Ext JS in Action, Second Edition

Total Page:16

File Type:pdf, Size:1020Kb

Ext JS in Action, Second Edition Covers EXT JS version 4.0 IN ACTION SECOND EDITION Jesus Garcia Grgur Grisogono Jacob K. Andresen MANNING Ext JS in Action, Second Edition Licensed to <[email protected]> Licensed to <[email protected]> Ext JS in Action, Second Edition JESUS GARCIA GRGUR GRISOGONO JACOB K. ANDRESEN MANNING SHELTER ISLAND Licensed to <[email protected]> For online information and ordering of this and other Manning books, please visit www.manning.com. The publisher offers discounts on this book when ordered in quantity. For more information, please contact Special Sales Department Manning Publications Co. 20 Baldwin Road PO Box 261 Shelter Island, NY 11964 Email: [email protected] ©2014 by Manning Publications Co. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by means electronic, mechanical, photocopying, or otherwise, without prior written permission of the publisher. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in the book, and Manning Publications was aware of a trademark claim, the designations have been printed in initial caps or all caps. Recognizing the importance of preserving what has been written, it is Manning’s policy to have the books we publish printed on acid-free paper, and we exert our best efforts to that end. Recognizing also our responsibility to conserve the resources of our planet, Manning books are printed on paper that is at least 15 percent recycled and processed without the use of elemental chlorine. Manning Publications Co. Development editors: Sebastian Stirling, Frank Pohlman 20 Baldwin Road Copyeditor: Tiffany Taylor PO Box 261 Proofreader: Melody Dolab Shelter Island, NY 11964 Typesetter: Dennis Dalinnik Cover designer: Marija Tudor ISBN: 9781617290329 Printed in the United States of America 12345678910–MAL–191817161514 Licensed to <[email protected]> brief contents PART 1INTRODUCTION TO EXT JS 4.0 ......................................1 1 ■ A framework apart 3 2 ■ DOM manipulation 28 3 ■ Components and containers 45 PART 2EXT JS COMPONENTS ..................................................65 4 ■ Core UI components 67 5 ■ Exploring layouts 91 6 ■ Forms in Ext JS 119 7 ■ The data store 147 8 ■ The grid panel 168 9 ■ Taking root with trees 196 10 ■ Drawing and charting 218 11 ■ Remote method invocation with Ext Direct 251 12 ■ Drag-and-drop 269 PART 3BUILDING AN APPLICATION........................................311 13 ■ Class system foundations 313 14 ■ Building an application 337 v Licensed to <[email protected]> Licensed to <[email protected]> contents preface xv acknowledgments xvi about this book xix about the cover illustration xxiii PART 1INTRODUCTION TO EXT JS 4.0...........................1 A framework apart 3 1 1.1 Looking at Ext JS 4 Rich API documentation 5 ■ Rapid development with prebuilt widgets 7 1.2 What you need to know 7 1.3 A tour of the Ext JS widgets 7 Containers and layouts at a glance 9 ■ Other containers in action 10 ■ Data-bound views 11 ■ Make like a tree panel and leaf 13 ■ Form input fields 14 Other widgets 16 1.4 What’s new in Ext JS 4.0 17 Poof goes the adapter layer! 17 ■ New class system 17 Data package 18 ■ Layouts: an explosion of code 19 New docking system 19 ■ Grid panel improvements 19 vii Licensed to <[email protected]> viii CONTENTS Tree panel now closer to grids 20 ■ Draw and charts 21 New CSS styling architecture 22 ■ New MVC architecture 22 Bundled packaging tool 22 1.5 Downloading and configuring 22 1.6 Take it for a test drive 24 1.7 Summary 26 DOM manipulation 28 2 2.1 Let Ext JS kick off your code 29 2.2 Managing DOM elements with Ext.Element 31 The heart of the framework 31 ■ Using Ext.Element for the first time 31 ■ Creating child nodes 33 Removing child nodes 35 ■ Using Ajax with Ext.Element 37 2.3 Using templates and XTemplates 38 Using templates 38 ■ Looping with XTemplates 41 Advanced XTemplate usage 42 2.4 Summary 44 Components and containers 45 3 3.1 The Component model 46 XTypes and ComponentManager 47 ■ Component rendering 49 3.2 The component life cycle 50 Initialization 51 ■ Render 53 ■ Destruction 56 3.3 Containers 57 Building a container with child items 57 Dealing with children 59 3.4 Querying for components 60 3.5 The viewport container 62 3.6 Summary 64 PART 2EXT JS COMPONENTS.......................................65 Core UI components 67 4 4.1 The panel 68 Building a complex panel 69 ■ Adding buttons and tools 71 Docking items to a panel 72 ■ Weight matters! 