DOCSLIB.ORG

Joe Gibbs Politz Spiridon Aristides Eliopoulos Arjun Guha Shriram Krishnamurthi 1 2 3 Third-Party Ad

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Joe Gibbs Politz Spiridon Aristides Eliopoulos Arjun Guha Shriram Krishnamurthi 1 2 3 Third-Party Ad ADsafety Type-based Verification of JavaScript Sandboxing Joe Gibbs Politz Spiridon Aristides Eliopoulos Arjun Guha Shriram Krishnamurthi 1 2 3 third-party ad third-party ad 4 Who is running code in your browser? 5 Who is running code in your browser? 5 Who is running code in your browser? 5 the host you visit 6 the host you visit 6 the host the ad server you visit 6 the host the ad server you visit same JavaScript context 6 the host the ad server you visit <iframe> 6 the host the ad server you visit <iframe> top.location.href 6 Microsoft Web Sandbox Google Facebook JavaScript Caja (FBJS) Yahoo! ADsafe All are defining safe sub-languages 7 8 eval 8 eval 8 eval e 8 eval e wrap(e) 8 eval e wrap wrap(e) 8 “filters” “wrappers” eval e “rewriters” wrap wrap(e) — Maffeis, Mitchell, and Taly, ESORICS 2009 8 9 eval 9 eval ADSAFE.get(obj, x) untrusted widget 9 eval ADSAFE.get ADSAFE.get(obj, x) untrusted widget 9 • 1, 800 LOC adsafe.js library • 50 calls to three kinds of assertions • 40 type-tests • 5 regular-expression based checks • 60 privileged DOM method calls 10 ? • 1, 800 LOC adsafe.js library • 50 calls to three kinds of assertions • 40 type-tests • 5 regular-expression based checks • 60 privileged DOM method calls 10 Type-based Verification of 11 Definition 1 (ADsafety): If all embedded widgets pass JSLint, then: 12 Definition 1 (ADsafety): If all embedded widgets pass JSLint, then: eval() document.write() document.createElement("script") 1.Widgets cannot load new code ... at runtime, or cause ADsafe to load new code on their behalf; 12 Definition 1 (ADsafety): If all embedded widgets pass JSLint, then: eval() document.write() document.createElement("script") 1.Widgets cannot load new code ... at runtime, or cause ADsafe to load new code on their behalf; 12 Definition 1 (ADsafety): If all embedded widgets pass JSLint, then: 1.Widgets cannot load new code at runtime, or cause ADsafe to load new code on their behalf; 2.Widgets cannot obtain direct <div> references to DOM nodes; Untrusted <p> <div> ADsafe Widget <b> 12 Definition 1 (ADsafety): If all embedded widgets pass JSLint, then: 1.Widgets cannot load new code at runtime, or cause ADsafe to load new code on their behalf; 2.Widgets cannot obtain direct <div> references to DOM nodes; Untrusted <p> <div> ADsafe Widget <b> 12 Definition 1 (ADsafety): If all embedded widgets pass JSLint, then: 1.Widgets cannot load new code at runtime, or cause ADsafe to load new code on their behalf; 2.Widgets cannot obtain direct <div> references to DOM nodes; 3.Widgets cannot affect the <div id="WIDGET"> DOM outside of their subtree; and Untrusted <p> <div> ADsafe Widget <b> 12 Definition 1 (ADsafety): If all embedded widgets pass JSLint, then: 1.Widgets cannot load new code at runtime, or cause ADsafe to load new code on their behalf; 2.Widgets cannot obtain direct <div> references to DOM nodes; 3.Widgets cannot affect the <div id="WIDGET"> DOM outside of their subtree; and Untrusted <p> <div> ADsafe Widget <b> 12 Definition 1 (ADsafety): If all embedded widgets pass JSLint, then: 1.Widgets cannot load new code at runtime, or cause ADsafe to load new code on their behalf; 2.Widgets cannot obtain direct references to DOM nodes; 3.Widgets cannot affect the DOM outside of their subtree; and 4.Multiple widgets on the same page cannot communicate. Widget A ADsafe Widget B 12 eval Goal: Verify ADsafe ADSAFE.get ADSAFE.get(obj, x) 13 eval Goal: Verify ADsafe ADSAFE.get ADSAFE.get(obj, x) untrusted, but passes JSLint 13 eval Goal: Verify ADsafe Goal: model JSLint ADSAFE.get ADSAFE.get(obj, x) untrusted, but passes JSLint 13 JSLint ensures: no DOM node references <div> Untrusted <p> <div> ADsafe Widget <b> “Widgets cannot obtain direct references to DOM nodes.” 