DOCSLIB.ORG

Build Windows 8 Apps with HTML5 and Javascript

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Build Windows 8 Apps with HTML5 and Javascript Build Windows 8 Apps with HTML5 and JavaScript Dino Esposito Francesco Esposito Copyright © 2013 by Dino Esposito All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher. ISBN: 978-0-7356-7594-0 1 2 3 4 5 6 7 8 9 LSI 8 7 6 5 4 3 Printed and bound in the United States of America. Microsoft Press books are available through booksellers and distributors worldwide. If you need support related to this book, email Microsoft Press Book Support at [email protected]. Please tell us what you think of this book at http://www.microsoft.com/learning/booksurvey. Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty/ Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other marks are property of their respective owners. The example companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred. This book expresses the author’s views and opinions. The information contained in this book is provided without any express, statutory, or implied warranties. Neither the authors, Microsoft Corporation, nor its resellers, or distributors will be held liable for any damages caused or alleged to be caused either directly or indirectly by this book. Acquisitions and Developmental Editor: Russell Jones Production Editor: Christopher Hearse Editorial Production: S4Carlisle Publishing Services Technical Reviewer: Russ Mullen Indexer: Angela Howard Cover Design: Jake Rae Cover Composition: Karen Montgomery Illustrator: S4Carlisle Publishing Services To Michela and Silvia, who are stronger and smarter than they think. —DINO To Grandma Concetta, for providing free calories through amazing quantities of unbeatable homemade prosciutto. —FRANCESCO Contents at a glance Introduction xiii CHAPTER 1 Using Visual Studio 2012 Express edition for Windows 8 1 CHAPTER 2 Making sense of HTML5 23 CHAPTER 3 Making sense of CSS 47 CHAPTER 4 Making sense of JavaScript 73 CHAPTER 5 First steps with Windows 8 development 97 CHAPTER 6 The user interface of Windows Store applications 121 CHAPTER 7 Navigating through multimedia content 147 CHAPTER 8 States of a Windows 8 application 177 CHAPTER 9 Integrating with the Windows 8 environment 201 CHAPTER 10 Adding persistent data to applications 235 CHAPTER 11 Working with remote data 265 CHAPTER 12 Accessing devices and sensors 291 CHAPTER 13 Adding Live tiles 319 CHAPTER 14 Publishing an application 335 Index 351 Contents Introduction ....................................................xiii Chapter 1 Using Visual Studio 2012 Express edition for Windows 8 1 Getting ready for development .....................................2 The software you need. 2 Configuring Visual Studio 2012 ................................5 Start playing with Windows 8 apps ............................9 The “Hello Windows 8” application . 10 Adding a bit more action ....................................16 Summary. .21 Chapter 2 Making sense of HTML5 23 Elements of a webpage . 24 Building the page layout with HTML5 .........................24 Miscellany of other new elements. .32 Collecting data ..................................................34 Adjusting input fields .......................................35 Form submission ...........................................38 Multimedia elements .............................................41 The audio element. .41 The video element ..........................................42 Summary. .45 What do you think of this book? We want to hear from you! Microsoft is interested in hearing your feedback so we can continually improve our books and learning resources for you. To participate in a brief online survey, please visit: microsoft.com/learning/booksurvey vii Chapter 3 Making sense of CSS 47 Styling a webpage ...............................................47 Adding CSS information to pages .............................48 Selecting elements to style ..................................51 Basic style commands ............................................55 Setting colors ..............................................55 Controlling text. .58 HTML display modes ........................................60 Spacing and the boxing model ...............................63 Advanced CSS scenarios ..........................................66 CSS pseudo-classes .........................................66 Media Queries .............................................70 Summary. .71 Chapter 4 Making sense of JavaScript 73 Language basics .................................................74 The JavaScript type system. 74 Dealing with variables .......................................77 Dealing with objects ........................................79 Dealing with functions ......................................81 Organizing your own JavaScript code ...............................89 Linking JavaScript code to pages .............................89 Practices and habits .........................................92 Summary. .94 Chapter 5 First steps with Windows 8 development 97 The Windows 8 Runtime (WinRT) ..................................98 Windows Store apps and other apps ..........................98 An overview of the WinRT API ...............................100 The Windows Store app user interface ............................102 Aspects of the Windows 8 UI ................................102 Inspiring principles of the Windows 8 UI ......................104 viii Contents Components for the presentation layer. 