DOCSLIB.ORG

Closure: the Definitive Guide

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Closure: the Definitive Guide Closure: The Definitive Guide Michael Bolin Beijing • Cambridge • Farnham • Köln • Sebastopol • Tokyo Closure: The Definitive Guide by Michael Bolin Copyright © 2010 Michael Bolin. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://my.safaribooksonline.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 or [email protected]. Editors: Simon St.Laurent and Julie Steele Indexer: Ellen Troutman Zaig Production Editor: Kristen Borg Cover Designer: Karen Montgomery Copyeditor: Nancy Kotary Interior Designer: David Futato Proofreader: Kristen Borg Illustrator: Robert Romano Printing History: September 2010: First Edition. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. Closure: The Definitive Guide, the image of a golden plover, and related trade dress are trademarks of O’Reilly Media, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc., was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions, or for damages resulting from the use of the information con- tained herein. ISBN: 978-1-449-38187-5 [M] 1283888246 Table of Contents Foreword . ................................................................. xiii Preface .................................................................... xvii My Experiences with Closure xviii Audience xx ECMAScript Versus JavaScript xx Using This Book xxi Acknowledgments xxiv 1. Introduction to Closure . ................................................ 1 Tools Overview 2 Closure Library 2 Closure Templates 3 Closure Compiler 3 Closure Testing Framework 4 Closure Inspector 4 Closure Design Goals and Principles 5 Reducing Compiled Code Size Is Paramount 5 All Source Code Is Compiled Together 6 Managing Memory Matters 6 Make It Possible to Catch Errors at Compile Time 7 Code Must Work Without Compilation 7 Code Must Be Browser-Agnostic 7 Built-in Types Should Not Be Modified 8 Code Must Work Across Frames 8 Tools Should Be Independent 8 Downloading and Installing the Tools 9 Closure Library and Closure Testing Framework 10 Closure Templates 11 Closure Compiler 12 Closure Inspector 12 iii Example: Hello World 12 Closure Library 13 Closure Templates 14 Closure Compiler 17 Closure Testing Framework 19 Closure Inspector 21 2. Annotations for Closure JavaScript . ...................................... 25 JSDoc Tags 25 Type Expressions 29 Simple Types and Union Types 29 Function Types 31 Record Types 32 Special @param Types 33 Subtypes and Type Conversion 38 The ALL Type 41 JSDoc Tags That Do Not Deal with Types 41 Constants 42 Deprecated Members 43 License and Copyright Information 43 Is All of This Really Necessary? 43 3. Closure Library Primitives . ............................................. 45 Dependency Management 45 calcdeps.py 45 goog.global 47 COMPILED 48 goog.provide(namespace) 48 goog.require(namespace) 50 goog.addDependency(relativePath, provides, requires) 51 Function Currying 54 goog.partial(functionToCall, ...) 54 goog.bind(functionToCall, selfObject, ...) 