, template libraries, and more. The list goes on and on. Where in the past, designers would have relied on a .NET or Java Swing client to provide a full-featured, rich interface to server-side data, we can now realize that application in JavaScript with a browser. And, using Node.js, we have JavaScript’s own version of a virtual machine, an executable that can run any number of different applications, all written in JavaScript and none requiring a browser. This chapter will describe how we got here and where we are going. It will look at the various improvements in browser technology (and popularity) that have abetted the JavaScript Revolution. The state of JavaScript itself needs inspection, as we want to know where we are before we look at where we are going. Then, as we examine the chapters to come, you will see what the professional JavaScript programmer needs to know to live up to his or her title. How Did We Get Here? As of the first edition of the book, Google Chrome and Mozilla Firefox were relatively new kids on the block. Internet Explorer 6 and 7 ruled the roost, with version 8 gaining some popularity. Several factors combined to jump-start JavaScript development. For most of its life, JavaScript was dependent upon the browser. The browser is the runtime environment for JavaScript, and a programmer’s access to JavaScript functionality was highly dependent 1 www.allitebooks.com CHAPTER 1 ■ PROFESSIONAL JAVASCRIPT TECHNIQUES upon the make, model, and version of browser visiting said programmer’s website. By the mid-2000s, the browser wars of the 90s had been easily won by Internet Explorer, and browser development stagnated. Two browsers challenged this state of affairs: Mozilla Firefox and Google Chrome. Firefox was the descendant of Netscape, one of the earliest web browsers. Chrome had Google’s backing, more than enough to make it an instant player on the scene. But both of these browsers made a few design decisions that facilitated the JavaScript revolution. The first decision was to support the World Wide Web consortium’s implementation of various standards. Whether dealing with the DOM, event handling, or Ajax, Chrome and Firefox generally followed the spec and implemented it as well as possible. For programmers, this meant that we didn’t have to write separate code for Firefox and Chrome. We were already used to writing separate code for IE and something else, so having branching code in itself was not new. But making sure that the branching was not overly complex was a welcome relief. Speaking of standards, Firefox and Chrome also put in a lot of work with the European Computer Manufacturer’s Association (ECMA, now styled Ecma). Ecma is the standards body that oversees JavaScript. (To be technical, Ecma oversees the ECMAScript standard, since JavaScript is a trademark of Oracle and… well, we don’t really care about those details, do we? We will use JavaScript to refer to the language and ECMAScript to refer to the specification to which a JavaScript implementation adheres.) ECMAScript standards had languished in much the same way as IE development. With the rise of real browser competition, the ECMAScript standard was taken up again. ECMAScript version 5 (2009) codified many of the changes that had been made in the ten years (!) since the previous version of the standard. The group itself was also energized, with version 5.1 coming out in 2011. The future is provided for, with significant work currently being done on both versions 6 and 7 of the standard. To give credit where credit is due, Chrome pushed the updating of JavaScript as well. The Chrome JavaScript engine, called V8, was a very important part of Chrome’s debut in 2008. The Chrome team built an engine that was much faster than most JavaScript engines, and it has kept that goal at the top of the list for subsequent versions. In fact, the V8 engine was so impressive that it became the core of Node.js, a browser-independent JavaScript interpreter. Originally intended as a server that would use JavaScript as its main application language, Node has become a flexible platform for running
Recommended publications
  • Automated Testing Clinic Follow-Up: Capybara-Webkit Vs. Poltergeist/Phantomjs | Engineering in Focus

    Automated Testing Clinic Follow-Up: Capybara-Webkit Vs. Poltergeist/Phantomjs | Engineering in Focus