14 JSLint ensures: no DOM node references ADsafe ensures: bunch = { only “safe” __nodes__ : array of nodes, methods on append: function ..., bunches getText: function ..., ... 20 functions } <div> Untrusted <p> <div> ADsafe Widget <b> “Widgets cannot obtain direct references to DOM nodes.” 14 JSLint ensures: no DOM node references ADsafe ensures: bunch = { only “safe” __nodes__ : array of nodes, methods on append: function ..., bunches getText: function ..., ... 20 functions } <div> No private fields in JavaScript! Untrusted <p> <div> ADsafe bunch.__nodes__ Widget <b> “Widgets cannot obtain direct references to DOM nodes.” 14 JSLint ensures: no DOM node references ADsafe ensures: bunch = { only “safe” __nodes__ : array of nodes, methods on append: function ..., bunches getText: function ..., ... 20 functions } <div> JSLint ensures: Untrusted <p> <div> ADsafe __nodes__ is bunch.__nodes__ Widget “private” <b> “Widgets cannot obtain direct references to DOM nodes.” 14 JSLint ensures: no DOM node references ADsafe ensures: bunch = { only “safe” __nodes__ : array of nodes, methods on append: function ..., bunches getText: function ..., ... 20 functions } <div> JSLint ensures: Untrusted <p> <div> ADsafe __nodes__ is bunch.__nodes__ Widget “private” <b> bunch.append(...) “Widgets cannot obtain direct references to DOM nodes.” Exploit append to return nodes? 14 JSLint ensures: no DOM node references ADsafe ensures: bunch = { only “safe” __nodes__ : array of nodes, methods on append: function ..., bunches getText: function ..., ... 20 functions } <div> JSLint ensures: Untrusted <p> <div> ADsafe __nodes__ is bunch.__nodes__ Widget “private” <b> ADsafe ensures: DOM nodes are bunch.append(...) “Widgets cannot obtain direct not returned references to DOM nodes.” 14 eval Goal 2: Verify ADsafe Goal 1: model JSLint ADSAFE.get ADSAFE.get(obj, x) untrusted, but passes JSLint 15 var n = 6 var s = "a string" var b = true 16 var n = 6 var s = "a string" var b = true Widget := Number + String + Boolean + Undefined + Null + 16 Widget := Number + String + Boolean + Undefined + Null + 17 { x: 6, b: "car" } Widget := Number + String + Boolean + Undefined + Null + 17 { x: 6, b: "car" } { nested: { y: 10, b: false } } Widget := Number + String + Boolean + Undefined + Null + ★: Widget __nodes__: Array<Node> caller: prototype: ... code : Widget ⨉ ... → Widget __proto__: Object + Function + Array + ... 17 { x: 6, b: "car" } { nested: { y: 10, b: false } } { __nodes__: 90 } myObj.prototype = { }; Widget := Number + String + Boolean + Undefined + Null + ★: Widget __nodes__: Array<Node> caller: prototype: ... code : Widget ⨉ ... → Widget __proto__: Object + Function + Array + ... 17 { x: 6, b: "car" } { nested: { y: 10, b: false } } { __nodes__: 90 } myObj.prototype = { }; function foo(x) { return x + 1; } foo(900) foo.w = "functions are objects" ["array", "of", "strings"] /regular[ \t]*expressions/ Widget := Number + String + Boolean + Undefined + Null + ★: Widget __nodes__: Array<Node> caller: prototype: ... code : Widget ⨉ ... → Widget __proto__: Object + Function + Array + ... 