DOCSLIB.ORG

Structuring Modern Web Applications

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Structuring Modern Web Applications Structuring modern web applications A study of how to structure web clients to achieve modular, maintainable and long lived applications TIM JOHAN MALMSTRÖM [email protected] Master’s Thesis at NADA Supervisor: Olov Engwall Examiner: Olle Bälter February 2, 2014 Abstract This degree project, conducted at Decerno AB, investigates what can be done to create client side web applications that are maintainable for a long time. The focus is on basing the application on an existing frame- work which both simplifies the development process and helps keeping the application well structured. Which framework is currently the best is evaluated using a compar- ison between the currently most popular frameworks. The comparison is done using a set of categories that is defined through discussion with experienced web developers at the principal company for the project: Decerno AB. The alternatives considered the most relevant from the discussion are also implemented and tested for further results to show which framework is the best suited for the solution in the project. The best solution is a structure that is based on the structure used in Angular JS which is a JavaScript framework developed by Google Inc. The reason to why this framework is the most relevant is its huge community support and that it encourages developers to keep their code well structured. In the solution a set of rules are defined that limit the uses of the framework and at the same time defining a structure that achieves the goal of the project: to create applications that are easy to maintain and long lived. Referat Strukturera moderna web-klienter för att få hållbara och långlivade applikationer Detta examensarbete, utfört på Decerno AB, ämnar att undersöka vad man kan göra för att skapa klientbaserade webapplikationer som går att driva och underhålla under en längre tid. Fokus i arbetet är att basera applikationen på ett existerande ramverk, vilket både underlättar utvecklingsprocessen och hjälper till med att hålla applikationen väl strukturerad. Vilket ramverk som är det bästa utvärderas genom en jämförelse av olika ramverk som är mest diskuterade i dagens webutveckling. Jämfö- relsen görs inom en grupp kategorier som definierats genom diskussion med erfarna webutvecklare på uppdragsgivaren för projektet: Decerno AB. Ramverken som anses vara mest relevanta från jämförelsen imple- menteras även och testas för att få ytterligare resultat att väga in i diskussionen om vilket ramverk som bör användas i lösningen till pro- jektet. Den bästa lösningen är en struktur baserad på ett ramverk som heter Angular JS, utvecklat av Google Inc. Huvudsakligen för att det är det ramverk som har störst stöd av utvecklare just nu samt att det uppmuntrar utvecklare till att skriva väl strukturerad kod. Lösningen definieras som en lista med regler definierade för att begränsa ramverket till att användas som det är gjort för att användas och samtidigt definie- ra en struktur som uppnår målet med projektet: att skapa applikationer som är lätta att underhålla och välstrukturerade. Preface This degree project is the final task in my Degree of Masters of Science in Engineer- ing. I would like to thank every one that