75 Licensed to <[email protected]> CONTENTS ix 4.2 Displaying window dialogs 77 Building a window 77 ■ Further window configuration 79 4.3 MessageBox 80 Alerting your users 81 ■ Advanced MessageBox techniques 82 Showing an animated wait message box 84 4.4 Components can live in tab panels too 85 Building your first tab panel 86 ■ Tab management methods you should know 89 4.5 Summary 89 Exploring layouts 91 5 5.1 How layout managers work 92 Component layouts 92 ■ Container layouts 92 5.2 The Auto layout 92 5.3 The Anchor layout 94 5.4 The Absolute layout 98 5.5 The Fit layout 99 5.6 The Accordion layout 100 5.7 The Card layout 102 5.8 The Column layout 105 5.9 The HBox and VBox layouts 107 5.10 The Table layout 110 5.11 The Border layout 113 5.12 Summary 117 Forms in Ext JS 119 6 6.1 Basic input fields 120 Input fields and validation 120 ■ Password and file-select fields 123 ■ Building a text area 123 The convenient number field 124 6.2 Type-ahead with the ComboBox 124 Building a local ComboBox 125 ■ Implementing a remote ComboBox 127 ■ The ComboBox deconstructed 130 Customizing your ComboBox 130 6.3 The time field 131 Licensed to <[email protected]> x CONTENTS 6.4 The HTML Editor 132 Constructing your first HTML Editor 132 Dealing with lack of validation 133 6.5 Selecting a date 133 6.6 Checkboxes and radio buttons 134 6.7 The form panel 136 Reviewing what you’re building 137 ■ Constructing the fieldsets 137 ■ Creating the tab panel 140 6.8 Data submission and loading 142 Submitting the good old way 142 ■ Submitting via Ajax 143 Loading data into your form 144 6.9 Summary 146 The data store 147 7 7.1 Introducing the data store 148 The supporting classes 148 ■ How data flows 149 All about data proxies 150 ■ Models and readers 152 7.2 Loading and saving data 153 Reading array data 153 ■ Reading JSON data 156 Reading XML data 158 7.3 A store with Writer 159 Validating your model data 161 ■ Syncing your data 163 7.4 Associating data 164 7.5 Summary 167 The grid panel 168 8 8.1 Introducing the grid panel 169 Looking under the hood 169 8.2 Building a simple grid panel 170 8.3 Advanced grid panel construction 172 What you’re building 172 ■ The required data store and model 173 ■ Setting up columns 174 Configuring your advanced grid panel 175 Configuring a container for your grid panel 176 Buffered paginated scrolling 178 ■ Applying event handlers for interaction 180 Licensed to <[email protected]> CONTENTS xi 8.4 Editing data in the grid panel 183 Enabling the editing plug-in 183 ■ Navigating your editable grid panel 188 8.5 Getting the CRUD in 189 Adding save and reject logic 189 ■ Saving or rejecting your changes 190 ■ Adding create and delete 190 Using create and delete 193 8.6 Summary 195 Taking root with trees 196 9 9.1 Tree panel theory 196 Tree panel keywords 197 ■ Looking under the roots 198 9.2 Planting your first tree panel 198 9.3 Growing dynamic tree panels 201 Creating a remote-loading panel 201 ■ Fertilizing the tree panel 203 9.4 Implementing CRUD on a tree panel 205 Displaying context menus 205 ■ Wiring up the edit logic 209 Tackling delete 213 ■ Creating nodes for your tree panel 215 9.5 Summary 217 Drawing and charting 218 10 10.1 Drawing shapes 219 10.2 Drawing concepts 219 10.3 Surfacing sprites 220 Drawing a sprite 221 ■ Managing positioning and sizing 222 Automatically sizing sprites 224 10.4 Sprite interactions 225 10.5 Mastering the path 228 10.6 A deep dive into charts 231 10.7 Implementing Cartesian charts 233 Configuring the axes 233 ■ Adding series 236 Improving visual aids 237 ■ Adding custom shapes 240 Multiple series on the same chart 242 10.8 Custom themes 244 10.9 Pie charts 248 10.10 Summary 250 Licensed to <[email protected]> xii CONTENTS Remote method invocation with Ext Direct 251 11 11.1 Making the two ends meet 252 11.2 Ext Direct vs. REST 252 11.3 Server-side setup 255 How it works 255 ■ Remote method configuration 255 Routing 256 11.4 Working with remote methods 257 Setting up the router 257 ■ Enabling Ext Direct 259 11.5 Directly invoking remote methods 262 11.6 CRUD-enabled Ext.data.DirectStore 265 11.7 Summary 268 Drag-and-drop 269 12 12.1 The drag-and-drop workflow 270 The drag-and-drop life cycle 270 ■ A top-down view of the drag-and-drop classes 271 ■ It’s all in the overrides! 