57 Exports 58 goog.getObjectByName(name, opt_object) 58 goog.exportProperty(object, propertyName, value) 58 goog.exportSymbol(publicPath, object, opt_objectToExportTo) 60 Type Assertions 61 goog.typeOf(value) 62 goog.isDef(value) 62 goog.isNull(value) 63 goog.isDefAndNotNull(value) 63 goog.isArray(obj) 63 iv | Table of Contents goog.isArrayLike(obj) 64 goog.isDateLike(obj) 64 goog.isString(obj), goog.isBoolean(obj), goog.isNumber(obj) 64 goog.isFunction(obj) 65 goog.isObject(obj) 65 Unique Identifiers 65 goog.getUid(obj) 65 goog.removeUid(obj) 66 Internationalization (i18n) 67 goog.LOCALE 67 goog.getMsg(str, opt_values) 68 Object Orientation 68 goog.inherits(childConstructorFunction, parentConstructorFunction) 68 goog.base(self, opt_methodName, var_args) 69 goog.nullFunction 69 goog.abstractMethod 70 goog.addSingletonGetter(constructorFunction) 70 Additional Utilities 70 goog.DEBUG 70 goog.now() 71 goog.globalEval(script) 71 goog.getCssName(className, opt_modifier), goog.setCssNameMapping(mapping) 71 4. Common Utilities . .................................................... 73 goog.string 75 goog.string.htmlEscape(str, opt_isLikelyToContainHtmlChars) 75 goog.string.regExpEscape(str) 77 goog.string.whitespaceEscape(str, opt_xml) 78 goog.string.compareVersions(version1, version2) 78 goog.string.hashCode(str) 79 goog.array 79 goog.array.forEach(arr, func, opt_obj) 80 Using Iterative goog.array Functions in a Method 81 goog.object 82 goog.object.get(obj, key, opt_value) 82 goog.setIfUndefined(obj, key, value) 83 goog.object.transpose(obj) 83 goog.json 84 goog.json.parse(str) 85 goog.json.unsafeParse(str) 85 goog.json.serialize(obj) 86 goog.dom 86 Table of Contents | v goog.dom.getElement(idOrElement) 86 goog.dom.getElementsByTagNameAndClass(nodeName, className, elementToLookIn) 87 goog.dom.getAncestorByTagNameAndClass(element, tag, className) 89 goog.dom.createDom(nodeName, attributes, var_args) 91 goog.dom.htmlToDocumentFragment(htmlString) 92 goog.dom.ASSUME_QUIRKS_MODE and goog.dom.ASSUME_STANDARDS_MODE 93 goog.dom.classes 95 goog.dom.classes.get(element) 95 goog.dom.classes.has(element, className) 95 goog.dom.classes.add(element, var_args) and goog.dom.classes.remove(element, var_args) 96 goog.dom.classes.toggle(element, className) 96 goog.dom.classes.swap(element, fromClass, toClass) 97 goog.dom.classes.enable(element, className, enabled) 98 goog.userAgent 98 Rendering Engine Constants 99 Platform Constants 101 goog.userAgent.isVersion(version) 102 goog.userAgent.product 102 goog.net.cookies 104 goog.net.cookies.isEnabled() 104 goog.net.cookies.set(name, value, opt_maxAge, opt_path, opt_domain) 104 goog.net.cookies.get(name, opt_default) 105 goog.net.cookies.remove(name, opt_path, opt_domain) 105 goog.style 105 goog.style.getPageOffset(element) 105 goog.style.getSize(element) 106 goog.style.getBounds(element) 106 goog.style.setOpacity(element, opacity) 106 goog.style.setPreWrap(element) 106 goog.style.setInlineBlock(element) 106 goog.style.setUnselectable(element, unselectable, opt_noRecurse) 107 goog.style.installStyles(stylesString, opt_node) 107 goog.style.scrollIntoContainerView(element, container, opt_center) 108 goog.functions 108 goog.functions.TRUE 108 goog.functions.constant(value) 108 goog.functions.error(message) 109 vi | Table of Contents 5. Classes and Inheritance . .............................................. 111 Example of a Class in Closure 112 Closure JavaScript Example 112 Equivalent Example in Java 115 Static Members 116 Singleton Pattern 118 Example of a Subclass in Closure 119 Closure JavaScript Example 119 Equivalent Example in Java 123 Declaring Fields in Subclasses 124 @override and @inheritDoc 125 Using goog.base() to Simplify Calls to the Superclass 126 Abstract Methods 127 Example of an Interface in Closure 128 Multiple Inheritance 130 Enums 132 goog.Disposable 132 Overriding disposeInternal() 133 6. Event Management . ................................................. 