17 JSLint Widget type-checker typable widgets widgets that pass JSLint 18 JSLint Widget type-checker typable widgets widgets that Claim: pass JSLint evidence: 1,100 LOC of tests or, passing JSLint ⇒Widget-typable 18 JSLint Widget type-checker type-based typable arguments about widgets widgets widgets that Claim: pass JSLint evidence: 1,100 LOC of tests or, passing JSLint ⇒Widget-typable 18 eval Goal 2: Verify ADsafe Goal 1: model JSLint ADSAFE.get ADSAFE.get(obj, x) untrusted, but passes JSLint 19 window.setTimeout(callback, delay); String eval window.setTimeout Widget→Widget 20 Object Widget →Widget String Number /*: Widget ⨉ Widget → Widget */ ADSAFE.later = function(callback, delay) { if (typeof callback !== "function") { Widget throw "expected function"; →Widget } window.setTimeout(callback, delay); String } eval window.setTimeout Widget→Widget 20 Object window : { Widget →Widget eval: ☠, setTimeout : (Widget ⨉ ... → Widget) ⨉ Widget → Undefined, String ... Number } /*: Widget ⨉ Widget → Widget */ ADSAFE.later = function(callback, delay) { if (typeof callback !== "function") { Widget throw "expected function"; →Widget } window.setTimeout(callback, delay); String } eval window.setTimeout Widget→Widget 20 Object window : { Widget →Widget eval: ☠, setTimeout : (Widget ⨉ ... → Widget) ⨉ Widget → Undefined, String ... Number } Widget /*: Widget ⨉ Widget → Widget */ ADSAFE.later = function(callback, delay) { if (typeof callback !== "function") { Widget throw "expected function"; →Widget } window.setTimeout(callback, delay); String } eval window.setTimeout Widget→Widget 20 Object window : { Widget →Widget eval: ☠, setTimeout : (Widget ⨉ ... → Widget) ⨉ Widget → Undefined, String ... Number } Widget /*: Widget ⨉ Widget → Widget */ ADSAFE.later = function(callback, delay) { if (typeof callback !== "function") { Widget throw "expected function"; →Widget } window.setTimeout(callback, delay); String } eval Widget ⨉ ... → Widget window.setTimeout Widget→Widget 20 Object window : { Widget →Widget eval: ☠, setTimeout : (Widget ⨉ ... → Widget) ⨉ Widget → Undefined, String ... Number } Widget /*: Widget ⨉ Widget → Widget */ ADSAFE.later = function(callback, delay) { if (typeof callback !== "function") { Widget throw "expected function"; →Widget } window.setTimeout(callback, delay); String } eval Widget ⨉ ... → Widget window.setTimeout This is just one kind of if-split we handle. Widget→Widget —Politz et al. USENIX Security 2011 and Guha, Saftoiu, Krishnamurthi. ESOP 2011. 20 JSLinted adsafe.js widget 21 JSLinted adsafe.js widget 21 JSLinted adsafe.js widget 21 Widget Widget Widget Widget JSLinted adsafe.js widget 21 Widget Widget Widget Widget JSLinted adsafe.js widget 21 Widget Widget Widget Widget Widget Widget
Load more

Recommended publications
  • Learning React Functional Web Development with React and Redux
    Learning React Functional Web Development with React and Redux Alex Banks and Eve Porcello Beijing Boston Farnham Sebastopol Tokyo Learning React by Alex Banks and Eve Porcello Copyright © 2017 Alex Banks and Eve Porcello. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://oreilly.com/safari). For more information, contact our corporate/insti‐ tutional sales department: 800-998-9938 or [email protected]. Editor: Allyson MacDonald Indexer: WordCo Indexing Services Production Editor: Melanie Yarbrough Interior Designer: David Futato Copyeditor: Colleen Toporek Cover Designer: Karen Montgomery Proofreader: Rachel Head Illustrator: Rebecca Demarest May 2017: First Edition Revision History for the First Edition 2017-04-26: First Release See http://oreilly.com/catalog/errata.csp?isbn=9781491954621 for release details. The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Learning React, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc. While the publisher and the authors have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the authors disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights.