has supported and helped me throughout the project. A special thanks to: Olov Engwall for being supervisor with invaluable pieces of advice. Johan Behrenfeldt, Sven Norman, Leif Pettersson, Mattias Knutsson and Mats Dahl, Decerno AB for being available and interested in discussing found re- sults, progress and how to improve the results of the project. Decerno AB for being the principal company for this thesis providing the neces- sary tools and environment to work on the project. Ylva Ersvik for being opponent for my project presentation and helping to im- prove the report by giving great feedback. Helen Elemida, Aked Hindi, Joakim Jalap and Moa Ristner for reflections on work progress and discussion sessions during the thesis work. Contents Preface 1 Introduction 1 1.1 Background . 1 1.2 Problem description . 1 1.3 Project Goal . 2 1.4 Approach . 2 1.4.1 Scientific methodology . 3 1.5 Scope & limitations . 4 1.6 History & Related work . 4 1.6.1 JavaScript . 4 1.6.2 Web development . 5 1.6.3 Software architecture and design . 6 1.7 Definitions . 8 1.7.1 Framework . 8 1.7.2 Web Application . 9 1.7.3 Data bindings . 9 1.7.4 Code template . 9 1.7.5 Pub/Sub . 10 1.7.6 SPA . 10 1.7.7 DOM . 10 1.7.8 Architectural pattern . 10 1.7.9 Bug . 10 1.7.10 Business logic . 11 1.7.11 Maturity / Stability . 11 1.7.12 JSON . 12 2 Theoretical comparison 13 2.1 Considered frameworks . 13 2.1.1 Angular JS . 14 2.1.2 Knockout JS . 15 2.1.3 Backbone JS . 15 2.1.4 Ember JS . 16 2.1.5 Batman JS . 17 2.1.6 Meteor . 17 2.1.7 Summary . 18 2.2 Requirements . 19 2.2.1 Maintainability . 19 2.2.2 Maturity . 21 2.2.3 Performance (caching) . 23 2.2.4 Portability . 24 2.2.5 Testability . 25 2.2.6 Modularity . 26 2.2.7 Popularity . 27 2.3 Sample Application . 29 2.3.1 Application description . 29 2.3.2 Form management . 30 2.3.3 Data validation . 31 2.3.4 Navigation . 32 2.4 Conclusions . 33 2.4.1 Maintainability . 33 2.4.2 Maturity / Stability . 33 2.4.3 Performance (Caching) . 33 2.4.4 Portability . 34 2.4.5 Testability . 34 2.4.6 Modularity . 34 2.4.7 Popularity . 34 2.4.8 Form management . 35 2.4.9 Data validation . 35 2.4.10 Navigation . 35 2.5 Summary . 36 3 Implementation 37 3.1 Learning threshold . 37 3.1.1 Angular . 37 3.1.2 Knockout . 38 3.2 Documentation . 38 3.2.1 Angular . 38 3.2.2 Knockout . 39 3.3 Code comparison . 39 3.3.1 Data bindings . 39 3.3.2 Collections . 43 3.4 Conclusions . 46 4 Testing 48 4.1 Testing methodology . 48 4.1.1 Problems with testing client side applications . 48 4.1.2 Size of the client . 49 4.1.3 Speed in calculations . 49 4.1.4 Storing large data sets . 49 4.1.5 Runtime testing . 50 4.2 Test environment & affecting factors . 50 4.2.1 Benchmarking framework . 50 4.2.2 Test device and browser . 50 4.2.3 Test data . 51 4.3 Specific tests . 51 4.3.1 Data binding updates . 51 4.3.2 Loading data . 52 4.3.3 Sorting data . 52 4.3.4 Linked dependencies . 52 5 Results 54 5.1 Test results . 54 5.1.1 Clarification . 54 5.1.2 Results . 54 5.1.3 Conclusions . 58 5.2 Conclusions . 59 6 Structure 60 6.1 Defining a structure . 60 6.1.1 Comments on the structure . 61 6.2 Weaknesses . 62 6.2.1 Performance . 62 6.2.2 Data model . 62 6.2.3 Security . 62 7 Conclusion 63 7.1 Summary . 63 7.1.1 Socio-ethical effects . 63 7.2 Future work . 64 Appendices 65 List of Figures 65 List of Tables 66 Bibliography.