107 Data binding ..............................................112 Understanding the application’s lifecycle ..........................116 States of a Windows Store application .......................116 Background tasks ..........................................119 Summary. .120 Chapter 6 The user interface of Windows Store applications 121 Foundation of Windows Store applications .........................121 Defining the layout of the application .......................122 Application attributes ......................................129 Getting serious with the TodoList application .......................132 Building an interactive form .................................133 Putting data into the form ..................................138 Summary. .146 Chapter 7 Navigating through multimedia content 147 Foundation of page navigation ...................................147 The navigation model of Windows Store applications ..........147 Inside the Navigation App template ..........................149 Building a gallery of pictures .....................................152 Introducing the FlipView component .........................152 Navigating to a detail page .................................156 Zooming the image in and out ..............................161 Building a video clip gallery ......................................165 Introducing the SemanticZoom component ...................165 Dealing with video. 172 Summary. .174 Chapter 8 States of a Windows 8 application 177 States of a Windows Store application .............................177 Full-screen view states. .178 Contents ix Snapping applications ......................................179 Making the application reactive .............................182 Towards an adaptive layout ......................................188 General principles of snapped and filled views ................188 Fluid layouts ..............................................189 Summary. .200 Chapter 9 Integrating with the Windows 8 environment 201 Contracts and common tasks .....................................202 Aspects of Windows 8 contracts .............................202 Contracts and extensions ...................................204 Consuming the File picker contract ................................206 Choosing a file to save data. 207 Choosing a file to load data .................................214 The Share contract ..............................................216 Publishing an application’s data .............................216 Adding share source capabilities to TodoList ..................217 Providing a Settings page ........................................224 Populating the Settings charm ..............................224 Creating a functional Settings page ..........................227 Summary. .233 Chapter 10 Adding persistent data to applications 235 Persisting application objects .....................................235 Making Task objects persistent ..............................236 Choosing a serialization format ..............................240 Creating Task objects from files .............................243 Using the application’s private storage. 247 Storage options in Windows 8 ..............................248 Creating tasks in the isolated storage ........................251 Summary. .264 x Contents Chapter 11 Working with remote data 265 Working with RSS data ...........................................265 Getting remote data .......................................266 Parsing and displaying downloaded data .....................272 Drilling down into data. 276 Working with JSON data .........................................278 Laying out a Flickr viewer ...................................279 Enhancing the application ..................................285 Summary. .290 Chapter
Load more

Recommended publications
  • Machine Learning in the Browser
    Machine Learning in the Browser The Harvard community has made this article openly available. Please share how this access benefits you. Your story matters Citable link http://nrs.harvard.edu/urn-3:HUL.InstRepos:38811507 Terms of Use This article was downloaded from Harvard University’s DASH repository, and is made available under the terms and conditions applicable to Other Posted Material, as set forth at http:// nrs.harvard.edu/urn-3:HUL.InstRepos:dash.current.terms-of- use#LAA Machine Learning in the Browser a thesis presented by Tomas Reimers to The Department of Computer Science in partial fulfillment of the requirements for the degree of Bachelor of Arts in the subject of Computer Science Harvard University Cambridge, Massachusetts March 2017 Contents 1 Introduction 3 1.1 Background . .3 1.2 Motivation . .4 1.2.1 Privacy . .4 1.2.2 Unavailable Server . .4 1.2.3 Simple, Self-Contained Demos . .5 1.3 Challenges . .5 1.3.1 Performance . .5 1.3.2 Poor Generality . .7 1.3.3 Manual Implementation in JavaScript . .7 2 The TensorFlow Architecture 7 2.1 TensorFlow's API . .7 2.2 TensorFlow's Implementation . .9 2.3 Portability . .9 3 Compiling TensorFlow into JavaScript 10 3.1 Motivation to Compile . 10 3.2 Background on Emscripten . 10 3.2.1 Build Process . 12 3.2.2 Dependencies . 12 3.2.3 Bitness Assumptions . 13 3.2.4 Concurrency Model . 13 3.3 Experiences . 14 4 Results 15 4.1 Benchmarks . 15 4.2 Library Size . 16 4.3 WebAssembly . 17 5 Developer Experience 17 5.1 Universal Graph Runner .