    [Show full text]
  • Introducing 2D Game Engine Development with Javascript
    CHAPTER 1 Introducing 2D Game Engine Development with JavaScript Video games are complex, interactive, multimedia software systems. These systems must, in real time, process player input, simulate the interactions of semi-autonomous objects, and generate high-fidelity graphics and audio outputs, all while trying to engage the players. Attempts at building video games can quickly be overwhelmed by the need to be well versed in software development as well as in how to create appealing player experiences. The first challenge can be alleviated with a software library, or game engine, that contains a coherent collection of utilities and objects designed specifically for developing video games. The player engagement goal is typically achieved through careful gameplay design and fine-tuning throughout the video game development process. This book is about the design and development of a game engine; it will focus on implementing and hiding the mundane operations and supporting complex simulations. Through the projects in this book, you will build a practical game engine for developing video games that are accessible across the Internet. A game engine relieves the game developers from simple routine tasks such as decoding specific key presses on the keyboard, designing complex algorithms for common operations such as mimicking shadows in a 2D world, and understanding nuances in implementations such as enforcing accuracy tolerance of a physics simulation. Commercial and well-established game engines such as Unity, Unreal Engine, and Panda3D present their systems through a graphical user interface (GUI). Not only does the friendly GUI simplify some of the tedious processes of game design such as creating and placing objects in a level, but more importantly, it ensures that these game engines are accessible to creative designers with diverse backgrounds who may find software development specifics distracting.
    [Show full text]
  • Teaching Introductory Programming with Javascript in Higher Education
    Proceedings of the 9th International Conference on Applied Informatics Eger, Hungary, January 29–February 1, 2014. Vol. 1. pp. 339–350 doi: 10.14794/ICAI.9.2014.1.339 Teaching introductory programming with JavaScript in higher education Győző Horváth, László Menyhárt Department of Media & Educational Informatics, Eötvös Loránd University, Budapest, Hungary [email protected] [email protected] Abstract As the Internet penetration rate continuously increases and web browsers show a substantial development, the web becomes a more general and ubiq- uitous application runtime platform, where the programming language on the client side exclusively is JavaScript. This is the reason why recently JavaScript is more often considered as the lingua franca of the web, or, from a different point of view, the universal virtual machine of the web. In ad- dition, the JavaScript programming language appears in many other areas of informatics due to the wider usage of the HTML-based technology, and the embedded nature of the language. Consequently, in these days it is quite difficult to program without getting in touch with JavaScript in some way. In this article we are looking for answers to how the JavaScript language is suitable for being an introductory language in the programming related subjects of the higher education. First we revisit the different technologies that lead to and ensure the popularity of JavaScript. Following, current approaches using JavaScript as an introductory language are overviewed and analyzed. Next, a curriculum of an introductory programming course at the Eötvös Loránd University is presented, and a detailed investigation is given about how the JavaScript language would fit in the expectations and requirements of this programming course.