274 Drag-and-drop always works in groups 275 12.2 Drag-and-drop: a basic example 275 Creating a small workspace 275 ■ Configuring items to be draggable 277 ■ Analyzing the Ext.dd.DD DOM changes 277 ■ Adding the pool and hot tub drop targets 279 12.3 Finishing your drag-and-drop implementation 280 Adding the drop invitation 281 ■ Adding a valid drop 283 Implementing an invalid drop 285 12.4 Using DDProxy 286 Implementing DDProxy and the drop invitation 286 12.5 Drag-and-drop with views 290 Constructing the views 290 ■ Adding drag gestures 294 Applying drop 297 12.6 Drag-and-drop with grid panels 301 Constructing the grid panels 301 12.7 Drag-and-drop with tree panels 304 Constructing the tree panels 305 ■ Enabling drag-and-drop
Recommended publications
  • Introduction to React.Js
    Introduction to React A workshop for COMP 523 Aaron Smith Monday, Feb. 10, 2020 What is React? • React is a JavaScript framework • Used for front end web development • Think of jQuery, but more structured • Created and used by Facebook • Famous for implementing a virtual dom Timeline of front-end JavaScript frameworks jQuery* AngularJS React Vue Angular (2006) (2010) (2013) (2014) (2014) * jQuery is more often considered a library than a framework Common tasks in front-end development App state Data definition, organization, and storage User actions Event handlers respond to user actions Templates Design and render HTML templates Routing Resolve URLs Data fetching Interact with server(s) through APIs and AJAX Fundamentals of React 1. JavaScript and HTML in the same file (JSX) 2. Embrace functional programming 3. Components everywhere JavaScript and HTML in the same file HTML CSS JS JSX CSS or JSS Traditional React approach approach JSX: the React programming language const first = "Aaron"; const last = "Smith"; const name = <span>{first} {last}</span>; const list = ( const listWithTitle = ( <ul> <> <li>Dr. David Stotts</li> <h1>COMP 523</h1> <li>{name}</li> <ul> </ul> <li>Dr. David Stotts</li> ); <li>{name}</li> </ul> </> ); “React is just JavaScript” Functional programming 1. Functions are “first class citizens” 2. Variables are immutable 3. Functions have no side effects Functional programming Functions are “first class citizens” let add = function() { console.log('Now adding numbers'); const five = 3 + 2; }; function foo() { return
    [Show full text]
  • Sencha Touch and Ext JS Developer Description
    Sencha Touch and Ext JS Developer Description: Health Outcomes Worldwide (HOW), a diverse and rapidly growing Canadian company seeks a motivated developer to work with an agile virtual team creating cutting-edge web and mobile applications for use by healthcare professionals. HOW provides solutions used by nurses in healthcare environments across Canada. The mobile application is a hybrid HTML5 (Sencha Touch)/Cordova solution designed for tablet devices (iOS and Android). Plans for a revamped browser-based solution (using ExtJS 5) are also in development. The selected developer will play an integral role in both mobile and desktop solution design and development using Sencha tools. The ideal candidate will have: • 4+ years of extensive experience with Sencha Ext JS framework and 2+ experience with Sencha Touch framework. • In-depth knowledge of javascript. • Experience building iOS, Android, Windows and Blackberry apps with PhoneGap/ Cordova platform. • Solid knowledge of HTML5, CSS3, EcmaScript 6 and their integration in a standards-based fashion with each other. • Proficiency with the DOM and asynchronous event programming model. • Experience with cross-platform (PC/Mac, desktop, laptop, tablet) and cross-browser (IE, Firefox, Chrome, Safari) development. • Experience with AJAX, JSON and RESTful web services. • Server-side development with ASP.NET WebForms, ASP.NET MVC and Node.js. • Database design and programming using MS SQL Server and SQLite. • Familiarity with Design Patterns, particularly Model-View-Controller (MVC). • Experience with mobile development and Touch interfaces. • Solid understanding and experience with Agile software development methodologies. Qualified, interested parties should submit a resume to [email protected].