    [Show full text]
  • Learning React Functional Web Development with React and Redux
    Learning React Functional Web Development with React and Redux Alex Banks and Eve Porcello Beijing Boston Farnham Sebastopol Tokyo Learning React by Alex Banks and Eve Porcello Copyright © 2017 Alex Banks and Eve Porcello. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://oreilly.com/safari). For more information, contact our corporate/insti‐ tutional sales department: 800-998-9938 or [email protected]. Editor: Allyson MacDonald Indexer: WordCo Indexing Services Production Editor: Melanie Yarbrough Interior Designer: David Futato Copyeditor: Colleen Toporek Cover Designer: Karen Montgomery Proofreader: Rachel Head Illustrator: Rebecca Demarest May 2017: First Edition Revision History for the First Edition 2017-04-26: First Release See http://oreilly.com/catalog/errata.csp?isbn=9781491954621 for release details. The O’Reilly logo is a registered trademark of O’Reilly Media, Inc. Learning React, the cover image, and related trade dress are trademarks of O’Reilly Media, Inc. While the publisher and the authors have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the authors disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights.
    [Show full text]
  • Introducing 2D Game Engine Development with Javascript
    CHAPTER 1 Introducing 2D Game Engine Development with JavaScript Video games are complex, interactive, multimedia software systems. These systems must, in real time, process player input, simulate the interactions of semi-autonomous objects, and generate high-fidelity graphics and audio outputs, all while trying to engage the players. Attempts at building video games can quickly be overwhelmed by the need to be well versed in software development as well as in how to create appealing player experiences. The first challenge can be alleviated with a software library, or game engine, that contains a coherent collection of utilities and objects designed specifically for developing video games. The player engagement goal is typically achieved through careful gameplay design and fine-tuning throughout the video game development process. This book is about the design and development of a game engine; it will focus on implementing and hiding the mundane operations and supporting complex simulations. Through the projects in this book, you will build a practical game engine for developing video games that are accessible across the Internet. A game engine relieves the game developers from simple routine tasks such as decoding specific key presses on the keyboard, designing complex algorithms for common operations such as mimicking shadows in a 2D world, and understanding nuances in implementations such as enforcing accuracy tolerance of a physics simulation. Commercial and well-established game engines such as Unity, Unreal Engine, and Panda3D present their systems through a graphical user interface (GUI). Not only does the friendly GUI simplify some of the tedious processes of game design such as creating and placing objects in a level, but more importantly, it ensures that these game engines are accessible to creative designers with diverse backgrounds who may find software development specifics distracting.
    [Show full text]
  • Teaching Introductory Programming with Javascript in Higher Education
    Proceedings of the 9th International Conference on Applied Informatics Eger, Hungary, January 29–February 1, 2014. Vol. 1. pp. 339–350 doi: 10.14794/ICAI.9.2014.1.339 Teaching introductory programming with JavaScript in higher education Győző Horváth, László Menyhárt Department of Media & Educational Informatics, Eötvös Loránd University, Budapest, Hungary [email protected] [email protected] Abstract As the Internet penetration rate continuously increases and web browsers show a substantial development, the web becomes a more general and ubiq- uitous application runtime platform, where the programming language on the client side exclusively is JavaScript. This is the reason why recently JavaScript is more often considered as the lingua franca of the web, or, from a different point of view, the universal virtual machine of the web. In ad- dition, the JavaScript programming language appears in many other areas of informatics due to the wider usage of the HTML-based technology, and the embedded nature of the language. Consequently, in these days it is quite difficult to program without getting in touch with JavaScript in some way. In this article we are looking for answers to how the JavaScript language is suitable for being an introductory language in the programming related subjects of the higher education. First we revisit the different technologies that lead to and ensure the popularity of JavaScript. Following, current approaches using JavaScript as an introductory language are overviewed and analyzed. Next, a curriculum of an introductory programming course at the Eötvös Loránd University is presented, and a detailed investigation is given about how the JavaScript language would fit in the expectations and requirements of this programming course.