137 A Brief History of Browser Event Models 137 Closure Provides a Consistent DOM Level 2 Events API Across Browsers 138 goog.events.listen() 138 goog.events.EventTarget 141 goog.events.Event 146 goog.events.EventHandler 148 Handling Keyboard Events 152 7. Client-Server Communication . ......................................... 155 Server Requests 155 goog.net.XmlHttp 155 goog.net.XhrIo 156 goog.net.XhrManager 161 goog.Uri and goog.uri.utils 163 Resource Loading and Monitoring 165 goog.net.BulkLoader 165 goog.net.ImageLoader 167 goog.net.IframeLoadMonitor 168 goog.net.MultiIframeLoadMonitor 169 goog.net.NetworkTester 169 Cross-Domain Communication 170 goog.net.jsonp 171 goog.net.xpc 173 Table of Contents | vii Uploading Files 176 Comet 178 8. User Interface Components . ........................................... 181 Design Behind the goog.ui Package 182 goog.ui.Component 184 Basic Life Cycle 184 Components with Children 190 Events 194 States 195 Errors 196 goog.ui.Control 197 Handling User Input 198 Managing State 199 Delegating to the Renderer 201 Example: Responding to a Mouseover Event 206 goog.ui.Container 206 Using Common Components 210 Pulling in CSS 212 goog-inline-block 215 Example of Rendering a Component: goog.ui.ComboBox 218 Example of Decorating a Control: goog.ui.Button and goog.ui.CustomButton 220 Creating Custom Components 227 example.Checklist and example.ChecklistItem 228 example.ui.ChecklistItem and example.ui.ChecklistItemRenderer 229 example.ui.Label 232 example.ui.Checklist and example.ui.ChecklistRenderer 233 Rendering Example 236 Decorating Example 237 Conclusions 239 9. Rich Text Editor . ..................................................... 241 Design Behind the goog.editor Package 241 Trade-offs: Control, Code Size, and Performance 242 goog.editor.BrowserFeature 243 Creating an Editable Region 243 goog.editor.Field 244 goog.editor.SeamlessField 251 Extending the Editor: The Plugin System 253 Registering Plugins 253 Interacting with Plugins 254 goog.editor.Plugin
Load more

Recommended publications
  • Stable/Build) • --Port PORT - Set the PORT Number (Default: 8000)
    Pyodide Release 0.18.1 unknown Sep 16, 2021 CONTENTS 1 Using Pyodide 3 1.1 Getting started..............................................3 1.2 Downloading and deploying Pyodide..................................6 1.3 Using Pyodide..............................................7 1.4 Loading packages............................................ 12 1.5 Type translations............................................. 14 1.6 Pyodide Python compatibility...................................... 25 1.7 API Reference.............................................. 26 1.8 Frequently Asked Questions....................................... 50 2 Development 55 2.1 Building from sources.......................................... 55 2.2 Creating a Pyodide package....................................... 57 2.3 How to Contribute............................................ 64 2.4 Testing and benchmarking........................................ 74 2.5 Interactive Debugging.......................................... 76 3 Project 79 3.1 About Pyodide.............................................. 79 3.2 Roadmap................................................. 80 3.3 Code of Conduct............................................. 82 3.4 Governance and Decision-making.................................... 83 3.5 Change Log............................................... 85 3.6 Related Projects............................................. 95 4 Indices and tables 97 Python Module Index 99 Index 101 i ii Pyodide, Release 0.18.1 Python with the scientific stack, compiled to WebAssembly.