Load more

Recommended publications
  • CRISPR/Cas9-Mediated Trp53 and Brca2 Knockout
    Published OnlineFirst August 16, 2016; DOI: 10.1158/0008-5472.CAN-16-1272 Cancer Tumor and Stem Cell Biology Research CRISPR/Cas9-Mediated Trp53 and Brca2 Knockout to Generate Improved Murine Models of Ovarian High-Grade Serous Carcinoma Josephine Walton1,2, Julianna Blagih3, Darren Ennis1, Elaine Leung1, Suzanne Dowson1, Malcolm Farquharson1, Laura A. Tookman4, Clare Orange5, Dimitris Athineos3, Susan Mason3, David Stevenson3, Karen Blyth3, Douglas Strathdee3, Frances R. Balkwill2, Karen Vousden3, Michelle Lockley4, and Iain A. McNeish1,4 Abstract – – There is a need for transplantable murine models of ovarian ating novel ID8 derivatives that harbored single (Trp53 / )or – – – – high-grade serous carcinoma (HGSC) with regard to mutations in double (Trp53 / ;Brca2 / ) suppressor gene deletions. In these the human disease to assist investigations of the relationships mutants, loss of p53 alone was sufficient to increase the growth between tumor genotype, chemotherapy response, and immune rate of orthotopic tumors with significant effects observed on the microenvironment. In addressing this need, we performed whole- immune microenvironment. Specifically, p53 loss increased exome sequencing of ID8, the most widely used transplantable expression of the myeloid attractant CCL2 and promoted the model of ovarian cancer, covering 194,000 exomes at a mean infiltration of immunosuppressive myeloid cell populations into – – – – depth of 400Â with 90% exons sequenced >50Â. We found no primary tumors and their ascites. In Trp53 / ;Brca2 / mutant functional mutations in genes characteristic of HGSC (Trp53, cells, we documented a relative increase in sensitivity to the PARP Brca1, Brca2, Nf1, and Rb1), and p53 remained transcriptionally inhibitor rucaparib and slower orthotopic tumor growth – – active. Homologous recombination in ID8 remained intact in compared with Trp53 / cells, with an appearance of intratumoral þ functional assays.
    [Show full text]
  • THE FUTURE of SCREENS from James Stanton a Little Bit About Me
    THE FUTURE OF SCREENS From james stanton A little bit about me. Hi I am James (Mckenzie) Stanton Thinker / Designer / Engineer / Director / Executive / Artist / Human / Practitioner / Gardner / Builder / and much more... Born in Essex, United Kingdom and survived a few hair raising moments and learnt digital from the ground up. Ok enough of the pleasantries I have been working in the design field since 1999 from the Falmouth School of Art and onwards to the RCA, and many companies. Ok. less about me and more about what I have seen… Today we are going to cover - SCREENS CONCEPTS - DIGITAL TRANSFORMATION - WHY ASSETS LIBRARIES - CODE LIBRARIES - COST EFFECTIVE SOLUTION FOR IMPLEMENTATION I know, I know, I know. That's all good and well, but what does this all mean to a company like mine? We are about to see a massive change in consumer behavior so let's get ready. DIGITAL TRANSFORMATION AS A USP Getting this correct will change your company forever. DIGITAL TRANSFORMATION USP-01 Digital transformation (DT) – the use of technology to radically improve performance or reach of enterprises – is becoming a hot topic for companies across the globe. VERY DIGITAL CHANGING NOT VERY DIGITAL DIGITAL TRANSFORMATION USP-02 Companies face common pressures from customers, employees and competitors to begin or speed up their digital transformation. However they are transforming at different paces with different results. VERY DIGITAL CHANGING NOT VERY DIGITAL DIGITAL TRANSFORMATION USP-03 Successful digital transformation comes not from implementing new technologies but from transforming your organisation to take advantage of the possibilities that new technologies provide.
    [Show full text]
  • The Jungle Through Javascript Frameworks
    The jungle through Javascript frameworks. Jonatan Karlsson Henrik Ölund Web Programming Web Programming 2013, BTH, Blekinge institute of 2013, BTH, Blekinge institute of technology technology Advanced topic in Web development, PA1426 Advanced topic in Web development, PA1426 HT15 HT15 Karlskrona, Sweden Karlskrona, Sweden [email protected] [email protected] PA1426 Revision C, Advanced topic in Web development 2015-11-05 Abstract In this article we have planned to dive into Javascripts world where new framework comes out “every day”. We will take the reader into a world where nothing are for granted and everything is a non-standard. In the current situation, there is a [3] tremendous amount of Javascript frameworks ​ and that makes it difficult for a ​ layman to choose the right framework, for the right task and this is something we will try figure out and explain to the reader. Keywords: Javascript, Framework, MV*, Client-side, React, Mithril, Backbone.js, ​ Ember.js 1 PA1426 Revision C, Advanced topic in Web development 2015-11-05 Abstract 1. Introduction 1.1 Background 1.2 Intention 1.3 Method First part Does the framework follow the MV*-pattern? Is the framework popular on google? Have the framework risen in popularity since 2013? Does the framework have any corporation that backs them? Second part 2. Result 2.1 Which frameworks did we select? 2.2 Not included 2.3 React What philosophies have pushed this framework forward? What kind of problem does this framework solve? Which famous products has been created with this framework?