    [Show full text]
  • Create Mobile Apps with HTML5, Javascript and Visual Studio
    Create mobile apps with HTML5, JavaScript and Visual Studio DevExtreme Mobile is a single page application (SPA) framework for your next Windows Phone, iOS and Android application, ready for online publication or packaged as a store-ready native app using Apache Cordova (PhoneGap). With DevExtreme, you can target today’s most popular mobile devices with a single codebase and create interactive solutions that will amaze. Get started today… ・ Leverage your existing Visual Studio expertise. ・ Build a real app, not just a web page. ・ Deliver a native UI and experience on all supported devices. ・ Use over 30 built-in touch optimized widgets. Learn more and download your free trial devexpress.com/mobile All trademarks or registered trademarks are property of their respective owners. Untitled-4 1 10/2/13 11:58 AM APPLICATIONS & DEVELOPMENT SPECIAL GOVERNMENT ISSUE INSIDE Choose a Cloud Network for Government-Compliant magazine Applications Geo-Visualization of SPECIAL GOVERNMENT ISSUE & DEVELOPMENT SPECIAL GOVERNMENT ISSUE APPLICATIONS Government Data Sources Harness Open Data with CKAN, OData and Windows Azure Engage Communities with Open311 THE DIGITAL GOVERNMENT ISSUE Inside the tools, technologies and APIs that are changing the way government interacts with citizens. PLUS SPECIAL GOVERNMENT ISSUE APPLICATIONS & DEVELOPMENT SPECIAL GOVERNMENT ISSUE & DEVELOPMENT SPECIAL GOVERNMENT ISSUE APPLICATIONS Enhance Services with Windows Phone 8 Wallet and NFC Leverage Web Assets as Data Sources for Apps APPLICATIONS & DEVELOPMENT SPECIAL GOVERNMENT ISSUE ISSUE GOVERNMENT SPECIAL DEVELOPMENT & APPLICATIONS Untitled-1 1 10/4/13 11:40 AM CONTENTS OCTOBER 2013/SPECIAL GOVERNMENT ISSUE OCTOBER 2013/SPECIAL GOVERNMENT ISSUE magazine FEATURES MOHAMMAD AL-SABT Editorial Director/[email protected] Geo-Visualization of Government KENT SHARKEY Site Manager Data Sources MICHAEL DESMOND Editor in Chief/[email protected] Malcolm Hyson ..........................................
    [Show full text]
  • Extracting Taint Specifications for Javascript Libraries
    Extracting Taint Specifications for JavaScript Libraries Cristian-Alexandru Staicu Martin Toldam Torp Max Schäfer TU Darmstadt Aarhus University GitHub [email protected] [email protected] [email protected] Anders Møller Michael Pradel Aarhus University University of Stuttgart [email protected] [email protected] ABSTRACT ACM Reference Format: Modern JavaScript applications extensively depend on third-party Cristian-Alexandru Staicu, Martin Toldam Torp, Max Schäfer, Anders Møller, and Michael Pradel. 2020. Extracting Taint Specifications for JavaScript libraries. Especially for the Node.js platform, vulnerabilities can Libraries. In 42nd International Conference on Software Engineering (ICSE have severe consequences to the security of applications, resulting ’20), May 23–29, 2020, Seoul, Republic of Korea. ACM, New York, NY, USA, in, e.g., cross-site scripting and command injection attacks. Existing 12 pages. https://doi.org/10.1145/3377811.3380390 static analysis tools that have been developed to automatically detect such issues are either too coarse-grained, looking only at 1 INTRODUCTION package dependency structure while ignoring dataflow, or rely on JavaScript is powering a wide variety of web applications, both manually written taint specifications for the most popular libraries client-side and server-side. Many of these applications are security- to ensure analysis scalability. critical, such as PayPal, Netflix, or Uber, which handle massive In this work, we propose a technique for automatically extract- amounts of privacy-sensitive user data and other assets. An impor- ing taint specifications for JavaScript libraries, based on a dynamic tant characteristic of modern JavaScript-based applications is the analysis that leverages the existing test suites of the libraries and extensive use of third-party libraries.