    [Show full text]
  • Machine Learning in the Browser
    Machine Learning in the Browser The Harvard community has made this article openly available. Please share how this access benefits you. Your story matters Citable link http://nrs.harvard.edu/urn-3:HUL.InstRepos:38811507 Terms of Use This article was downloaded from Harvard University’s DASH repository, and is made available under the terms and conditions applicable to Other Posted Material, as set forth at http:// nrs.harvard.edu/urn-3:HUL.InstRepos:dash.current.terms-of- use#LAA Machine Learning in the Browser a thesis presented by Tomas Reimers to The Department of Computer Science in partial fulfillment of the requirements for the degree of Bachelor of Arts in the subject of Computer Science Harvard University Cambridge, Massachusetts March 2017 Contents 1 Introduction 3 1.1 Background . .3 1.2 Motivation . .4 1.2.1 Privacy . .4 1.2.2 Unavailable Server . .4 1.2.3 Simple, Self-Contained Demos . .5 1.3 Challenges . .5 1.3.1 Performance . .5 1.3.2 Poor Generality . .7 1.3.3 Manual Implementation in JavaScript . .7 2 The TensorFlow Architecture 7 2.1 TensorFlow's API . .7 2.2 TensorFlow's Implementation . .9 2.3 Portability . .9 3 Compiling TensorFlow into JavaScript 10 3.1 Motivation to Compile . 10 3.2 Background on Emscripten . 10 3.2.1 Build Process . 12 3.2.2 Dependencies . 12 3.2.3 Bitness Assumptions . 13 3.2.4 Concurrency Model . 13 3.3 Experiences . 14 4 Results 15 4.1 Benchmarks . 15 4.2 Library Size . 16 4.3 WebAssembly . 17 5 Developer Experience 17 5.1 Universal Graph Runner .
    [Show full text]
  • Javascript API Deprecation in the Wild: a First Assessment
    JavaScript API Deprecation in the Wild: A First Assessment Romulo Nascimento, Aline Brito, Andre Hora, Eduardo Figueiredo Department of Computer Science Federal University of Minas Gerais, Brazil romulonascimento, alinebrito, andrehora,figueiredo @dcc.ufmg.br { } Abstract—Building an application using third-party libraries of our knowledge, there are no detailed studies regarding API is a common practice in software development. As any other deprecation in the JavaScript ecosystem. software system, code libraries and their APIs evolve over JavaScript has become extremely popular over the last years. time. In order to help version migration and ensure backward According to the Stack Overflow 2019 Developer Survey1, compatibility, a recommended practice during development is to deprecate API. Although studies have been conducted to JavaScript is the most popular programming language in this investigate deprecation in some programming languages, such as platform for the seventh consecutive year. GitHub also reports Java and C#, there are no detailed studies on API deprecation that JavaScript is the most popular language in terms of unique in the JavaScript ecosystem. This paper provides an initial contributors to both public and private repositories2. The npm assessment of API deprecation in JavaScript by analyzing 50 platform, the largest JavaScript package manager, states on popular software projects. Initial results suggest that the use of 3 deprecation mechanisms in JavaScript packages is low. However, their latest survey that 99% of JavaScript developers rely on wefindfive different ways that developers use to deprecate API npm to ease the management of their project dependencies. in the studied projects. Among these solutions, deprecation utility This survey also points out the massive growth in npm usage (i.e., any sort of function specially written to aid deprecation) and that started about 5 years ago.
    [Show full text]
  • Create Mobile Apps with HTML5, Javascript and Visual Studio
    Create mobile apps with HTML5, JavaScript and Visual Studio DevExtreme Mobile is a single page application (SPA) framework for your next Windows Phone, iOS and Android application, ready for online publication or packaged as a store-ready native app using Apache Cordova (PhoneGap). With DevExtreme, you can target today’s most popular mobile devices with a single codebase and create interactive solutions that will amaze. Get started today… ・ Leverage your existing Visual Studio expertise. ・ Build a real app, not just a web page. ・ Deliver a native UI and experience on all supported devices. ・ Use over 30 built-in touch optimized widgets. Learn more and download your free trial devexpress.com/mobile All trademarks or registered trademarks are property of their respective owners. Untitled-4 1 10/2/13 11:58 AM APPLICATIONS & DEVELOPMENT SPECIAL GOVERNMENT ISSUE INSIDE Choose a Cloud Network for Government-Compliant magazine Applications Geo-Visualization of SPECIAL GOVERNMENT ISSUE & DEVELOPMENT SPECIAL GOVERNMENT ISSUE APPLICATIONS Government Data Sources Harness Open Data with CKAN, OData and Windows Azure Engage Communities with Open311 THE DIGITAL GOVERNMENT ISSUE Inside the tools, technologies and APIs that are changing the way government interacts with citizens. PLUS SPECIAL GOVERNMENT ISSUE APPLICATIONS & DEVELOPMENT SPECIAL GOVERNMENT ISSUE & DEVELOPMENT SPECIAL GOVERNMENT ISSUE APPLICATIONS Enhance Services with Windows Phone 8 Wallet and NFC Leverage Web Assets as Data Sources for Apps APPLICATIONS & DEVELOPMENT SPECIAL GOVERNMENT ISSUE ISSUE GOVERNMENT SPECIAL DEVELOPMENT & APPLICATIONS Untitled-1 1 10/4/13 11:40 AM CONTENTS OCTOBER 2013/SPECIAL GOVERNMENT ISSUE OCTOBER 2013/SPECIAL GOVERNMENT ISSUE magazine FEATURES MOHAMMAD AL-SABT Editorial Director/[email protected] Geo-Visualization of Government KENT SHARKEY Site Manager Data Sources MICHAEL DESMOND Editor in Chief/[email protected] Malcolm Hyson ..........................................