    Automated Testing Clinic follow-up: capybara-webkit vs. polter... https://behindthefandoor.wordpress.com/2014/03/02/automated-... Engineering in Focus the Fandor engineering blog Automated Testing Clinic follow-up: capybara-webkit vs. poltergeist/PhantomJS with 2 comments In my presentation at the February Automated Testing SF meetup I (Dave Schweisguth) noted some problems with Fandor’s testing setup and that we were working to fix them. Here’s an update on our progress. The root cause of several of our problems was that some of the almost 100 @javascript scenarios in our Cucumber test suite weren’t running reliably. They failed occasionally regardless of environment, they failed more on slower CPUs (e.g. MacBook Pros only a couple of years old), when they failed they sometimes hung forever, and when we killed them they left behind webkit-server processes (we were using the capybara-webkit driver) which, if not cleaned up, would poison subsequent runs. Although we’ve gotten pretty good at fixing flaky Cucumber scenarios, we’d been stumped on this little handful. We gave up, tagged them @non_ci and excluded them from our build. But they were important scenarios, so we had to run them manually before deploying. (We weren’t going to just not run them: some of those scenarios tested our subscription process, and we would be fools to deploy a build that for all we knew wouldn’t allow new users to subscribe to Fandor!) That made our release process slower and more error-prone. It occurred to me that I could patch the patch and change our deployment process to require that the @non_ci scenarios had been run (by adding a git tag when those scenarios were run and checking for it when deploying), but before I could put that in to play a new problem appeared.
  • Automated Testing of Your Corporate Website from Multiple Countries with Selenium Contents

    Automated Testing of Your Corporate Website from Multiple Countries with Selenium Contents

    presents Automated Testing of Your Corporate Website from Multiple Countries with Selenium Contents 1. Summary 2. Introduction 3. The Challenges 4. Components of a Solution 5. Steps 6. Working Demo 7. Conclusion 8. Questions & Answers Summary Because of the complexities involved in testing large corporate websites and ecommerce stores from multiple countries, test automation is a must for every web and ecommerce team. Selenium is the most popular, straightforward, and reliable test automation framework with the largest developer community on the market. This white paper details how Selenium can be integrated with a worldwide proxy network to verify website availability, performance, and correctness on a continuous basis. Introduction Modern enterprise web development teams face a number of challenges when they must support access to their website from multiple countries. These challenges include verifying availability, verifying performance, and verifying content correctness on a daily basis. Website content is presented in different languages, website visitors use different browsers and operating systems, and ecommerce carts must comprehend different products and currencies. Because of these complexities involved, instituting automated tests via a test automation framework is the only feasible method of verifying all of these aspects in a repeatable and regular fashion. Why automate tests? Every company tests its products before releasing them to their customers. This process usually involves hiring quality assurance engineers and assigning them to test the product manually before any release. Manual testing is a long process that requires time, attention, and resources in order to validate the products’ quality. The more complex the product is, the more important, complex, and time- consuming the quality assurance process is, and therefore the higher the demand for significant resources.
  • Expanding the Power of Csound with Integrated Html and Javascript

    Expanding the Power of Csound with Integrated Html and Javascript

    Michael Gogins. Expanding the Power of Csound with Intergrated HTML and JavaScript EXPANDING THE POWER OF CSOUND WITH INTEGRATED HTML AND JAVA SCRIPT Michael Gogins [email protected] https://michaelgogins.tumblr.com http://michaelgogins.tumblr.com/ This paper presents recent developments integrating Csound [1] with HTML [2] and JavaScript [3, 4]. For those new to Csound, it is a “MUSIC N” style, user- programmable software sound synthesizer, one of the first yet still being extended, written mostly in the C language. No synthesizer is more powerful. Csound can now run in an interactive Web page, using all the capabilities of current Web browsers: custom widgets, 2- and 3-dimensional animated and interactive graphics canvases, video, data storage, WebSockets, Web Audio, mathematics typesetting, etc. See the whole list at HTML5 TEST [5]. Above all, the JavaScript programming language can be used to control Csound, extend its capabilities, generate scores, and more. JavaScript is the “glue” that binds together the components and capabilities of HTML5. JavaScript is a full-featured, dynamically typed language that supports functional programming and prototype-based object- oriented programming. In most browsers, the JavaScript virtual machine includes a just- in-time compiler that runs about 4 times slower than compiled C, very fast for a dynamic language. JavaScript has limitations. It is single-threaded, and in standard browsers, is not permitted to access the local file system outside the browser's sandbox. But most musical applications can use an embedded browser, which bypasses the sandbox and accesses the local file system. HTML Environments for Csound There are two approaches to integrating Csound with HTML and JavaScript.
  • Casperjs Documentation Release 1.1.0-DEV