    [Show full text]
  • 85324630.Pdf
    About NetTantra NetTantra is a creative technology and design company based out of India, US and UK. We provide web based solutions and mobile solutions to various industries like manufacturing, consulting, education. We have expertise in various sectors of the web including an array of server-side languages, OpenSource CMS/Blog frameworks, Linux/UNIX system administration, production server backup and recovery solutions, cloud infrastructure set-up and much more. Our expertise in providing WordPress based solutions has been acclaimed by many of our clients and the OpenSource community. We also provide cloud based solutions like migrating existing applications and building cloud applications for public or private cloud setups. We are known among our clients for on-time delivery and extraordinary quality of service. In mobile based solutions, we have expertise in developing native applications for iOS and Android platforms. We also develop cross-platform mobile applications using Sencha Touch and jQuery Mobile frameworks. 2 of 14 pages Why Hire Us ✔ Technology ◦ We have expertise in the most cutting edge tools and technologies used in the industry with special focus on OpenSource Technologies ◦ We pay special attention to web and network security for all projects ◦ Our team follows highly optimized project delivery life cycles and processes ✔ Cost ◦ We offer the best price to quality ratio ✔ Infrastructure ◦ Advanced workstations ◦ Cutting edge computing and network systems ◦ Power packed online servers ◦ Smart communications systems ◦ Conference halls, CBT and video learning facilities ◦ High-speed uninterrupted Internet connection ✔ Quality of Service ◦ Guaranteed client satisfaction ◦ Real-time customer support with the least turn-around in the industry ◦ Pre-sales technical and business related support to partners and agencies ✔ Ethics and Principles ◦ We ensure confidentiality in all our dealings.
    [Show full text]
  • ODOT Default Web Application Architecture
    The Ohio Department of Transportation (ODOT) Division of Information Technology ODOT Default Web Application Architecture Filename:ODOT Web Application Architecture.doc Version: 8.0 Author: Michael Jordan Last Modified: 11/16/2017 Project Site: Document Summary: Prepared by the ODOT Division of Information Technology (DoIT) [Document Header] Contents 1 Introduction ......................................................................................................................... 3 1.1 About This Document ..................................................................................................... 3 1.2 Document Location ......................................................................................................... 3 2 Architecture ......................................................................................................................... 4 2.1 A Layered Approach ....................................................................................................... 4 2.1.1 User Interface Layer ............................................................................................... 4 2.1.2 Domain Layer ......................................................................................................... 4 2.1.3 Service Layer .......................................................................................................... 5 3 Technologies ....................................................................................................................... 6 3.1 Microsoft .NET Platform.................................................................................................