    [Show full text]
  • Focus Type Applies To
    Focus Type Applies To All Power Tools All All Power Tools Team Foundation Server All Templates Team Foundation Server All Integration Provider Team Foundation Server All Power Tools Team Foundation Server All Power Tools Team Foundation Server All Integration Provider Team Foundation Server Architecture Power Tools Visual Studio Architecture Power Tools Visual Studio Architecture Templates Visual Studio Architecture Integration Provider Oracle Architecture Templates Expression Builds Power Tools Team Foundation Server Builds Integration Provider Visual Studio Builds Power Tools Team Foundation Server Builds Templates Team Foundation Server Builds Power Tools Team Foundation Server Builds Power Tools Team Foundation Server Builds Power Tools Team Foundation Server Coding Power Tools Visual Studio Coding Integration Provider Visual Studio Coding Azure Integration Visual Studio Coding Integration Provider Dynamics CRM Coding Documentation Visual Studio Coding Integration Provider Visual Studio Coding Templates Visual Studio Coding Documentation Visual Studio Coding Templates SharePoint Coding Templates SharePoint Coding Integration Provider Visual Studio Coding Integration Provider Visual Studio Coding Templates SharePoint Coding Power Tools Visual Studio Coding Power Tools Visual Studio Coding Templates SharePoint Coding Templates Visual Studio Coding Templates Visual Studio Coding Templates Visual Studio Coding Power Tools Visual Studio Coding Integration Provider SharePoint Coding Templates Visual Studio Coding Templates SharePoint Coding
    [Show full text]
  • Node.Js I – Getting Started Chesapeake Node.Js User Group (CNUG)
    Node.js I – Getting Started Chesapeake Node.js User Group (CNUG) https://www.meetup.com/Chesapeake-Region-nodeJS-Developers-Group Agenda ➢ Installing Node.js ✓ Background ✓ Node.js Run-time Architecture ✓ Node.js & npm software installation ✓ JavaScript Code Editors ✓ Installation verification ✓ Node.js Command Line Interface (CLI) ✓ Read-Evaluate-Print-Loop (REPL) Interactive Console ✓ Debugging Mode ✓ JSHint ✓ Documentation Node.js – Background ➢ What is Node.js? ❑ Node.js is a server side (Back-end) JavaScript runtime ❑ Node.js runs “V8” ✓ Google’s high performance JavaScript engine ✓ Same engine used for JavaScript in the Chrome browser ✓ Written in C++ ✓ https://developers.google.com/v8/ ❑ Node.js implements ECMAScript ✓ Specified by the ECMA-262 specification ✓ Node.js support for ECMA-262 standard by version: • https://node.green/ Node.js – Node.js Run-time Architectural Concepts ➢ Node.js is designed for Single Threading ❑ Main Event listeners are single threaded ✓ Events immediately handed off to the thread pool ✓ This makes Node.js perfect for Containers ❑ JS programs are single threaded ✓ Use asynchronous (Non-blocking) calls ❑ Background worker threads for I/O ❑ Underlying Linux kernel is multi-threaded ➢ Event Loop leverages Linux multi-threading ❑ Events queued ❑ Queues processed in Round Robin fashion Node.js – Event Processing Loop Node.js – Downloading Software ➢ Download software from Node.js site: ❑ https://nodejs.org/en/download/ ❑ Supported Platforms ✓ Windows (Installer or Binary) ✓ Mac (Installer or Binary) ✓ Linux
    [Show full text]
  • Complexity Revisited
    23%#52 4% )4 5 9 0 , ! - " / # + @ P : K < J@ .E@M<I Comp215: Introduction to JavaScript 23%#52 4% )4 5 9 0 , ! - Dan S. Wallach (Rice University) " / # + @ P : K < J@ .E@M<I Copyright ⓒ 2015, Dan S. Wallach. All rights reserved. What does JavaScript have to do with the Web? Way back in 1995... Web browsers had no way to run external code But, there were tons of “mobile code systems” in the world Tcl/Tk: Popular with Unix tool builders, still running today in many places Java: Originally targeting television set-top boxes Released in ’95 with “HotJava” web browser Many others that never achieved commercial success Meanwhile, inside Netscape... Mocha --> LiveScript --> JavaScript Brendan Eich’s original goals of JavaScript: Lightweight execution inside the browser Safety / security Easy to learn / easy to write Scheme-liKe language with C / Java-liKe syntax Easy to add small behaviors to web pages One-liners: click a button, pop up a menu The big debate inside Netscape therefore became “why two languages? why not just Java?” The answer was that two languages were required to serve the two mostly-disjointMocha audiences --> in the LiveScript programming ziggurat --> who JavaScriptmost deserved dedicated programming languages: the component authors, who wrote in C++ or (we hoped)Brendan Java; and Eich’s the “scripters”, original goals amateur of orJavaScript: pro, who would write code directly embeddedLightweight in HTML. execution inside the browser Safety / security Whether anyEasy existing to learn language / easy tocould write be used, instead of inventing a new one, was also notScheme-liKe something language I decided.