    [Show full text]
  • Glen R. Goodwin [email protected] Laurel, Maryland
    Glen R. Goodwin [email protected] Laurel, Maryland https://arei.net Experience August 2019 to Director of Software Engineering / Lead Engineer, Whitebox Technology, Present Baltimore, Maryland • Lead day to day operations of entire Engineering Directorate including growing team from 5 engineers to 18 engineers. • Designed and implemented entire Engineering department’s communication and process and company culture of Software excellence. • Mentored entire team and individual developers in communication, architecture, engineering best practices, and software quality. • Served as Lead Engineer for Systems Team, responsible for implementing innovative systems to deliver faster, more efficently, and at scale • Served as Lead Experience Engineer fostering and implementing consistent cross product common solutions to better enhance the company brand and the end user expereience. • Designed and delivered technical solutions across the entire company on everything from visualizations to automated conveyance systems. July 2018 to Founder, The Awesome Engineering Company, Laurel, Maryland August 2019 • Started The Awesome Engineering Company to productize personally developed open source solutions. • Developed open source products for NodeJS and modern browsers. October 2013 to Distinguished Software Engineer & Chief Architect for CyberSecurity, SAS July 2018 Institute inc, Ellicott City, Maryland • Chief Architect for the SAS Cybersecurity product line overseeing technical (Converted from VSTI vision from inception to release. employee to parent SAS company in October 2013) • Served as Engineering Lead for User Interface, Services (API), Persistence (ElasticSearch), and Enrichment teams structured around technical layers. • Acted as Lead Researcher for new implementations and technology experiments advising senior management on feasibility and direction • Designed and implemented backend and frontend technologies for the entire product from conception to delivery in multiple languages/frameworks.
    [Show full text]
  • IP Log for Eclipse.Platform Release 4.0, July 2010 Licenses
    IP Log for eclipse.platform Release 4.0, July 2010 Licenses • Eclipse Public License v1.0 Third-Party Code CQ Third-Party Code License Use ICU4J (core and extended ICU4J License (X License, 1065 function) and ICU4J MIT Style) Replacement plug-in Version: 3.6 ICU4J License (X License, 1116 ICU4J Version: 3.4.5.20061213 MIT Style) 1153 JSch 0.1.31 Version: 0.1.31 New BSD license Apache Lucene Version: 1.9.1 243 (Core+Contrib Analyzers Apache License, 2.0 Analysis Src) 257 APT Version: 1 New BSD license Mozilla Public License 1.1 (MPL), MIT Style with No 262 Cairo Version: 1.0.2 Endorsement Clause, Historical Permissive Notice & Disclaimer ICU4J License (X License, 280 ICU4J Version: 3.4 MIT Style) ICU4J License (X License, 281 ICU4J Version: 3.4.3 MIT Style) 293 jsch Version: 0.1.28 New BSD license 308 PNG unload Version: 1 MIT license 1232 Apache Ant Version: 1.7.0 Apache License, 2.0 ICU4J and ICU4J Replacement ICU4J License (X License, 1367 Version: 3.6.1 MIT Style) Olsen time zone data Version: 1368 Public Domain 2007e Work derived from IJG JPEG 1596 IJG License Version: Release 6b,337 unmodified 1826 JSch 0.1.35 New BSD license source & binary ICU4J and ICU4J replacement MIT License with "no unmodified 1919 Version: 3.8.1 edorsement" clause source & binary unmodified 2014 jsch Version: 0.1.37 New BSD license source & binary XHTML DTDs Version: unmodified 2044 W3C Document License Versions 1.0 and 1.1 (PB CQ331) source org.apache.ant Version: 1.6.5 2404 (ATO CQ1013) (using Orbit Apache License, 2.0 CQ2209) org.apache.lucene Version: 1.4.3 2405 (Core Source Only) (ATO Apache License, 2.0 CQ1014) (using Orbit CQ2210) Junit Version: 3.8.2 (ATO 2406 Common Public License 1.0 CQ299) (using Orbit CQ2206) Historical support for Java SSH modified 2410 Applet + Blowfish Version - v.