    Casperjs Documentation Release 1.1.0-DEV

    CasperJs Documentation Release 1.1.0-DEV Nicolas Perriault Sep 13, 2018 Contents 1 Installation 3 1.1 Prerequisites...............................................3 1.2 Installing from Homebrew (OSX)....................................4 1.3 Installing from npm...........................................4 1.4 Installing from git............................................4 1.5 Installing from an archive........................................5 1.6 CasperJS on Windows..........................................5 1.7 Known Bugs & Limitations.......................................6 2 Quickstart 7 2.1 A minimal scraping script........................................7 2.2 Now let’s scrape Google!........................................8 2.3 CoffeeScript version...........................................9 2.4 A minimal testing script......................................... 10 3 Using the command line 11 3.1 casperjs native options.......................................... 12 3.2 Raw parameter values.......................................... 13 4 Selectors 15 4.1 CSS3................................................... 15 4.2 XPath................................................... 16 5 Testing 17 5.1 Unit testing................................................ 17 5.2 Browser tests............................................... 18 5.3 Setting Casper options in the test environment............................. 19 5.4 Advanced techniques........................................... 20 5.5 Test command args and options....................................
  • Research-Based Comparison of Top20 Javascript Frameworks & Libraries Picked by Remote Developers in 2020

    Research-Based Comparison of Top20 Javascript Frameworks & Libraries Picked by Remote Developers in 2020

    Research-Based Comparison of Top20 JavaScript Frameworks & Libraries Picked by Remote Developers in 2020 Original # of Websites # of Devs Used Top 3 Countries with # of # of Ranking on # of Open Average JS Frameworks/ # of Stars Average Dev Type Founded by Release Ideal for Size Powered by a It (2019, the Highest % of Contributors Forks on Stack Overflow Vacancies on Hourly Rate Learnability Libraries on GitHub Salary (USA) Year Framework Worldwide) Usage on GitHub GitHb (2019) LinkedIn (USA) US React JavaScript library Facebook 2011 UI 133KB 380,164 71.7% Russia 146,000 1,373 28,300 1 130,300 $91,000.00 $35.19 Moderate Germany US Single-page apps and dynamic web Angular Front-end framework Google 2016 566KB 706,489 21.9% UK 59,000 1,104 16,300 2 94,282 $84,000.00 $39.14 Moderate apps Brazil US Vue.js Front-end framework Evan You 2014 UI and single-page applications 58.8KB 241,б615 40.5% Russia 161,000 291 24,300 5 27,395 $116,562.00 $42.08 Easy Germany US Ember.js Front-end framework Yehuda Katz 2011 Scalable single-page web apps 435KB 20,985 3.6% Germany 21,400 782 4,200 8 3,533 $105,315.00 $51.00 Difficult UK US Scalable web, mobile and desktop Meteor App platform Meteor Software 2012 4.2MB 8,674 4% Germany 41,700 426 5,100 7 256 $96,687.00 $27.92 Moderate apps France US JavaScript runtime Network programs, such as Web Node.js Ryan Dahl 2009 141KB 1,610,630 49.9% UK 69,000 2,676 16,600 not included 52,919 $104,964.00 $33.78 Moderate (server) environment servers Germany US Polymer JS library Google 2015 Web apps using web components
  • Readme for 3Rd Party Software FIN Framework