    [Show full text]
  • Debugging Javascript
    6803.book Page 451 Thursday, June 15, 2006 2:24 PM APPENDIX ■ ■ ■ Debugging JavaScript In this appendix, I will introduce you to some tricks and tools to debug your JavaScript code. It is very important to get acquainted with debugging tools, as programming consists to a large extent of trying to find out what went wrong a particular time. Some browsers help you with this problem; others make it harder by having their debugging tools hidden away or returning cryptic error messages that confuse more than they help. Some of my favorites include philo- sophical works like “Undefined is not defined” or the MSIE standard “Object doesn’t support this property or method.” Common JavaScript Mistakes Let’s start with some common mistakes that probably every JavaScript developer has made during his career. Having these in the back of your head when you check a failing script might make it a lot quicker to spot the problem. Misspellings and Case-Sensitivity Issues The easiest mistakes to spot are misspellings of JavaScript method names or properties. Clas- sics include getElementByTagName() instead of getElementsByTagName(), getElementByID() instead of getElementById() and node.style.colour (for the British English writers). A lot of times the problem could also be case sensitivity, for example, writing keywords in mixed case instead of lowercase. If( elm.href ) { var url = elm.href; } There is no keyword called If, but there is one called if. The same problem of case sensi- tivity applies to variable names: var FamilyGuy = 'Peter'; var FamilyGuyWife = 'Lois'; alert( 'The Griffins:\n'+ familyGuy + ' and ' + FamilyGuyWife ); This will result in an error message stating “familyGuy is not defined”, as there is a variable called FamilyGuy but none called familyGuy.
    [Show full text]
  • University of Washington, CSE 190 M Homework Assignment 6: Asciimation
    University of Washington, CSE 190 M Homework Assignment 6: ASCIImation Special thanks to Dave Reed of Creighton University for the original idea of this assignment. This assignment tests your understanding of JavaScript and its interaction with HTML user interfaces. You must match the appearance and behavior of the following web page: ASCII art is pictures that consist of text characters. ASCII art has a long history as a way to draw pictures for text- only monitors or printers. We will draw animated ASCII art, or "ASCIImation." Groups of nerds are working to recreate the entire movies Star Wars and The Matrix as ASCIImation. The first task is to create a page ascii.html with a user interface (UI) for creating/viewing ASCIImations. No skeleton files are provided. Your page should link to a style sheet you'll write named ascii.css for styling the page. After creating your page, you must make the UI interactive by writing JavaScript code in ascii.js so that clicking the UI controls causes appropriate behavior. Your HTML page should link to your JS file in a script tag. You should also create an ASCIImation of your own, stored in a file named myanimation.txt. Your ASCIImation must show non-trivial effort, must have multiple frames of animation, and must be entirely your own work. Be creative! We will put students' ASCIImations on the course web site for others to see. In total you will turn in the following files: • ascii.html, your web page • ascii.css, the style sheet for your web page • ascii.js, the JavaScript code for your web page • myanimation.txt, your custom ASCII animation as a plain text file • myanimation.js, your custom ASCII animation as JavaScript code (so it can be used on the page) Our screenshots were taken on Windows in Firefox, which may differ from your system.