    [Show full text]
  • Pragmatic Guide to Javascript
    www.allitebooks.com What Readers Are Saying About Pragmatic Guide to J a v a S c r i p t I wish I had o w n e d this book when I first started out doing JavaScript! Prag- matic Guide to J a v a S c r i p t will take you a big step ahead in programming real-world JavaScript by showing you what is going on behind the scenes in popular JavaScript libraries and giving you no-nonsense advice and back- ground information on how to do the right thing. W i t h the condensed years of e x p e r i e n c e of one of the best JavaScript developers around, it’s a must- read with great reference to e v e r y d a y JavaScript tasks. Thomas Fuchs Creator of the script.aculo.us framework An impressive collection of v e r y practical tips and tricks for getting the most out of JavaScript in today’s browsers, with topics ranging from fundamen- tals such as form v a l i d a t i o n and JSON handling to application e x a m p l e s such as mashups and geolocation. I highly recommend this book for anyone wanting to be more productive with JavaScript in their web applications. Dylan Schiemann CEO at SitePen, cofounder of the Dojo T o o l k i t There are a number of JavaScript books on the market today, b u t most of them tend to focus on the new or inexperienced JavaScript programmer.
    [Show full text]
  • THE FUTURE of SCREENS from James Stanton a Little Bit About Me
    THE FUTURE OF SCREENS From james stanton A little bit about me. Hi I am James (Mckenzie) Stanton Thinker / Designer / Engineer / Director / Executive / Artist / Human / Practitioner / Gardner / Builder / and much more... Born in Essex, United Kingdom and survived a few hair raising moments and learnt digital from the ground up. Ok enough of the pleasantries I have been working in the design field since 1999 from the Falmouth School of Art and onwards to the RCA, and many companies. Ok. less about me and more about what I have seen… Today we are going to cover - SCREENS CONCEPTS - DIGITAL TRANSFORMATION - WHY ASSETS LIBRARIES - CODE LIBRARIES - COST EFFECTIVE SOLUTION FOR IMPLEMENTATION I know, I know, I know. That's all good and well, but what does this all mean to a company like mine? We are about to see a massive change in consumer behavior so let's get ready. DIGITAL TRANSFORMATION AS A USP Getting this correct will change your company forever. DIGITAL TRANSFORMATION USP-01 Digital transformation (DT) – the use of technology to radically improve performance or reach of enterprises – is becoming a hot topic for companies across the globe. VERY DIGITAL CHANGING NOT VERY DIGITAL DIGITAL TRANSFORMATION USP-02 Companies face common pressures from customers, employees and competitors to begin or speed up their digital transformation. However they are transforming at different paces with different results. VERY DIGITAL CHANGING NOT VERY DIGITAL DIGITAL TRANSFORMATION USP-03 Successful digital transformation comes not from implementing new technologies but from transforming your organisation to take advantage of the possibilities that new technologies provide.