    Readme for 3Rd Party Software FIN Framework

    Smart Infrastructure Note to Resellers: Please pass on this document to your customer to avoid license breach and copyright infringements. Third-Party Software Information for FIN Framework 5.0.7 J2 Innovations Inc. is a Siemens company and is referenced herein as SIEMENS. This product, solution or service ("Product") contains third-party software components listed in this document. These components are Open Source Software licensed under a license approved by the Open Source Initiative (www.opensource.org) or similar licenses as determined by SIEMENS ("OSS") and/or commercial or freeware software components. With respect to the OSS components, the applicable OSS license conditions prevail over any other terms and conditions covering the Product. The OSS portions of this Product are provided royalty-free and can be used at no charge. If SIEMENS has combined or linked certain components of the Product with/to OSS components licensed under the GNU LGPL version 2 or later as per the definition of the applicable license, and if use of the corresponding object file is not unrestricted ("LGPL Licensed Module", whereas the LGPL Licensed Module and the components that the LGPL Licensed Module is combined with or linked to is the "Combined Product"), the following additional rights apply, if the relevant LGPL license criteria are met: (i) you are entitled to modify the Combined Product for your own use, including but not limited to the right to modify the Combined Product to relink modified versions of the LGPL Licensed Module, and (ii) you may reverse-engineer the Combined Product, but only to debug your modifications.
  • API Measurement

    API Measurement

    Serving Two Masters An Empirical Study of Browser API Cooptation Pete Snyder, Chris Kanich University of Illinois at Chicago Less More Features Features Less More Features Features Managed Pointer Memory Arithmetic Outline • Browser Complexity is Increasing • Complexity is Often Not Useful • Complexity is Harmful to Privacy • Is Complexity is Harmful to Security? 1. Browser Complexity is Growing 1993: Mosaic 1995: Netscape 2.0 1996: CSS 1998: DOM1 1999: AJAX / XMLHttpRequest Observations • API growth started off very slow • API growth was “document” centric • “Broad” APIs API Growth 2013 2014 2015 • CSSOM View Module • Calendar API • Encrypted Media Extensions • Web Audio API • Messaging API • Web MIDI • Proximity Events • RDF Extensions • Service Workers • Crypto Extensions • Progress events • Performance API • • Touch Events Network Info API • Raw Socket API • GeoLocation API • Ambient Light API • WebDriver API • Pointer API • HTML 5 • SVG 2 API • CSS Animations • WebCrypto API • WebRTC 2. Is This Complexity Useful? Determining API “Usefulness” • Measure how often APIs are called • Decide whether those calls are “useful" • Simulate real world web browsing Measuring API Calls • Selected 45 APIs and features • Instrumented PhantomJS / WebKit • Implemented missing APIs “Usefulness” Oracle • Subjective measure • Ghostery and AdBlock+ filter rules • Measure API usage pre-and-post filters Simulated Browsing • Alexa 10,000 • 10,000 random URLs • 10,000 random Hosts • “Random” sites taken from searching UNIX dictionary tri-grams on DDG AJAX DOM 1 + 2 APIs Rare APIs API Name URLs Battery API 21 Page Transition API 9 GeoLocation API 55 Shadow DOM 5 Non-used APIs • IndexDB • SVG API • WebGL • Vibration API • WebRTC • WebAudio API • Browser Name API • WebWorker API • Gamepad API GeoLocation API Touch Events API 3.
  • Angular Vs React.Js Vs Vue.Js