    [Show full text]
  • Wines by the Glass
    WINES BY THE GLASS SPARKLING 2013 Domaine Carneros, Brut 16 2012 Frank Family, Brut Rosé, Carneros 25 WHITE 2016 Albariño, Cave Dog, Stewart Ranch, Carneros 14 2014 Sauvignon Blanc / Sémillon, Tramuntana, 'Beyond the Mountains' 17 2014 Sauvignon Vert / Sémillon / Golden Chasselas / Green Hungarian, DeSante, 'The Old 15 Vines' 2013 Chardonnay, Massican, 'Gemina' 20 2015 Chardonnay, HdV, 'Le Debut', Hyde Vineyard, Carneros 19 2014 Chardonnay / Grenache Blanc / Ribolla Gialla / etc., Durant & Booth, Blanc 20 ROSÉ 2016 Cabernet Sauvignon / Petite Syrah, Wingspan, 'Saturn Return' 16 RED 2013 Pinot Noir, Mira, Stanly Ranch, Carneros 15 2014 St. Laurent, Forlorn Hope, 'Ost-Intrigen', Ricci Vineyard, Carneros 15 2014 Grenache / Charbono / Petite Sirah, Shypoke, 'Keep', Calistoga 17 2006 Cabernet Sauvignon, Notre Vin, 'L'Etrier' 24 2014 Cabernet Sauvignon, Paul Hobbs, 'Crossbarn' 26 2014 Cabernet Sauvignon, Clos du Val, 'Estate', Stags Leap District 25 DESSERT 2009 Fore Family, Late Harvest, (Sauvignon Blanc) 375 ml 20 2010 Far Niente 'Dolce' Late Harvest (Sauvignon Blanc, Semillon) 375 ml 25 2008 Philip Togni, 'Ca' Togni' (Black Hamburgh) 375 ml 25 2010 Gandona, 'Fraga do Arco', Touriga Nacional 25 PORT / SHERRY / MADEIRA NV Cockburn’s, 20 Year Tawny Port 500 ml 17 NV Ramos Pintos, Ruby Port 9 2009 Dow’s, Late Bottled Vintage 15 1977 Fonseca Vintage Port 38 NV Equipo Navazos, Fino, Bota #35 28 NV Equipo Navazos, Amontillado, #58 29 NV Equipo Navazos, Amontillado, 'Bota NO' #61 500 ml 34 NV Equipo Navazos, Manzanilla Pasada, 'Bota Punta' #60 500
    [Show full text]
  • From GWT to Angular: an Experiment Report on Migrating a Legacy Web
    From GWT to Angular: An Experiment Report on Migrating a Legacy Web Application Benoit Verhaeghe, Anas Shatnawi, Abderrahmane Seriai, Anne Etien, Nicolas Anquetil, Mustapha Derras, Stephane Ducasse To cite this version: Benoit Verhaeghe, Anas Shatnawi, Abderrahmane Seriai, Anne Etien, Nicolas Anquetil, et al.. From GWT to Angular: An Experiment Report on Migrating a Legacy Web Application. IEEE Software, Institute of Electrical and Electronics Engineers, In press, 10.1109/MS.2021.3101249. hal-03313462 HAL Id: hal-03313462 https://hal.archives-ouvertes.fr/hal-03313462 Submitted on 4 Aug 2021 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Department: Head Editor: Name, xxxx@email From GWT to Angular: An Experiment Report on Migrating a Legacy Web Application B. Verhaeghe Berger-Levrault, France Université de Lille, CNRS, Inria, Centrale Lille, UMR 9189 – CRIStAL, France A. Shatnawi Berger-Levrault, France A. Seriai Berger-Levrault, France A. Etien Université de Lille, CNRS, Inria, Centrale Lille, UMR 9189 – CRIStAL, France N. Anquetil Université de Lille, CNRS, Inria, Centrale Lille, UMR 9189 – CRIStAL, France M. Derras Berger-Levrault, France S. Ducasse Université de Lille, CNRS, Inria, Centrale Lille, UMR 9189 – CRIStAL, France Abstract—Berger-Levrault is an international company that developed applications in GWT for more than 10 years.