    [Show full text]
  • Javascript Client Guide
    JavaScript Client Guide Target API: Lightstreamer JavaScript Client v. 6.1.4 Last updated: 15/07/2014 Table of contents 1 INTRODUCTION................................................................................................................3 2 JAVASCRIPT CLIENT DEVELOPMENT.........................................................................................4 2.1 Deployment Architecture..................................................................................4 2.1.1 Deployment and Browsers................................................................................4 2.2 Site/Application Architecture.............................................................................5 2.3 The LightstreamerClient...................................................................................6 2.3.1 Using an AMD loader........................................................................................7 2.3.2 Using Global Objects........................................................................................9 2.3.3 Name Clashes................................................................................................10 2.3.4 LightstreamerClient in a Web Worker...............................................................11 2.3.5 The Node.js case............................................................................................12 2.4 The Subscription Listeners..............................................................................13 2.4.1 StaticGrid.......................................................................................................13
    [Show full text]
  • Extracting Taint Specifications for Javascript Libraries
    Extracting Taint Specifications for JavaScript Libraries Cristian-Alexandru Staicu Martin Toldam Torp Max Schäfer TU Darmstadt Aarhus University GitHub [email protected] [email protected] [email protected] Anders Møller Michael Pradel Aarhus University University of Stuttgart [email protected] [email protected] ABSTRACT ACM Reference Format: Modern JavaScript applications extensively depend on third-party Cristian-Alexandru Staicu, Martin Toldam Torp, Max Schäfer, Anders Møller, and Michael Pradel. 2020. Extracting Taint Specifications for JavaScript libraries. Especially for the Node.js platform, vulnerabilities can Libraries. In 42nd International Conference on Software Engineering (ICSE have severe consequences to the security of applications, resulting ’20), May 23–29, 2020, Seoul, Republic of Korea. ACM, New York, NY, USA, in, e.g., cross-site scripting and command injection attacks. Existing 12 pages. https://doi.org/10.1145/3377811.3380390 static analysis tools that have been developed to automatically detect such issues are either too coarse-grained, looking only at 1 INTRODUCTION package dependency structure while ignoring dataflow, or rely on JavaScript is powering a wide variety of web applications, both manually written taint specifications for the most popular libraries client-side and server-side. Many of these applications are security- to ensure analysis scalability. critical, such as PayPal, Netflix, or Uber, which handle massive In this work, we propose a technique for automatically extract- amounts of privacy-sensitive user data and other assets. An impor- ing taint specifications for JavaScript libraries, based on a dynamic tant characteristic of modern JavaScript-based applications is the analysis that leverages the existing test suites of the libraries and extensive use of third-party libraries.