    [Show full text]
  • HCI Lessons Using AJAX for a Page-Turning Web Application
    CHI 2011 • Session: Reading & Writing May 7–12, 2011 • Vancouver, BC, Canada Bells, Whistles, and Alarms: HCI Lessons Using AJAX for a Page-turning Web Application Juliet L. Hardesty Abstract User Interface Design Specialist This case study describes creating a version of METS Digital Library Program Navigator, a page-turning web application for multi- Indiana University part digital objects, using an AJAX library with user Herman B Wells Library, W501 interface components. The design for this version 1320 E. 10th Street created problems for customized user interactions and Bloomington, IN 47405 USA accessibility problems for users, including those using [email protected] assistive technologies and mobile devices. A review of the literature considers AJAX, accessibility, and universal usability and possible steps to take moving forward to correct these problems in METS Navigator. Keywords AJAX, accessibility, universal usability ACM Classification Keywords H.5.2. Information interfaces and presentation: User interfaces - user-centered design, standardization. General Terms Design, human factors, standardization Copyright is held by the author/owner(s). CHI 2011, May 7–12, 2011, Vancouver, BC, Canada. Introduction ACM 978-1-4503-0268-5/11/05. AJAX (Asynchronous JavaScript and XML) is a widely used method for developing Web 2.0 applications 827 CHI 2011 • Session: Reading & Writing May 7–12, 2011 • Vancouver, BC, Canada (called Rich Internet Applications, or RIA’s), both to incorporate the Semantic Web into Web 2.0 enhance certain features
    [Show full text]
  • The Snap Framework: a Web Toolkit for Haskell
    The Functional Web The Snap Framework A Web Toolkit for Haskell Gregory Collins • Google Switzerland Doug Beardsley • Karamaan Group askell is an advanced functional pro- the same inputs, always produce the same out- gramming language. The product of more put. This property means that you almost always H than 20 years of research, it enables rapid decompose a Haskell program into smaller con- development of robust, concise, and fast soft- stituent parts that you can test independently. ware. Haskell supports integration with other Haskell’s ecosystem also includes many power- languages and has loads of built-in concurrency, ful testing and code-coverage tools. parallelism primitives, and rich libraries. With Haskell also comes out of the box with a set its state-of-the-art testing tools and an active of easy-to-use primitives for parallel and con- community, Haskell makes it easier to produce current programming and for performance pro- flexible, maintainable, high-quality software. filing and tuning. Applications built with GHC The most popular Haskell implementation is enjoy solid multicore performance and can han- the Glasgow Haskell Compiler (GHC), a high- dle hundreds of thousands of concurrent net- performance optimizing native-code compiler. work connections. We’ve been delighted to find Here, we look at Snap, a Web-development that Haskell really shines for Web programming. framework for Haskell. Snap combines many other Web-development environments’ best fea- What’s Snap? tures: writing Web code in an expressive high- Snap offers programmers a simple, expressive level language, a rapid development cycle, fast Web programming interface at roughly the same performance for native code, and easy deploy- level of abstraction as Java servlets.
    [Show full text]
  • “Web Development Using Python” 01 April 2021
    A Report on the Webinar “Web development using Python” 01 April 2021 Organized by ‘Anacron’, Students association of the Department of Computer Science and Engineering, Akshaya College of Engineering and Technology A webinar, “Web development using Python” was organized by the students’ association, ‘Anacron’ of the department of Computer Science and Engineering, on 1-4-21. A brief report of the same is given below. WELCOME ADDRESS: Welcome address was given by Dr. N. Rajkumar, HOD/CSE, ACET. INTRODUCTION OF CHIEF GUEST Ms. J. Rajichellam completed her UG degree B.E CSE in Madurai Institute of Engineering and Technology. She is having certificates of proficiency in C, C++, HTML5, CSS, Javascript, Jquery, etc.,. She is having more than 6 years of industrial experience and currently working as Technical trainer in Elysium Academy. CHIEF GUEST PRESENTATION: Ms. J. Rajichellam started her presentation with a brief note about the future for Web development using python and then explained about the career opportunities in Python. She also explained as to why students should be well versed in python. She also urged the students to have a goal for their career and for that they should envisage a plan. She opined that without a plan they can’t achieve success. She said, Web development is an umbrella term for conceptualizing, creating, deploying and operating web applications and application programming interfaces for the web. She basically gave explanation for three topics. 1. Why is web development important? The web has grown a mindboggling amount in the number of sites, users and implementation capabilities since the first website went live in 1989.