    [Show full text]
  • Web Mastering Certificate Program
    Extended Studies & Workforce Education Division Norwalk Community College Web Mastering Certificate Program The Web Mastering Certificate Program will enable participants to gain the professional skills required in Internet systems design, maintenance, and programming. Previous programming experience is recommended. Total Total Course Hours Sessions Tuition* Textbook 1. XML for the World Wide Web Online Online $620 N/A 2. VisualBasic.net Introduction to Programming 18 6 $349 Additional Fee 3. Introduction to JavaScript Programming 18 6 $349 N/A 4. Introduction to Programming with C#.net 18 6 $349 Additional Fee *Tuition subject to change. Please refer to the Extended Studies & Workforce Education current catalog for course specifics (tuition, start date, class time slot and location). ____________________________________________________________________________________ Course Descriptions XML for the World Wide Web The course builds on students’ knowledge of HTML and JavaScript in the rich world of XML. Topics covered include creating well-formed and valid XML documents, Document Type Definitions (DTDs), namespaces, entities, XML Schemas, formatting using Cascading Style Sheets (CSS) and Extensible Style sheet Language (XSL) and transformations using XSL Transformations. Two hours of laboratory. Prerequisite: Some programming experience required. Additional information about the online component of this class is available online (http://norwalk.edu/dept/distance-learning/default.asp) VisualBasic.NET Introduction to Programming with C#.net This course provides an introduction to the world of programming utilizing VisualBasic.NET, a high-level event driven programming language. Students will develop skills for solving problems with a computer. The basic concepts of C#.net will be mastered to aid in solving these problems. More advanced programming concepts are also explored, including database programming and object oriented programming.
    [Show full text]
  • Is the Web Good Enough for My App?
    Is the Web good enough for my app ? François Daoust (@tidoust), W3C Workshop HTML5 vs Native by software.brussels 4 December 2014 A short history of the Web App platform Tim Berners Lee Olympic games opening ceremony July 2012, London “The Web is an information space in which the items of interest, referred to as resources, are identified by global identifiers called Uniform Resource Identifiers” Architecture of the World Wide Web HTML HTTP URL • Web Standards HTML, CSS, XML, SVG, PNG, XSLT, WCAG, RDF, JavaScript APIs… • Consortium ~400 members, from industry and research • World-wide Offices in many countries • One Web! Founded and directed by Tim Berners-Lee • Global participation 55,000 people subscribed to mailing lists, 1,500+ participants in 60+ Groups User interaction <form action="post.cgi"> <input type="text" name="firstname" /> <input type="submit" title="Submit" /> </form> User interaction <form action="post.cgi"> <input type="text" name="firstname" /> <input type="submit" title="Submit" /> </form> DHTML • Document Object Model (DOM) • JavaScript • Events AJAX XMLHttpRequest Properties of the Web app platform Top-down approach and Extensible Web Manifesto Security • Hard to expose low-level APIs • Beware of fingerprinting Global platform Ex: access to local storage IndexedDB API Human platform Philae vs. CSS Complete platform Communications API Usage HTML5 Web Messaging Inter-app (same browser) WebRTC P2P, real time data/audio/video Network Service Discovery Local network Presentation API Second screen Cross-device communication Presentation API navigator.presentation .startSession('http://example.org/pres.html') .then(function (newSession) { session.onstatechange = function () { switch (session.state) { case 'connected': session.postMessage(/*...*/); session.onmessage = function() { /*...*/ }; break; case 'disconnected': console.log('Disconnected.'); break; } }; }, function () { /*...*/ }); Packaging • Offline execution ApplicationCache Service Workers • Packaging in itself Manifest file Archive (Zip) Native shim (ex.