    [Show full text]
  • Microsoft Patches Were Evaluated up to and Including CVE-2020-1587
    Honeywell Commercial Security 2700 Blankenbaker Pkwy, Suite 150 Louisville, KY 40299 Phone: 1-502-297-5700 Phone: 1-800-323-4576 Fax: 1-502-666-7021 https://www.security.honeywell.com The purpose of this document is to identify the patches that have been delivered by Microsoft® which have been tested against Pro-Watch. All the below listed patches have been tested against the current shipping version of Pro-Watch with no adverse effects being observed. Microsoft Patches were evaluated up to and including CVE-2020-1587. Patches not listed below are not applicable to a Pro-Watch system. 2020 – Microsoft® Patches Tested with Pro-Watch CVE-2020-1587 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2020-1584 Windows dnsrslvr.dll Elevation of Privilege Vulnerability CVE-2020-1579 Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability CVE-2020-1578 Windows Kernel Information Disclosure Vulnerability CVE-2020-1577 DirectWrite Information Disclosure Vulnerability CVE-2020-1570 Scripting Engine Memory Corruption Vulnerability CVE-2020-1569 Microsoft Edge Memory Corruption Vulnerability CVE-2020-1568 Microsoft Edge PDF Remote Code Execution Vulnerability CVE-2020-1567 MSHTML Engine Remote Code Execution Vulnerability CVE-2020-1566 Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1565 Windows Elevation of Privilege Vulnerability CVE-2020-1564 Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1562 Microsoft Graphics Components Remote Code Execution Vulnerability
    [Show full text]
  • Focus Type Applies To
    Focus Type Applies To All Power Tools All All Power Tools Team Foundation Server All Templates Team Foundation Server All Integration Provider Team Foundation Server All Power Tools Team Foundation Server All Power Tools Team Foundation Server All Integration Provider Team Foundation Server Architecture Power Tools Visual Studio Architecture Power Tools Visual Studio Architecture Templates Visual Studio Architecture Integration Provider Oracle Architecture Templates Expression Builds Power Tools Team Foundation Server Builds Integration Provider Visual Studio Builds Power Tools Team Foundation Server Builds Templates Team Foundation Server Builds Power Tools Team Foundation Server Builds Power Tools Team Foundation Server Builds Power Tools Team Foundation Server Coding Power Tools Visual Studio Coding Integration Provider Visual Studio Coding Azure Integration Visual Studio Coding Integration Provider Dynamics CRM Coding Documentation Visual Studio Coding Integration Provider Visual Studio Coding Templates Visual Studio Coding Documentation Visual Studio Coding Templates SharePoint Coding Templates SharePoint Coding Integration Provider Visual Studio Coding Integration Provider Visual Studio Coding Templates SharePoint Coding Power Tools Visual Studio Coding Power Tools Visual Studio Coding Templates SharePoint Coding Templates Visual Studio Coding Templates Visual Studio Coding Templates Visual Studio Coding Power Tools Visual Studio Coding Integration Provider SharePoint Coding Templates Visual Studio Coding Templates SharePoint Coding
    [Show full text]
  • Microsoft AJAX Library Essentials Client-Side ASP.NET AJAX 1.0 Explained
    Microsoft AJAX Library Essentials Client-side ASP.NET AJAX 1.0 Explained A practical tutorial to using Microsoft AJAX Library to enhance the user experience of your ASP.NET Web Applications Bogdan Brinzarea Cristian Darie BIRMINGHAM - MUMBAI Microsoft AJAX Library Essentials Client-side ASP.NET AJAX 1.0 Explained Copyright © 2007 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, Packt Publishing, nor its dealers or distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: July 2007 Production Reference: 1230707 Published by Packt Publishing Ltd. 32 Lincoln Road Olton Birmingham, B27 6PA, UK. ISBN 978-1-847190-98-7 www.packtpub.com Cover Image by www.visionwt.com Table of Contents Preface 1 Chapter 1: AJAX and ASP.NET 7 The Big Picture 8 AJAX and Web 2.0 10 Building
    [Show full text]
  • Learning Javascript Design Patterns