    [Show full text]
  • SSC - Communication and Networking
    SSC - Communication and Networking SSC - Web applications and development Introduction to Java Servlet (I) Shan He School for Computational Science University of Birmingham Module 06-19321: SSC SSC - Communication and Networking Outline Outline of Topics What will we learn Web development Java servlet Java servlet: our first example SSC - Communication and Networking What will we learn What is web applications and development? I Java Servlet: basic concepts, configure, install and use servlet based web applications, basic implementation. I Session management and Servlet with JDBC I Model View Controller (MVC) for Java Servlet and Java Serve Pages I Advanced topics: Multithreaded Servlet SSC - Communication and Networking Web development What is web applications and development? I Web-based application: an application that uses a web browser as a client, e.g., google calendar or GMail. I Web development: work involved in developing a web site for the Internet or intranet, which include: I web design I web content development I client-side/server-side coding I Web development coding (platforms or languages): I Client side: HTML5, JavaScript, Ajax (Asynchronous JavaScript), Flash, JavaFX, etc. I Server side: PHP, Python, Node.js, Java servlet I Client-side/Server-side: Google Web Toolkit, Opa I Full stack web frameworks { built on the development platforms wtih a higher level set of functionality: Meteor, Yahoo! Mojito, MEAN SSC - Communication and Networking Java servlet What is Java servlet? I Java servlet: a Java platform technology \for
    [Show full text]
  • Practical Javascript™, DOM Scripting, and Ajax Projects
    Practical JavaScript™, DOM Scripting, and Ajax Projects ■■■ Frank W. Zammetti Practical JavaScript™, DOM Scripting, and Ajax Projects Copyright © 2007 by Frank W. Zammetti All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. ISBN-13 (pbk): 978-1-59059-816-0 ISBN-10 (pbk): 1-59059-816-4 Printed and bound in the United States of America 9 8 7 6 5 4 3 2 1 Trademarked names may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, we use the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. Java and all Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc., in the United States and other countries. Apress, Inc., is not affiliated with Sun Microsystems, Inc., and this book was written without endorsement from Sun Microsystems, Inc. Lead Editor: Matthew Moodie Technical Reviewer: Herman van Rosmalen Editorial Board: Steve Anglin, Ewan Buckingham, Gary Cornell, Jason Gilmore, Jonathan Gennick, Jonathan Hassell, James Huddleston, Chris Mills, Matthew Moodie, Jeff Pepper, Paul Sarknas, Dominic Shakeshaft, Jim Sumser, Matt Wade Project Manager: Tracy Brown Collins Copy Edit Manager: Nicole Flores Copy Editor: Marilyn Smith Assistant Production Director: Kari Brooks-Copony Production Editor: Laura Esterman Compositor: Susan Glinert Proofreaders: Lori Bring and April Eddy Indexer: Broccoli Information Management Cover Designer: Kurt Krames Manufacturing Director: Tom Debolski Distributed to the book trade worldwide by Springer-Verlag New York, Inc., 233 Spring Street, 6th Floor, New York, NY 10013.