    [Show full text]
  • Modul Do Systému Maven
    MASARYKOVA UNIVERZITA F}w¡¢£¤¥¦§¨ AKULTA INFORMATIKY !"#$%&'()+,-./012345<yA| Modul do systému Maven DIPLOMOVÁ PRÁCE Ivana Jansová Brno, podzim 2009 Prohlášení Prohlašuji, že tato diplomová práce je mým p ˚uvodnímautorským dílem, které jsem vypra- covala samostatnˇe.Všechny zdroje, prameny a literaturu, které jsem pˇrivypracování pou- žívala nebo z nich ˇcerpala,v práci ˇrádnˇecituji s uvedením úplného odkazu na pˇríslušný zdroj. Vedoucí práce: RNDr. Radek Ošlejšek, Ph.D. ii Podˇekování Ráda bych podˇekovalavšem, kteˇrími pomohli, jmenovitˇepanu RNDr. Radkovi Ošlejškovi, Ph.D. za trpˇelivosta užiteˇcnérady pˇrivedení diplomové práce, dále Ing. Pavlovi Klobá- sovi za cenné podnˇetya pˇripomínkyk programové ˇcásti.Podˇekovánípatˇríi mé rodinˇea pˇrátel˚umMgr. HanˇeBydžovské a Mgr. Danielu Kederovi, kteˇrímne podporovali. Bez jejich pomoci by tato práce nemohla vzniknout. iii Shrnutí Diplomová práce pojednává o systému Maven. Zabývá se jeho funkcemi a možným využi- tím. Na pˇríkladechukazuje používání modul ˚ua jejich konfiguraci. Ve druhé ˇcástise vˇenujeframeworku Apache Wicket. Formou tutoriálu pˇribližujeˇcte- náˇritvorbu webové aplikace ve Wicketu. Obsahuje popis komponent i Wicket model ˚upro získávání dat. Poslední ˇcástukazuje, jak jsem postupovala pˇritvorbˇeobyˇcejnéhoi reportového modulu do Mavenu. Popisuje vznik modulu – Validátoru pro validaci XML soubor ˚u,kaskádových styl ˚u,JavaScriptu a šablon Apache Wicket a pˇreformulovánívýsledk ˚udo formy reportu. iv Klíˇcováslova Maven, plugin, validátor HTML, validátor JavaScript, validátor CSS šablon, validátor šab- lon Apache Wicket v Obsah 1 Úvod .............................................1 2 Maven ............................................3 2.1 POM – Project Object Model .............................4 2.1.1 Ukázka a rozbor ˇcástípom.xml . .5 2.2 Fáze projektu .....................................7 2.3 Funkce a použití ....................................8 2.3.1 Generování stránek . .8 2.3.2 Základní pˇríkazy . .9 2.3.3 Archetypy .
    [Show full text]
  • Javascript Code Quality Analysis
    JavaScript Code Quality Analysis Master’s Thesis Joost-Wim Boekesteijn JavaScript Code Quality Analysis THESIS submitted in partial fulfillment of the requirements for the degree of MASTER OF SCIENCE in COMPUTER SCIENCE by Joost-Wim Boekesteijn born in Hoogeveen, the Netherlands Software Engineering Research Group m-industries Department of Software Technology M-Industries BV Faculty EEMCS, Delft University of Technology Rotterdamseweg 183c Delft, the Netherlands Delft, the Netherlands www.ewi.tudelft.nl www.m-industries.com c 2012 Joost-Wim Boekesteijn. JavaScript Code Quality Analysis Author: Joost-Wim Boekesteijn Student id: 1174355 Email: [email protected] Abstract Static analysis techniques provide a means to detect software errors early in the development process, without actually having to run the software that is being analyzed. These techniques are common for statically typed languages and have found their way into IDEs such as Eclipse and Visual Studio. However, applying the same techniques to dynamically typed languages is much less common. Tool support is less mature and the amount of published research is relatively small. For this project, we design and build a static analyis tool for JavaScript code. We start by giving background information on relevant parts of the JavaScript language, followed by a survey of existing tools and research. In the design of our analysis tool, we achieved a clear separation of responsibilities between the different modules for parsing, analysis, rule definition and reporting. The level of detail in the default reporter makes our tool an ideal candidate for integration in a JavaScript IDE. On the other hand, our tool is also suited for batch analysis of large code collections.
    [Show full text]