    [Show full text]
  • Microsoft AJAX Library Essentials Client-Side ASP.NET AJAX 1.0 Explained
    Microsoft AJAX Library Essentials Client-side ASP.NET AJAX 1.0 Explained A practical tutorial to using Microsoft AJAX Library to enhance the user experience of your ASP.NET Web Applications Bogdan Brinzarea Cristian Darie BIRMINGHAM - MUMBAI Microsoft AJAX Library Essentials Client-side ASP.NET AJAX 1.0 Explained Copyright © 2007 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, Packt Publishing, nor its dealers or distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: July 2007 Production Reference: 1230707 Published by Packt Publishing Ltd. 32 Lincoln Road Olton Birmingham, B27 6PA, UK. ISBN 978-1-847190-98-7 www.packtpub.com Cover Image by www.visionwt.com Table of Contents Preface 1 Chapter 1: AJAX and ASP.NET 7 The Big Picture 8 AJAX and Web 2.0 10 Building
    [Show full text]
  • Learning Javascript Design Patterns
    Learning JavaScript Design Patterns Addy Osmani Beijing • Cambridge • Farnham • Köln • Sebastopol • Tokyo Learning JavaScript Design Patterns by Addy Osmani Copyright © 2012 Addy Osmani. All rights reserved. Revision History for the : 2012-05-01 Early release revision 1 See http://oreilly.com/catalog/errata.csp?isbn=9781449331818 for release details. ISBN: 978-1-449-33181-8 1335906805 Table of Contents Preface ..................................................................... ix 1. Introduction ........................................................... 1 2. What is a Pattern? ...................................................... 3 We already use patterns everyday 4 3. 'Pattern'-ity Testing, Proto-Patterns & The Rule Of Three ...................... 7 4. The Structure Of A Design Pattern ......................................... 9 5. Writing Design Patterns ................................................. 11 6. Anti-Patterns ......................................................... 13 7. Categories Of Design Pattern ............................................ 15 Creational Design Patterns 15 Structural Design Patterns 16 Behavioral Design Patterns 16 8. Design Pattern Categorization ........................................... 17 A brief note on classes 17 9. JavaScript Design Patterns .............................................. 21 The Creational Pattern 22 The Constructor Pattern 23 Basic Constructors 23 Constructors With Prototypes 24 The Singleton Pattern 24 The Module Pattern 27 iii Modules 27 Object Literals 27 The Module Pattern
    [Show full text]
  • Creating a Portfolio Website with Google Pages Creator ( GPC )
    |How to create your portfolio using GPC Creating a portfolio website with Google Pages Creator ( GPC ) Google Page Creator is a free tool that lets you create web pages right in your browser and publish them to the web with one click. There's no software to download and no web designer to hire. The pages you create are hosted on Google servers and are available at http://yoursitename.googlepages.com for the world to see. To use Google Page Creator, just visit http://pages.google.com and sign in with your Gmail address and password. If you don't yet have a Gmail address, create a one by clicking No Gmail Account? Sign up. Once you've signed in, you'll be able to create, design, and publish pages to your heart's content. 1 | Page |How to create your portfolio using GPC Here are the steps to create your portfolio using GPC. When you sign in to Page Creator for the first time you will be asked to agree the terms of use. After you click on the checkbox next to agree terms of use as shown below click on “I’m ready to create my pages”. When you first sign in to Page Creator, you automatically get a home page. Your home page is seen in page manager in edit mode as shown below. You can change the layout and look of your page by clicking on “change layout” on the top right corner. Once you are in the chose layout page, simply click on your preferred layout and it will be applied to your page and you will be back on the home page.