    Learning JavaScript Design Patterns Addy Osmani Beijing • Cambridge • Farnham • Köln • Sebastopol • Tokyo Learning JavaScript Design Patterns by Addy Osmani Copyright © 2012 Addy Osmani. All rights reserved. Revision History for the : 2012-05-01 Early release revision 1 See http://oreilly.com/catalog/errata.csp?isbn=9781449331818 for release details. ISBN: 978-1-449-33181-8 1335906805 Table of Contents Preface ..................................................................... ix 1. Introduction ........................................................... 1 2. What is a Pattern? ...................................................... 3 We already use patterns everyday 4 3. 'Pattern'-ity Testing, Proto-Patterns & The Rule Of Three ...................... 7 4. The Structure Of A Design Pattern ......................................... 9 5. Writing Design Patterns ................................................. 11 6. Anti-Patterns ......................................................... 13 7. Categories Of Design Pattern ............................................ 15 Creational Design Patterns 15 Structural Design Patterns 16 Behavioral Design Patterns 16 8. Design Pattern Categorization ........................................... 17 A brief note on classes 17 9. JavaScript Design Patterns .............................................. 21 The Creational Pattern 22 The Constructor Pattern 23 Basic Constructors 23 Constructors With Prototypes 24 The Singleton Pattern 24 The Module Pattern 27 iii Modules 27 Object Literals 27 The Module Pattern
    [Show full text]
  • Introduction to Windows Runtime (Winrt)
    Introduction to Windows Runtime (WinRT) Raffaele Rialdi @raffaeler [email protected] http://www.iamraf.net Tailored User Experience full screen different resolutions Immersive Multiple live tiles form factors Engaging secure, and Alive trustable Inspiring Confidence Metro Connected Multitasking use live data Touch-first fast and fluid small devices Current problems • No marketplace: how can you trust an application? • Admin privilege is required to install most Apps • Interoperability is difficult (PInvoke / COM) –Memory and Performance costs are high –Accessing OS API can be tough • Mixing native and managed language is hard • "C" APIs lifecycle is error-prone (CreateFile … CloseHandle) • I/Os are blocking (network, storage, …) • No standards for App to App communication • Search, Tweets, Facebook posts, … Windows Runtime Architecture Metro apps Desktop apps Win MFC XAML DirectX HTML WPF SL HTML form DX Language Projections .NET / Js / C++ .NET / Js / C++ Filtered access BCL / libraries to WinRT Windows Runtime APIs and Services UI Controls Storage Media Win32 Win32 Windows Metadata XAML Pickers Network … Runtime Broker Windows Runtime Core Windows Kernel Services What is the Windows Runtime? • It's the evolution of the Component Object Model (COM) • The infrastructure reuse old concepts like apartments, IUnknown and addref/release • IDispatch is gone, IInspectable is the new base interface • New support for Events (no connection points) and static types • Totally different Type System (no Variants, no BSTRs, …) • WinRT use ECMA-335
    [Show full text]
  • Analysing the Use of Outdated Javascript Libraries on the Web
    Updated in September 2017: Require valid versions for library detection throughout the paper. The vulnerability analysis already did so and remains identical. Modifications in Tables I, III and IV; Figures 4 and 7; Sections III-B, IV-B, IV-C, IV-F and IV-H. Additionally, highlight Ember’s security practices in Section V. Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web Tobias Lauinger, Abdelberi Chaabane, Sajjad Arshad, William Robertson, Christo Wilson and Engin Kirda Northeastern University {toby, 3abdou, arshad, wkr, cbw, ek}@ccs.neu.edu Abstract—Web developers routinely rely on third-party Java- scripts or HTML into vulnerable websites via a crafted tag. As Script libraries such as jQuery to enhance the functionality of a result, it is of the utmost importance for websites to manage their sites. However, if not properly maintained, such dependen- library dependencies and, in particular, to update vulnerable cies can create attack vectors allowing a site to be compromised. libraries in a timely fashion. In this paper, we conduct the first comprehensive study of To date, security research has addressed a wide range of client-side JavaScript library usage and the resulting security client-side security issues in websites, including validation [30] implications across the Web. Using data from over 133 k websites, we show that 37 % of them include at least one library with a and XSS ([17], [36]), cross-site request forgery [4], and session known vulnerability; the time lag behind the newest release of fixation [34]. However, the use of vulnerable JavaScript libraries a library is measured in the order of years.
    [Show full text]