    [Show full text]
  • Analysing the Use of Outdated Javascript Libraries on the Web
    Updated in September 2017: Require valid versions for library detection throughout the paper. The vulnerability analysis already did so and remains identical. Modifications in Tables I, III and IV; Figures 4 and 7; Sections III-B, IV-B, IV-C, IV-F and IV-H. Additionally, highlight Ember’s security practices in Section V. Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web Tobias Lauinger, Abdelberi Chaabane, Sajjad Arshad, William Robertson, Christo Wilson and Engin Kirda Northeastern University {toby, 3abdou, arshad, wkr, cbw, ek}@ccs.neu.edu Abstract—Web developers routinely rely on third-party Java- scripts or HTML into vulnerable websites via a crafted tag. As Script libraries such as jQuery to enhance the functionality of a result, it is of the utmost importance for websites to manage their sites. However, if not properly maintained, such dependen- library dependencies and, in particular, to update vulnerable cies can create attack vectors allowing a site to be compromised. libraries in a timely fashion. In this paper, we conduct the first comprehensive study of To date, security research has addressed a wide range of client-side JavaScript library usage and the resulting security client-side security issues in websites, including validation [30] implications across the Web. Using data from over 133 k websites, we show that 37 % of them include at least one library with a and XSS ([17], [36]), cross-site request forgery [4], and session known vulnerability; the time lag behind the newest release of fixation [34]. However, the use of vulnerable JavaScript libraries a library is measured in the order of years.
    [Show full text]
  • The Role of Standards in Open Source Dr
    Panel 5.2: The role of Standards in Open Source Dr. István Sebestyén Ecma and Open Source Software Development • Ecma is one of the oldest SDOs in ICT standardization (founded in 1961) • Examples for Ecma-OSS Standardization Projects: • 2006-2008 ECMA-376 (fast tracked as ISO/IEC 29500) “Office Open XML File Formats” RAND in Ecma and JTC1, but RF with Microsoft’s “Open Specification Promise” – it worked. Today at least 30+ OSS implementations of the standards – important for feedback in maintenance • 201x-today ECMA-262 (fast tracked as ISO/IEC 16262) “ECMAScript Language Specification” with OSS involvement and input. Since 2018 different solution because of yearly updates of the standard (Too fast for the “fast track”). • 2013 ECMA-404 (fast tracked as ISO/IEC 21778 ) “The JSON Data Interchange Syntax“. Many OSS impl. Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 2 Initial Questions by the OSS Workshop Moderators: • Is Open Source development the next stage to be adopted by SDOs? • To what extent a closer collaboration between standards and open source software development could increase efficiency of both? • How can intellectual property regimes - applied by SDOs - influence the ability and motivation of open source communities to cooperate with them? • Should there be a role for policy setting at EU level? What actions of the European Commission could maximize the positive impact of Open Source in the European economy? Rue du Rhône 114 - CH-1204 Geneva - T: +41 22 849 6000 - F: +41 22 849 6001 - www.ecma-international.org 3 Question 1 and Answer: • Is Open Source development the next stage to be adopted by SDOs? • No.
    [Show full text]
  • Appendix a the Ten Commandments for Websites
    Appendix A The Ten Commandments for Websites Welcome to the appendixes! At this stage in your learning, you should have all the basic skills you require to build a high-quality website with insightful consideration given to aspects such as accessibility, search engine optimization, usability, and all the other concepts that web designers and developers think about on a daily basis. Hopefully with all the different elements covered in this book, you now have a solid understanding as to what goes into building a website (much more than code!). The main thing you should take from this book is that you don’t need to be an expert at everything but ensuring that you take the time to notice what’s out there and deciding what will best help your site are among the most important elements of the process. As you leave this book and go on to updating your website over time and perhaps learning new skills, always remember to be brave, take risks (through trial and error), and never feel that things are getting too hard. If you choose to learn skills that were only briefly mentioned in this book, like scripting, or to get involved in using content management systems and web software, go at a pace that you feel comfortable with. With that in mind, let’s go over the 10 most important messages I would personally recommend. After that, I’ll give you some useful resources like important websites for people learning to create for the Internet and handy software. Advice is something many professional designers and developers give out in spades after learning some harsh lessons from what their own bitter experiences.
    [Show full text]