    [Show full text]
  • University of Southampton Research Repository Eprints Soton
    University of Southampton Research Repository ePrints Soton Copyright © and Moral Rights for this thesis are retained by the author and/or other copyright owners. A copy can be downloaded for personal non-commercial research or study, without prior permission or charge. This thesis cannot be reproduced or quoted extensively from without first obtaining permission in writing from the copyright holder/s. The content must not be changed in any way or sold commercially in any format or medium without the formal permission of the copyright holders. When referring to this work, full bibliographic details including the author, title, awarding institution and date of the thesis must be given e.g. AUTHOR (year of submission) "Full thesis title", University of Southampton, name of the University School or Department, PhD Thesis, pagination http://eprints.soton.ac.uk UNIVERSITY OF SOUTHAMPTON FACULTY OF NATURAL AND ENVIRONMENTAL SCIENCES Chemistry Facilitating Chemical Discovery: An e-Science Approach by Andrew J. Milsted Thesis for the degree of Doctor of Philosophy February 2015 UNIVERSITY OF SOUTHAMPTON ABSTRACT FACULTY OF NATURAL AND ENVIRONMENTAL SCIENCES Chemistry Doctor of Philosophy FACILITATING CHEMICAL DISCOVERY: AN E-SCIENCE APPROACH by Andrew J. Milsted e-Science technologies and tools have been applied to the facilitating of the accumulation, validation, analysis, computation, correlation and dissemination of chemical information and its transformation into accepted chemical knowledge. In this work a number of approaches have been investigated to address the different issues with recording and preserving the scientific record, mainly the laboratory notebook. The electronic laboratory notebook (ELN) has the potential to replace the paper note- book with a marked-up digital record that can be searched and shared.
    [Show full text]
  • Analysing the Use of Outdated Javascript Libraries on the Web
    Updated in September 2017: Require valid versions for library detection throughout the paper. The vulnerability analysis already did so and remains identical. Modifications in Tables I, III and IV; Figures 4 and 7; Sections III-B, IV-B, IV-C, IV-F and IV-H. Additionally, highlight Ember’s security practices in Section V. Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web Tobias Lauinger, Abdelberi Chaabane, Sajjad Arshad, William Robertson, Christo Wilson and Engin Kirda Northeastern University {toby, 3abdou, arshad, wkr, cbw, ek}@ccs.neu.edu Abstract—Web developers routinely rely on third-party Java- scripts or HTML into vulnerable websites via a crafted tag. As Script libraries such as jQuery to enhance the functionality of a result, it is of the utmost importance for websites to manage their sites. However, if not properly maintained, such dependen- library dependencies and, in particular, to update vulnerable cies can create attack vectors allowing a site to be compromised. libraries in a timely fashion. In this paper, we conduct the first comprehensive study of To date, security research has addressed a wide range of client-side JavaScript library usage and the resulting security client-side security issues in websites, including validation [30] implications across the Web. Using data from over 133 k websites, we show that 37 % of them include at least one library with a and XSS ([17], [36]), cross-site request forgery [4], and session known vulnerability; the time lag behind the newest release of fixation [34]. However, the use of vulnerable JavaScript libraries a library is measured in the order of years.
    [Show full text]
  • Cross-Platform Mobile Application for the Cothority
    Cross-Platform Mobile Application for the Cothority Vincent Petri & Cedric Maire School of Computer and Communication Sciences Decentralized and Distributed Systems Lab Semester Project January 2018 Responsible Supervisor Prof. Bryan Ford Linus Gasser EPFL / DeDiS EPFL / DeDiS 2 Acknowledgements We would like to express our special thanks to Linus Gasser who gave us the opportunity to do this very interesting project related to the collec- tive authority (Cothority) framework developed by the DeDiS laboratory at EPFL. We would like to thank him for the valuable help he gave us whenever we needed and for the knowledge he provided to us throughout the semester. Secondly, we would also like to thank our parents and friends who helped us through the hard times of finalising the project within the limited time frame. 3 1 Abstract The Cothority2 framework has been developed and maintained by the DeDiS laboratory at EPFL. This project provides a framework for develop- ing, analysing, and deploying decentralised and distributed cryptographic protocols. A set of servers that runs these protocols and communicates among each other is referred to as a collective authority, or cothority, and the individual servers are called cothority servers or conodes. A cothority that executes decentralised protocols could be used for collective signing, threshold signing, or the generation of public-randomness, to name only a few options. The highest level of abstraction can be created by protocols like the collective signature (CoSi) protocol, the random numbers (Rand- Hound) protocol, or the communication (Messaging) protocol used by the conodes to exchange data. Then come the services, which rely on these pro- tocols.
    [Show full text]