    Angular Vs React.Js Vs Vue.Js

    EVERYTHING YOU NEED TO KNOW TO MAKE AN EDUCATED DECISION ABOUT YOUR TECHNOLOGY STACK ANGULAR VS REACT.JS VS VUE.JS + Our evaluation of UI Frameworks, Tools & Technologies 2019 3 What’s inside? 1 Preface 3 2 Angular, ReactJS & Vue JS - Comparison 4 3 Angular, ReactJS & Vue JS - Pros & Cons 6 4 Angular, ReactJS & Vue JS - Conclusion 11 5 UI Technoverse 13 a.Frameworks 15 b.Technologies 19 c.Tools 22 2 Are you a front-end superstar, excited to build feature-rich beautiful UI? Join Us 3 STATE OF FRONTEND TECHSTACKS 2019 PREFACE Preface he only constant in the web frontend development landscape is that it is in constant flux year after year. So, it becomes paramount to reevaluate the tools, frameworks, Tlibraries and practices after every few quarters. As of this writing most of the web frontend development happens in either Angular, ReactJS or VueJS. Compared to our previous evaluation in 2018 which only had Angular and ReactJS as major players, now, we also have VueJS with significant traction. As always a direct comparison between Angular, ReactJS and VueJS alone will not be sufficient. So, it will not be an individual comparison but a comparison of their respective ecosystems on the whole. 3 Are you a front-end superstar, excited to build feature-rich beautiful UI? Join Us Angular, React.JS & Vue.JS - Comparison In this section, we compare all three frameworks using a plethora of parameters to highlight how they fare against 2each other. STATE OF FRONTEND TECHSTACKS 2019 COMPARISON Angular ReactJS VueJS Type JavaScript Framework JavaScript Library JavaScript Library Web development and Web development and Web development and Hybrid mobile app Native mobile app Hybrid mobile app Used for development (Ionic) development (React development Native) (Onsen UI) Maintained by Google & Community Facebook & Community Community TypeScript Javascript (Also Javascript (Also Coded in supports Typescript) supports Typescript) Steep learning curve Easier Easiest among the three Ease of Learning since it is an end to end framework.
  • Secrets of the Javascript Ninja

    Secrets of the Javascript Ninja

    Secrets of the JavaScript Ninja JOHN RESIG BEAR BIBEAULT MANNING SHELTER ISLAND For online information and ordering of this and other Manning books, please visit www.manning.com. The publisher offers discounts on this book when ordered in quantity. For more information, please contact Special Sales Department Manning Publications Co. 20 Baldwin Road PO Box 261 Shelter Island, NY 11964 Email: [email protected] ©2013 by Manning Publications Co. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by means electronic, mechanical, photocopying, or otherwise, without prior written permission of the publisher. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in the book, and Manning Publications was aware of a trademark claim, the designations have been printed in initial caps or all caps. Recognizing the importance of preserving what has been written, it is Manning’s policy to have the books we publish printed on acid-free paper, and we exert our best efforts to that end. Recognizing also our responsibility to conserve the resources of our planet, Manning books are printed on paper that is at least 15 percent recycled and processed without the use of elemental chlorine. Manning Publications Co. Development editors: Jeff Bleiel, Sebastian Stirling 20 Baldwin Road Technical editor: Valentin Crettaz PO Box 261 Copyeditor: Andy Carroll Shelter Island, NY 11964 Proofreader: Melody Dolab Typesetter: Dennis Dalinnik Cover designer: Leslie Haimes ISBN: 978-1-933988-69-6 Printed in the United States of America 1 2 3 4 5 6 7 8 9 10 – MAL – 18 17 16 15 14 13 12 brief contents PART 1 PREPARING FOR TRAINING.
  • John Resig About Me

    John Resig About Me

    Coder Day of Service John Resig About Me • Lots of Open Source work • jQuery, Processing.js, other projects! • Worked at Mozilla (Non-profit, Open Source) • Working at Khan Academy (Non-profit, free content, some Open Source) jQuery Beginnings • Library for making JavaScript easier to write. • Created it in 2005 • While I was in college! • I hated cross-browser inconsistencies • Also really dis-liked the DOM jQuery’s Growth • Released in 2006 • Slowly grew for many years • Started to explode in 2009 • Drupal, Microsoft, Wordpress, Adobe all use jQuery • Currently used by 70% of the top 10,000 web sites on the web. Full-time • From 2009 to 2011 got funding from Mozilla (my employer) • Worked on jQuery full-time! • Built up the jQuery Foundation (non-profit) Letting Go • Decided to step down to focus on building applications • Moved to Khan Academy! • jQuery Foundation runs everything now • They do a really good job :) Open Source/Open Data Tips Don’t be try to be perfect. Non-code things are just as important as code. Your community will mimic you. Benefits of Open Source/Open Data You use Open Source, why not give back? People will do projects you don’t have time for. You’ll attract interesting developers. ...which can lead to hiring good developers! Khan Academy Stats • 3 million problems practiced per day • 300 million lessons delivered • 100,000 educators around the world • 10 million students per month Khan API • Access to all data and user info • (with proper authentication) • You can access: • Videos + video data • All nicely organized • Exercise data • Student logs Data Analysis iPhone Application Exercises Exercises Exercise Racer Museums and Libraries Museums and Libraries • Cultural institutions • (Typically) Free for all • (Typically) Non-profits • They can use our help! Ukiyo-e.org Helping Public Institutions • Brooklyn Museum • New York Public Library • Digital Public Library of America • ...and many more! • All have public, free, open, APIs!.
  • System for Detection of Websites with Phishing and Other Malicious Content