    [Show full text]
  • Prevent Jsdoc from Writting to File
    Prevent Jsdoc From Writting To File Anatole await pallidly if assonant Jamie dwining or doublings. Napoleon bolts his depurators remilitarizing vainly, but condyloid Tabby never lament so slantwise. Baking-hot and uliginous Torry unitings her propulsion snog while Douglas buffetings some retirers Tuesdays. Jsdoc comment log message object from file will be ignored if true, the same port files to gpudb instances of a function? Redirect output parameters can prevent jsdoc from writting to file you want for messages from response to search. Official documentation for addition project. No nulls will be generated for nullable columns. The new functionality is it is when accessing properties at once all have not only in scope objects and then. If a chain of an uppercase character from. Suggests any typing for a loan eligibility when no longer would be from an object can prevent unauthorized access control characters and! An application message, please sign speak for my weekly Dev Mastery newsletter below. The box of degrees the pasture is rotated clockwise. Used within another number of systematically improving health related status. This page to read and fetch the file to. Many different from jsdoc file to prevent execution. You from that can be an exception of information icon when introducing visual studio code blocks is synchronous, but in more we prevent jsdoc from writting to file is there any! There by some special cases that appear flat the whole framework. Linting rules for Backbone. Form Objects and Functions pane. Nothing in a point me know it could restrict it can prevent jsdoc? Optional parameters for a given client.
    [Show full text]
  • Analysing the Use of Outdated Javascript Libraries on the Web
    Updated in September 2017: Require valid versions for library detection throughout the paper. The vulnerability analysis already did so and remains identical. Modifications in Tables I, III and IV; Figures 4 and 7; Sections III-B, IV-B, IV-C, IV-F and IV-H. Additionally, highlight Ember’s security practices in Section V. Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web Tobias Lauinger, Abdelberi Chaabane, Sajjad Arshad, William Robertson, Christo Wilson and Engin Kirda Northeastern University {toby, 3abdou, arshad, wkr, cbw, ek}@ccs.neu.edu Abstract—Web developers routinely rely on third-party Java- scripts or HTML into vulnerable websites via a crafted tag. As Script libraries such as jQuery to enhance the functionality of a result, it is of the utmost importance for websites to manage their sites. However, if not properly maintained, such dependen- library dependencies and, in particular, to update vulnerable cies can create attack vectors allowing a site to be compromised. libraries in a timely fashion. In this paper, we conduct the first comprehensive study of To date, security research has addressed a wide range of client-side JavaScript library usage and the resulting security client-side security issues in websites, including validation [30] implications across the Web. Using data from over 133 k websites, we show that 37 % of them include at least one library with a and XSS ([17], [36]), cross-site request forgery [4], and session known vulnerability; the time lag behind the newest release of fixation [34]. However, the use of vulnerable JavaScript libraries a library is measured in the order of years.
    [Show full text]
  • 6. Client-Side Processing
    6. Client-Side Processing 1. Client-side processing 2. JavaScript 3. Client-side scripting 4. Document Object Model (DOM) 5. Document methods and properties 6. Events 7. Calling a function 8. Table of squares function 9. Comments on previous script 10. Defining a function 11. Event handlers 12. Event handlers example 13. Event listeners 14. Functions and form fields 15. Defining the function myTranslate 16. Navigating the DOM tree 17. Finding elements by name 18. Finding elements by name (function body) 19. Using CSS selectors 20. Adding elements 21. Deleting elements 22. Using jQuery 23. Using jQuery to add elements 24. Finding elements by name (jQuery) 25. DOM and XML 26. jQuery method to load an XML file 27. Retrieving RSS item titles 28. Retrieving JSON data 29. JSON country data 30. Code for JSON retrieval (1) 31. Code for JSON retrieval (2) 32. Exercises 33. Links to more information 6.1. Client-side processing client program (e.g. web browser) can be used to customise interaction with the user validate user input (although HTML5 now provides this) generate (part of) document dynamically send requests to a server in the background make interaction with a web page similar to that of a desktop application this is typically done using JavaScript, since a Javascript interpreter is built into browsers 6.2. JavaScript interpreted, scripting language for the web loosely typed variables do not have to be declared the same variable can store values of different types at different times HTML <script> element specifies script to be executed type attribute has value text/javascript src attribute specifies URI of external script usually <script> appears in the <head> and just declares functions to be called later ECMAScript, 10th edition (June 2019) is the latest standard 6.3.
    [Show full text]