Content deleted Content added
mNo edit summary |
Mindmatrix (talk | contribs) revert - this is unnecessary; formatting: heading-nesting, whitespace (using Advisor.js) |
||
Line 66:
JavaScript's use in [[Application software|applications]] outside Web pages — for example in [[Portable Document Format|PDF]] documents, [[site-specific browser]]s, and [[desktop widget]]s — is also significant. Newer and faster JavaScript [[Virtual machine|VMs]] and frameworks built upon them (notably [[Node.js]]) have also increased the popularity of JavaScript for server-side web applications.
JavaScript uses syntax influenced by that of [[C (programming language)|C]]. JavaScript copies many names and naming conventions from [[Java (programming language)|Java]], but the two languages are otherwise unrelated and have very different semantics. The key design principles within JavaScript are taken from the [[Self (programming language)|Self]] and [[Scheme (programming language)|Scheme]] programming languages.<ref>{{cite web|title=ECMAScript Language Overview|url=http://www.ecmascript.org/es4/spec/overview.pdf|format=PDF|pages=4|date=2007-10-23|accessdate=2009-05-03}}</ref
== History ==
Line 286:
<h1 id="header">This is JavaScript</h1>
<script type="text/javascript">
document.write('Hello World!');
var h1 = document.getElementById("header"); // holds a reference to the <h1> tag
h1 = document.getElementByTagName("h1")[0]; // accessing the same <h1> element
Line 328:
JavaScript and the DOM provide the potential for malicious authors to deliver scripts to run on a client computer via the web. Browser authors contain this risk using two restrictions. First, scripts run in a [[Sandbox (computer security)|sandbox]] in which they can only perform web-related actions, not general-purpose programming tasks like creating files. Second, scripts are constrained by the [[same origin policy]]: scripts from one web site do not have access to information such as usernames, passwords, or cookies sent to another site. Most JavaScript-related security bugs are breaches of either the same origin policy or the sandbox.
{{Main|Cross-site scripting|Cross-site request forgery}}
A common JavaScript-related security problem is [[cross-site scripting]], or XSS, a violation of the [[same origin policy|same-origin policy]]. XSS vulnerabilities occur when an attacker is able to cause a target web site, such as an online banking website, to include a malicious script in the webpage presented to a victim. The script in this example can then access the banking application with the privileges of the victim, potentially disclosing secret information or transferring money without the victim's authorization. A solution to XSS vulnerabilities is to use ''HTML escaping'' whenever displaying untrusted data.
| |||