    System for Detection of Websites with Phishing and Other Malicious Content

    Masaryk University Faculty of Informatics System for detection of websites with phishing and other malicious content BachelorŠs Thesis Tomáš Ševčovič Brno, Fall 2017 Declaration Hereby I declare that this paper is my original authorial work, which I have worked out on my own. All sources, references, and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Tomáš Ševčovič Advisor: prof. RNDr. Václav Matyáš, M.Sc., Ph.D. i Acknowledgement I would like to thank prof. RNDr. Václav Matyáš, M.Sc., Ph.D. for the management of the bachelor thesis, valuable advice and comments. I would also like to thank the consultant from CYAN Research & Development s.r.o., Ing. Dominik Malčík, for useful advice, dedicated time and patience in consultations and application development. Also, I would like to thank my family and friends for their support throughout my studies and work on this thesis. ii Abstract The main goal of this bachelor thesis is to create a system for detection of websites with phishing and other malicious content with respect to Javascript interpretation. The program should be able to download and process thousands of domains and get positive results. The Ąrst step involves examining an overview of automated web testing tools to Ąnd an optimal tool which will be used in the main implementation. The thesis contains overview of technologies for website testing, their comparison, overview of malware methods on websites, implementation and evaluation of the system. iii Keywords Chrome, Javascript, link manipulation, malware, phishing, URL redi- rects, XSS, Yara iv Contents 1 Introduction 1 2 Overview of approaches to website testing 3 2.1 Manual testing .......................
  • Flare-On 3: Challenge 10 Solution - FLAVA

    Flare-On 3: Challenge 10 Solution - FLAVA

    Flare-On 3: Challenge 10 Solution - FLAVA Challenge Authors: FireEye Labs Advanced Vulnerability Analysis Team (FLAVA) Intro The first part of FLAVA challenge is a JavaScript puzzle based on the notorious Angler Exploit Kit (EK) attacks in 2015 and early 2016. All classic techniques leveraged by Angler, along with some other intriguing tricks utilized by certain APT threat actors, are bundled into this challenge. While Angler EK’s activities have quieted down since the takedown of a Russian group “Lurk” in mid 2016, its advanced anti-analysis and anti-detection techniques are still nuggets of wisdom that we think are worth sharing with the community for future reference. Walkthrough Compromising or malvertising on legitimate websites are the most common ways that exploit kits redirect victims to their landing pages. Exploit kits can redirect traffic multiple times before serving the victim the landing page. Once on the landing page, the exploit kit profiles the victim’s environment, and may choose to serve an exploit that affects it. In the case of this challenge, the landing page is only one redirect away from the compromised site (hxxp://10.11.106.81: 18089/flareon_found_in_milpitas.html). Often, Angler’s (and many other EKs’) landing page request has a peculiar, and thus fishy, URL after some seemingly legit HTTP transactions. Layer-0 Walkthrough The landing page may initially seem daunting, and that’s exactly the purpose of obfuscation. But it’s still code, regardless of the forms it may take. After all, it’s supposed to carry out the attack without any user interaction. It’s strongly advised to rewrite the code with meaningful names during analysis, just as one would in IDA when analyzing binaries.